Security & Data Protection Overview
For IT, security, and procurement teams reviewing CopyDock.app, this page explains how the extension handles data, storage, and permissions. It’s designed to help you quickly assess risk, understand what stays local on the device, and confirm whether CopyDock.app meets your security requirements.
How to explain CopyDock.app to security teams
If you need a short, simple description, you can say:
"CopyDock.app is a local-only browser extension for storing and pasting pre-approved text. It does not use any external servers, does not send customer data off the device, and relies on the browser's own encrypted storage and sandbox. It is signed and approved by the Chrome, Microsoft Edge, and Firefox extension stores."
When you review a new browser extension, you want clear answers about data flow, storage, and risk. This page summarizes how CopyDock.app works so you can evaluate it quickly and confidently.
High-level overview
CopyDock.app is a browser extension that lets agents paste pre-approved text with one click. All content is stored locally in the browser's encrypted extension storage. There are no external servers, no background APIs, and no hidden data flows.
Data flow summary
CopyDock.app follows a simple, local-only model:
- No data leaves the user's device during normal use.
- No cloud servers, no syncing, and no remote APIs.
- No analytics, no telemetry, and no tracking.
- All button content is stored inside the browser's extension storage.
- Export is manual only and fully user-initiated.
What CopyDock never does
This is often the fastest way to answer security questionnaires:
- Does not send snippets or customer data to third-party servers.
- Does not read CRM, ticket, or chat content unless the user chooses to copy or paste.
- Does not log keystrokes or monitor typing.
- Does not inject remote JavaScript or load external code at runtime.
- Does not use cookies or track browsing history.
- Does not modify network requests or proxy traffic.
- Does not run background network calls.
Encryption and storage
CopyDock.app relies on the browser's own secure keychain for storage encryption:
- Windows: DPAPI
- macOS: Keychain
- Linux: GNOME Keyring (where supported by the browser)
The extension never implements its own custom cryptography. Encryption is handled entirely by Chrome, Microsoft Edge, or Firefox according to their platform standards.
Extension sandbox architecture
CopyDock.app runs inside the standard browser extension sandbox:
- It cannot access local files or system resources.
- It cannot read other tabs beyond what the user is actively working with.
- It cannot escape the browser environment.
The extension focuses only on storing text and inserting it when the user clicks a button.
Permissions used and why
CopyDock.app is designed to request minimal permissions:
- storage — to save and load buttons inside the browser's encrypted extension storage.
- activeTab or similar limited access — to paste text into the page the agent is actively using when they click a button.
No broad host permissions, no full-domain wildcards, and no remote code execution permissions are required for normal use.
Verification and signing
CopyDock.app is cryptographically signed and approved by Chrome Web Store, Microsoft Edge Add-ons Store, and Firefox Add-ons — meaning your team installs a fully verified, trusted extension.
Each store performs its own automated checks, malware scanning, and policy review before approving the extension. Updates are also reviewed and must pass store checks before they are published.
Enterprise deployment options
Enterprises can deploy CopyDock.app in several ways:
- Install directly from Chrome Web Store, Microsoft Edge Add-ons Store, or Firefox Add-ons.
- Use enterprise policies to push-install the extension to managed browsers.
- Use locally packaged ZIP installation where allowed, for restricted or semi-offline environments.
- No external services or extra infrastructure are required.
