Privacy Policy for Yahoo OAuth Token Helper

Last Updated: January 21, 2026

Overview

Yahoo OAuth Token Helper is a Chrome extension designed to help developers obtain Yahoo OAuth tokens by intercepting authorization callbacks and exchanging codes for access and refresh tokens.

    Important: This extension does NOT collect, store, transmit, or share any personal 
    data or user information with any third parties.
  

Data Collection

We do not collect any data. The extension operates entirely within your browser and does not:

Collect personal information
Track your browsing activity
Send data to remote servers
Store credentials or tokens persistently
Share information with third parties

Data Usage and Storage

The extension temporarily uses the following data solely for OAuth flow functionality:

Authorization Codes: Temporarily stored in browser local storage during the OAuth flow, then cleared after token exchange
Cookies: Browser cookies from Yahoo.com domain are accessed only to authenticate token exchange requests directly to Yahoo's servers
OAuth Tokens: Displayed in the browser interface but NOT stored by the extension. You must manually copy and save them

Permissions Explained

This extension requires the following permissions:

cookies: Required to include Yahoo session cookies in token exchange requests sent directly to Yahoo's OAuth servers. No cookies are collected or transmitted elsewhere.
webRequest: Required to intercept OAuth callback URLs (com.yahoo.aerogram://) that cannot be handled by regular browsers. Only Yahoo OAuth callbacks are intercepted.
storage: Required to temporarily store authorization codes during the OAuth flow. Data is cleared after the flow completes.
host_permissions (api.login.yahoo.com, *.yahoo.com): Required to communicate with Yahoo's OAuth endpoints for token exchange. No other domains are accessed.

Third-Party Services

This extension only communicates with Yahoo's official OAuth endpoints:

api.login.yahoo.com: Yahoo's OAuth authorization and token endpoint

No other third-party services are contacted. All OAuth token exchanges happen directly between your browser and Yahoo's servers.

Data Security

All communications with Yahoo use HTTPS encryption
Authorization codes are stored temporarily only in browser local storage
No tokens or credentials are transmitted to any servers other than Yahoo's official endpoints
The extension does not have any backend servers or databases

Your Responsibilities

As a user of this extension, you are responsible for:

Securely storing any tokens you obtain using this extension
Not sharing your access tokens or refresh tokens with unauthorized parties
Following Yahoo's Terms of Service and API usage policies
Keeping your Yahoo account credentials secure

Children's Privacy

This extension is intended for developers and is not directed at children under 13. We do not knowingly collect any information from children.

Changes to This Policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated "Last Updated" date. Continued use of the extension after changes constitutes acceptance of the updated policy.

Open Source

This extension's code can be inspected in the Chrome Extensions directory on your computer. We encourage you to review the code to verify our privacy practices.

Contact Information

If you have any questions or concerns about this privacy policy or the extension's data practices, please contact the developer through the Chrome Web Store support page.

Consent

By using this extension, you consent to this privacy policy and agree to its terms.

Summary

In simple terms:

✅ We don't collect any of your data
✅ We don't track you
✅ We don't store your tokens
✅ We don't send data anywhere except Yahoo's OAuth servers
✅ Everything happens in your browser
✅ You control your tokens