Uboros Connector — Extension Privacy Policy
This policy describes exactly what the Uboros Connector browser extension ("the Extension") reads from your browser, what it stores, and what it transmits — and why. It is specific to the Extension. Data once it reaches the Uboros server is additionally governed by the main Uboros Privacy Policy and Data Processing Agreement.
The Extension is operated by the Uboros project and communicates with a single destination:
the Uboros server at greenlight.uboros.com (your operator's instance). It does not run
until you install it and authorize it against your own Uboros account.
1. What the Extension does
The Uboros Connector turns a Chrome (or Chromium) browser profile that is logged into your ad accounts into a deploy agent for the Uboros ad-creative platform. After you authorize it via one-click OAuth, it polls Uboros for queued jobs (deploy an ad, activate/pause, change budget, duplicate, read performance). When a job arrives it opens the relevant Ads Manager (Meta, TikTok, or Google) and drives the create/manage flow the same way you would by hand.
To let that automation continue on the Uboros server even after your browser is closed, the Extension also reads certain platform session credentials and account identifiers from the Ads Manager pages you open, and sends them to Uboros. This is described in full below — it is the most significant thing the Extension does with your data, and we want it to be explicit.
2. What it reads from ad platforms
The Extension only reads from the ad-platform Ads Manager surfaces it is scoped to
(business.facebook.com and www.facebook.com/adsmanager,
ads.tiktok.com, ads.google.com) and only on the pages you open there.
| Platform | What it reads | Sent to Uboros? |
|---|---|---|
| Meta | Graph API access token, ad-account ID (act_…), Business Manager ID, and the
page's CSRF (fb_dtsg) token used to submit the ad form. Read from the page's
bootstrap data and from the platform's own API requests the page makes. |
Yes — access token, ad-account ID and Business Manager ID are sent so
the server can deploy and optimize on your behalf. The fb_dtsg token is read
only to submit the in-page ad form and is not transmitted to Uboros. |
| TikTok | CSRF token and advertiser ID, read from page meta tags / bootstrap data. | Yes — CSRF token and advertiser ID. The TikTok session cookie
(ttwid) is not read or sent. |
Customer ID and the human-readable account number (123-456-7890).
No OAuth token is read. |
Yes — account identifiers only (no token). | |
| All three (during a job) | The create/manage form fields it is actively filling (campaign/ad names, budgets, targeting countries, ad copy, destination URLs, creative images/videos) and, for a "read performance" job, the visible metrics in the ads table (impressions, clicks, spend, CTR, conversions). | Performance metrics (and a short snippet of the source row text) are sent; the form values are derived from the job Uboros gave it. |
Why we extract tokens. Uboros' value is hands-off optimization that keeps running when your browser is closed. The server can only do that if it holds a valid platform session credential for your account. Extracting the Meta access token / TikTok CSRF lets the server make the same calls the Extension would, on a schedule, without your browser open. If you prefer not to share a token, you can still deploy interactively while the Extension is running; the server-side automation simply won't run while you're offline.
3. What it transmits to Uboros
Every transmission goes over HTTPS to greenlight.uboros.com only, authenticated with
the agent token Uboros issued you. The Extension sends:
- Platform credentials & account IDs — as described in §2 (Meta access token + account/business IDs; TikTok CSRF + advertiser ID; Google customer IDs). Re-sent at most once per 6 hours (24 hours for Google) per account, to avoid churn.
- Job lifecycle — claim requests (poll, ~every 30s), heartbeats while a job runs, and completion outcomes (the resulting ad ID, status, and any error message).
- Performance metrics — for "read performance" jobs: impressions, clicks, spend, conversions and similar, plus a short raw-text snippet of the source row (which may include the ad's name and the visible row labels).
- Health signals — short status tags (e.g. "captcha", "login required", "rate limited", "step complete") so the Uboros dashboard can tell you an account needs attention.
- Connection metadata — when you authorize/register the agent, a short agent label (which may include a truncated browser User-Agent or platform string) and the extension version, so the operator can identify the connected agent.
- Network captures — only if you turn on capture mode (see §5).
4. What it stores on your device
Stored in chrome.storage.local on your machine only (never synced to other devices):
the Uboros agent token and server URL; the current job's state and any in-progress wizard data
(including the asset image for the ad being created); connection timestamp and agent label;
small hashes that track when a credential was last reported (so it isn't re-sent too often); and a
rolling log of the last 20 actions shown in the popup. Job/wizard state is cleared when the job
finishes.
5. Network capture (opt-in, off by default)
The Extension has an optional "capture mode" for TikTok, disabled by default and
toggled only by you in the popup. When on, it records the ad-management API calls TikTok's own
interface makes while you create an ad (method, URL, request body, response status and a short
response snippet) and sends them to Uboros to improve automation reliability. On the server, fields
whose names look like secrets (token, password, cookie,
authorization, access_token, csrf, session,
signature) are redacted before they are stored — note that the request/response text
leaves your browser before that server-side redaction is applied. Turn it off at any time and no
further calls are captured.
6. What it does NOT do
- Communicates with no server other than
greenlight.uboros.com— no analytics, no crash reporting, no third-party SDKs or trackers. - Acts only on the Ads Manager pages within the three ad platforms, plus the Uboros API. Its host access is scoped to exactly those surfaces (see §7) — no subdomain wildcards — and it contacts no other origin.
- Does not read your passwords, your browsing history, bookmarks, downloads, or your
httpOnlylogin cookies. - Does not read your emails, messages, contacts, or any personal communications.
- Does not sell or share your data with any third party.
7. Permissions, justified
- storage / unlimitedStorage — keep the agent token, job state and action log locally.
- alarms — schedule the periodic job poll and heartbeat without keeping the service worker permanently awake.
- tabs — open and monitor the Ads Manager tab when a job arrives.
- scripting — run the content scripts that drive the Ads Manager UI and read the account identifiers/credentials described above.
- notifications — show a single "Connected" notification after you authorize.
- identity — run the OAuth authorization flow
(
chrome.identity.launchWebAuthFlow). - Host permissions scoped to the exact Ads Manager surfaces used —
ads.tiktok.com,business.facebook.com+www.facebook.com/adsmanager, andads.google.com— plusgreenlight.uboros.com. No subdomain wildcards are requested; the content scripts act only on the Ads Manager pages and no origin outside these is contacted. (Meta Graph calls during a deploy go tograph.facebook.com, but they run in the Ads Manager page's own context — the page's requests, not extension-origin fetches — so that host is not in the extension's host permissions.)
8. Retention & deletion
On your device, the agent token persists until you click Disconnect (or the operator revokes it); job/wizard state is transient. On the Uboros server, extracted credentials, performance data, health events and captures are stored in your Uboros tenant and are governed by the Uboros Privacy Policy and DPA. Revoking the agent (below) stops all further collection; ask the operator to delete stored credentials for an account at any time.
9. Your controls
- Authorize — the Extension does nothing until you complete OAuth.
- Per-account — only the ad accounts you enable in Uboros
/setupare eligible for automation. - Capture mode — off by default; entirely your choice.
- Disconnect — clears the local token from the popup.
- Revoke — from Uboros
/setup → Uboros Connector → Connected agents → Revoke. - Uninstall — via
chrome://extensions.
10. Contact
Questions about this policy: [email protected]
(security reports: [email protected]), or open an issue at
github.com/rcusans-code/Uboros.