Privacy Policy — Extensight

Last updated: April 11, 2026 · Effective: April 11, 2026

Extensight is a B2B platform sold to organizations, not individual consumers. This policy explains what data we collect, how we use it, and your rights. We do not sell your data to third parties.

1. Who We Are

Extensight ("we," "us," or "our") operates the Extensight browser extension intelligence platform, available at extensight.com and associated subdomains. We are based in Massachusetts, United States.

For privacy inquiries: privacy@extensight.com

2. Scope of This Policy

This Privacy Policy applies to:

Our website at extensight.com
The Extensight dashboard and admin console
The Extensight agent software installed on endpoint devices
All related services, APIs, and integrations

Extensight is a business-to-business (B2B) platform. Our direct customers are organizations ("Customers"). The end users whose devices are monitored ("End Users") are employees or contractors of our Customers. Customers are responsible for providing appropriate notice to their End Users regarding monitoring.

3. Data We Collect

3.1 Data collected from Customer organizations

Data	Purpose
Organization name, subdomain	Account identification and routing
Administrator email addresses	Authentication, notifications, account management
Billing information	Payment processing (handled by payment processor)
Integration credentials (Slack webhooks, SIEM tokens, Okta configuration)	Enabling third-party integrations configured by Customer

3.2 Data collected from enrolled endpoints (via the agent)

Data	Purpose
Device hostname	Identify which device extensions are installed on
OS username	Associate extensions with users for reporting
Operating system platform	Apply correct policies (macOS vs Windows)
Browser name	Apply browser-specific policies
Extension IDs, names, versions, descriptions	Core inventory and risk scoring
Extension permissions and host permissions	Risk scoring and policy enforcement
Extension manifest version	Risk scoring
Extension install status (installed/uninstalled)	Inventory tracking and removal logging

3.3 Data we do NOT collect

Browsing history or visited URLs
Browser tab contents or page content
Keystrokes, screenshots, or screen recordings
File system contents (beyond extension install paths)
Network traffic contents
Personal communications

3.4 Data collected from website visitors

When you visit extensight.com, we may collect standard web server logs including IP address, browser type, referring URL, and pages visited. This data is used to maintain and improve the website and is not linked to individual identities.

4. How We Use Data

We use collected data to:

Provide and operate the Extensight platform
Calculate extension risk scores and enforce policies
Send alerts and notifications to Customer-configured destinations (Slack, SIEM, email)
Maintain security and investigate abuse
Improve and develop the Service
Comply with legal obligations
Communicate with Customers about their accounts and our Service

We do not use Customer data or End User data for advertising purposes. We do not sell, rent, or trade data to third parties.

5. Data Sharing and Disclosure

5.1 Service providers

We may share data with trusted service providers who assist in operating our platform, subject to confidentiality obligations. These include hosting providers (DigitalOcean), and communications infrastructure.

5.2 Customer-configured integrations

When a Customer configures integrations (Slack, SIEM, Okta), extension and device data may be transmitted to those third-party services. The Customer controls which integrations are enabled and is responsible for the privacy practices of those services.

5.3 Legal requirements

We may disclose data if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Extensight, our Customers, or others.

5.4 Business transfers

If Extensight is acquired or merges with another company, Customer data may be transferred as part of that transaction. We will provide notice of any such transfer.

6. Data Retention

We retain Customer account data and endpoint data for as long as the account is active. Upon account termination:

Data is retained for 30 days to allow for export requests
After 30 days, data is permanently deleted from our systems
Backup copies may persist for up to 90 days in accordance with our backup rotation policy

Customers may request data deletion at any time by contacting support@extensight.com.

7. Data Security

We implement industry-standard security measures including:

TLS encryption for all data in transit
Encrypted passwords using bcrypt
API key authentication for agent communication
Multi-factor authentication (TOTP and SSO) for dashboard access
Administrative access restricted to private network (Tailscale)
Regular security reviews

No method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

8. Customer Responsibilities

Because Extensight is a B2B platform deployed by organizations to monitor their own endpoints, Customers are responsible for:

Providing appropriate notice to End Users that their devices are being monitored
Obtaining any necessary consents required by applicable law
Ensuring their use of Extensight complies with employment laws, privacy laws, and any applicable collective bargaining agreements
Managing user access and credentials within their Extensight account

9. International Data Transfers

Extensight operates infrastructure in the United States. If you are located outside the United States, your data will be transferred to and processed in the United States. We take steps to ensure appropriate safeguards are in place for such transfers.

10. Rights and Requests

Depending on your jurisdiction, you or your organization may have rights regarding personal data, including rights to access, correct, delete, or restrict processing. To exercise any rights or submit a privacy request, contact us at support@extensight.com.

Note: For data about End Users collected through the agent, requests should generally be directed to the Customer organization that deployed the agent, as they are the data controller for that data.

11. Cookies and Tracking

Our dashboard uses a session cookie (`es_session`) solely for authentication purposes. We do not use advertising cookies, tracking pixels, or third-party analytics. The marketing website (extensight.com) does not use tracking cookies.

12. Children's Privacy

The Service is intended for business use and is not directed at individuals under 18 years of age. We do not knowingly collect personal data from minors.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify Customers of material changes via email or through the dashboard. The "last updated" date at the top of this page reflects the most recent revision. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

14. Contact Us

For privacy questions, data requests, or concerns:

Email: support@extensight.com
Support: