Last updated: March 2026
LiveVerify is a browser extension that lets you verify text claims on web pages against issuer endpoints. You select text, the extension computes a SHA-256 hash, and checks whether the issuer's domain confirms the claim is authentic.
None. LiveVerify has no server, no analytics, no telemetry, and no user accounts. All processing happens locally in your browser.
| Data | Where it goes | How long it lasts |
|---|---|---|
| Selected text | Processed locally to compute hash | Discarded immediately after hashing |
| Computed hash | Sent as a URL path to the issuer's domain (e.g., https://issuer.com/c/{hash}) |
Not stored |
| Verification result | Displayed in popup | Discarded when you navigate away or close the tab |
| Settings (intrusiveness level, auto-scan preference) | Browser's local chrome.storage |
Until you change them or uninstall |
When you verify a claim, the extension makes up to two HTTPS GET requests:
| Request | Purpose | Data sent |
|---|---|---|
| Metadata fetch | Fetches verification-meta.json from the issuer's domain for document-specific normalization rules and authority chain information |
None (simple GET to a known path) |
| Hash verification | Checks whether the computed hash exists at the issuer's endpoint | SHA-256 hash only, in the URL path (e.g., https://issuer.com/c/{hash}) |
Both requests:
The issuer's server may log the request. LiveVerify does not control what issuers log. Even though only a hash is sent, request metadata (IP address, timestamp, user agent) can reveal that a verification was performed from a particular location at a particular time. This is ordinary web request behavior, not specific to LiveVerify. For the full discussion of issuer-side logging implications, see the main Live Verify privacy declaration.
If you enable auto-scan in settings, the extension scans page content for verifiable-text HTML markers and automatically verifies them. This generates the same HTTPS GET requests described above, without requiring you to select text manually. Auto-scan is off by default.
| Permission | Why it's needed |
|---|---|
contextMenus |
Adds "Verify this claim" to the right-click menu |
activeTab |
Reads selected text from the current tab when you trigger verification |
storage |
Saves your settings (intrusiveness level, auto-scan preference). No personal data or verification results are stored. |
notifications |
Shows verification results as browser notifications (optional) |
scripting |
Injects the content script that scans for verifiable-text markers |
https://*/* (host permission) |
Fetches verification endpoints on any HTTPS domain. Verification URLs can point to any issuer's domain — the extension cannot know in advance which domains will be used. |
LiveVerify uses no third-party analytics, advertising, crash reporting, or tracking services.
LiveVerify does not collect data from anyone, including children.
If this policy changes, the updated version will be published at this URL. The "last updated" date at the top will reflect the change.
LiveVerify is an open-source project. Source code, issues, and contact information are at github.com/live-verify/live-verify.
This policy covers the browser extension specifically. The broader Live Verify project (including the web app, iOS app, and Android app) has a separate, more detailed privacy declaration covering camera mode, OCR processing, verifier roles and retention, and issuer-side logging implications. The principles are the same: all processing is local, only hashes are sent to issuers, and no personal data is collected.
LiveVerify is licensed under the Apache License, Version 2.0.