Extension Auditor
Extension Auditor
Sign Up

Removals & Takedowns

How to request removal, correction, or erasure of content from Extension Auditor

Removals & Takedowns

Last updated: May 7, 2026

This page explains how to request removal, correction, or erasure of content from Extension Auditor (extensionauditor.com), operated by Alpha CISO Pte. Ltd. ("we", "us", "our"). It covers requests under the U.S. Digital Millennium Copyright Act (DMCA), the EU and UK General Data Protection Regulations (GDPR), the California Consumer Privacy Act and Privacy Rights Act (CCPA/CPRA), the Singapore Personal Data Protection Act (PDPA), trademark law, and our voluntary policies for inaccuracy correction and image removal.

We aim to respond to all valid requests within the timelines set out below. Please use the channel that matches your request — sending the same complaint through multiple channels does not accelerate review and may delay it.

Which path applies to me?

I am ...I want to ...Use this section
A copyright owner whose work appears on Extension Auditor without authorizationFile a copyright takedownDMCA Notice
A user whose content was removed under a DMCA noticeDispute the removalDMCA Counter-Notice
An EU, UK, or Swiss individual (including extension developers)Erase, correct, or restrict personal dataGDPR / UK GDPR Requests
A California residentDelete or correct personal dataCCPA / CPRA Requests
A Singapore resident or anyone whose data we processCorrect personal data or withdraw consentPDPA Requests
An extension developer who believes a scan report is factually wrongRequest correction or annotationFactual Inaccuracy
A trademark ownerReport misuse of a markTrademark Complaint
An extension developer whose listing image, screenshot, or icon appears on a scan pageRequest removal of the imageImage / Asset Removal

DMCA Designated Agent

Pursuant to 17 U.S.C. § 512(c)(2), Extension Auditor has designated an agent to receive notifications of claimed copyright infringement. The agent is registered with the U.S. Copyright Office and listed in the public DMCA Designated Agent Directory at copyright.gov/dmca-directory.

  • Service Provider: Alpha CISO Pte. Ltd.
  • Also known as: Extension Auditor, extensionauditor.com
  • Designated Agent: Ishan Girdhar
  • Address: Alpha CISO Pte. Ltd., #14-04, SBF Center, 160 Robinson Road, Singapore, 068914
  • Email: [email protected]
  • Telephone: +65 9752 8696

The contact information published on this page must match the agent registration on file with the U.S. Copyright Office. If you notice a discrepancy, please notify us at [email protected] so we can correct it.

DMCA Notice

If you believe content on Extension Auditor infringes your copyright, you may submit a notice under 17 U.S.C. § 512(c)(3). To be effective, the notice must include all six of the following elements:

  1. A physical or electronic signature of a person authorized to act on behalf of the owner of the exclusive right being infringed.
  2. Identification of the copyrighted work claimed to have been infringed (or, if multiple works are covered by a single notice, a representative list).
  3. Identification of the material claimed to be infringing and that is to be removed or to which access is to be disabled, with information reasonably sufficient to permit us to locate the material — typically the full URL of the scan page or image.
  4. Contact information for the complaining party — postal address, telephone number, and email address.
  5. A statement that the complaining party has a good-faith belief that the use of the material is not authorized by the copyright owner, its agent, or the law.
  6. A statement, made under penalty of perjury, that the information in the notification is accurate and that the complaining party is authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.

Submit notices to: [email protected]

A notice missing any of the six elements may be treated as defective and we may decline to act on it until it is cured. False notices submitted under penalty of perjury can give rise to liability under 17 U.S.C. § 512(f).

DMCA Counter-Notice

If your content was removed in response to a DMCA notice and you believe the removal was a mistake or misidentification, you may file a counter-notice under 17 U.S.C. § 512(g). The counter-notice must include:

  1. Your physical or electronic signature.
  2. Identification of the material that has been removed or to which access has been disabled, and the location at which the material appeared before it was removed or disabled.
  3. A statement, under penalty of perjury, that you have a good-faith belief that the material was removed or disabled as a result of mistake or misidentification.
  4. Your name, address, and telephone number, and a statement that you consent to the jurisdiction of the U.S. Federal District Court for the judicial district in which your address is located (or, if your address is outside the United States, any judicial district in which Extension Auditor may be found), and that you will accept service of process from the original complainant or its agent.

Submit counter-notices to: [email protected]

If we receive a valid counter-notice, we will forward it to the original complainant. Unless the complainant files a court action seeking a restraining order within 10 to 14 business days, we may restore the removed content.

Repeat Infringer Policy

Pursuant to 17 U.S.C. § 512(i)(1)(A), we have adopted and reasonably implement a policy providing for the termination, in appropriate circumstances, of accounts of users who are repeat infringers of copyright or other intellectual property rights. We may also terminate the access of any user we believe is infringing the intellectual property rights of others, including upon a single occurrence, where the circumstances warrant.

GDPR / UK GDPR Requests

If you are an individual located in the European Economic Area, the United Kingdom, or Switzerland, you have rights under the GDPR (Regulation (EU) 2016/679), UK GDPR, and the Data Protection Act 2018, including:

  • Right of access (Article 15)
  • Right to rectification (Article 16)
  • Right to erasure / "right to be forgotten" (Article 17)
  • Right to restrict processing (Article 18)
  • Right to data portability (Article 20)
  • Right to object (Article 21)

These rights apply to extension developers whose names, contact details, or other personal data appear on Extension Auditor as a result of public Chrome Web Store listings.

Lawful basis we rely on

We process publicly available extension and developer information under Article 6(1)(f) — legitimate interests, specifically for the purposes of security research, consumer protection, and threat intelligence. We have conducted a Legitimate Interests Assessment that balances these interests against the rights and freedoms of the individuals concerned.

How to submit a request

Email [email protected] with the following:

  • Your full name and contact details
  • Identification of the personal data or extension listing(s) you are referring to (Chrome Web Store ID, URL on extensionauditor.com, or developer name)
  • The right you are exercising (e.g., erasure under Article 17)
  • Sufficient information for us to verify your identity or your association with the listing

We will respond within 30 days of receipt, as required by Article 12(3). We may extend this period by a further two months for complex or numerous requests, with notice to you.

When we may decline

Article 17(3) permits us to decline an erasure request where processing is necessary for, among other reasons:

  • Exercising the right of freedom of expression and information (Article 17(3)(a))
  • Reasons of public interest, archiving in the public interest, scientific or historical research, or statistical purposes (Article 17(3)(c)–(d))
  • The establishment, exercise, or defense of legal claims (Article 17(3)(e))

Where we decline, we will explain our reasoning, and you retain the right to lodge a complaint with a supervisory authority.

Right to lodge a complaint

EU residents may complain to their national data protection authority. UK residents may complain to the Information Commissioner's Office at ico.org.uk.

CCPA / CPRA Requests

If you are a California resident, you have rights under the California Consumer Privacy Act and the California Privacy Rights Act, including:

  • Right to know what personal information we collect, use, disclose, or share (§§ 1798.100, 1798.110, 1798.115)
  • Right to delete personal information (§ 1798.105)
  • Right to correct inaccurate personal information (§ 1798.106)
  • Right to opt out of the sale or sharing of personal information (§ 1798.120)
  • Right to limit the use and disclosure of sensitive personal information (§ 1798.121)
  • Right to non-discrimination for exercising these rights (§ 1798.125)

How to submit a request

Email [email protected] with the subject line "California Privacy Request" and include:

  • Your name and a confirmation of California residency
  • The right you are exercising
  • Sufficient information for us to verify your identity (we may request additional verification before responding)
  • The specific personal information at issue, where applicable

We will confirm receipt within 10 business days and substantively respond within 45 days, as required by 11 CCR § 7021. We may extend this period by an additional 45 days where reasonably necessary, with notice to you.

Authorized agents

You may designate an authorized agent to make a request on your behalf. The agent must provide written authorization signed by you, and we may still ask you to verify your identity directly.

PDPA Requests

If your personal data is processed by Alpha CISO Pte. Ltd., you may exercise rights under the Singapore Personal Data Protection Act 2012, including:

  • Access to personal data (PDPA § 21)
  • Correction of personal data (PDPA § 22)
  • Withdrawal of consent for collection, use, or disclosure (PDPA § 16)

Email our Data Protection Officer at [email protected]. We will respond within 30 days.

If you are not satisfied with our response, you may lodge a complaint with the Personal Data Protection Commission of Singapore at pdpc.gov.sg.

Factual Inaccuracy

Even where no statutory right applies, we welcome reports of factual errors in our scan reports. Examples include:

  • Incorrect publisher name, contact information, or verification status
  • Incorrect manifest version, permission list, or version history
  • A risk classification you believe is unsupported by the underlying signals
  • Outdated information that has been corrected by the developer in a newer release

Email [email protected] with:

  • The Chrome Web Store extension ID (32-character ap string)
  • The URL of the scan page
  • A description of what is incorrect and what the correct information is
  • Supporting evidence where available (e.g., a link to the current Chrome Web Store listing)

We will respond within 14 days. We do not commit to making any specific change — risk classifications are our independent commentary based on automated analysis of technical signals — but we will review every report. Where we agree, we will update the scan; where we disagree, we may publish a developer response or annotation alongside the report so that readers see both perspectives.

Trademark Complaint

If you believe a trademark you own is being used on Extension Auditor in a manner that is likely to cause confusion as to source, sponsorship, or affiliation — or that constitutes dilution — email [email protected] with:

  • Your trademark registration number, or evidence of common-law rights
  • The jurisdiction in which the mark is registered
  • The URL on Extension Auditor where the alleged misuse appears
  • A description of how the use is likely to mislead

Our use of extension names, logos, and screenshots in the context of security analysis is a nominative reference to the product being reviewed and is generally protected as nominative fair use. We will, however, review every complaint and remove or modify any genuinely confusing or unauthorized use.

Image / Asset Removal

Extension Auditor displays icons, screenshots, and other promotional imagery from Chrome Web Store listings, served through our image proxy at img.extensionauditor.com. These assets are used for the purpose of identifying and analyzing the extension being reviewed.

If you are the developer of an extension and wish to have your listing's images removed from the corresponding scan page, email [email protected] with:

  • The Chrome Web Store extension ID
  • The URL(s) of the image(s) to be removed
  • Confirmation that you are an authorized representative of the listing — we may verify by emailing the developer-account address associated with the listing

We will replace the image with a generic placeholder within 14 days. The textual security analysis will remain published, as it constitutes our independent commentary based on technical signals derived from the publicly available extension package.

Response Timelines

Request typeAcknowledgmentSubstantive response
DMCA notice / counter-noticeWithin 1 business dayWithin 14 days
GDPR / UK GDPRWithin 1 business dayWithin 30 days (extendable to 90)
CCPA / CPRAWithin 10 business daysWithin 45 days (extendable to 90)
PDPAWithin 1 business dayWithin 30 days
Factual inaccuracyWithin 1 business dayWithin 14 days
TrademarkWithin 1 business dayWithin 14 days
Image / asset removalWithin 1 business dayWithin 14 days

Transparency

We may publish redacted versions of takedown notices and removal requests we receive — for example, on a transparency page or in periodic reports — for the purposes of public accountability and research into removal practices. Personally identifying information about the complainant will be redacted where reasonably possible. By submitting a notice, you acknowledge this practice.

Where lawful, we may also forward DMCA notices to the Lumen Database at lumendatabase.org.

Bad-Faith Claims

Submitting a notice that knowingly contains material misrepresentations may give rise to liability:

  • Under U.S. law, 17 U.S.C. § 512(f) provides for damages, including costs and attorneys' fees, against any person who knowingly materially misrepresents that material is infringing or that material was removed by mistake.
  • Under EU and UK law, deliberately false claims may constitute abuse of process or other actionable misconduct.

We reserve the right to seek recovery of all costs incurred in responding to bad-faith claims and to refer egregious cases to the relevant authorities.

Modifications

We may update this policy from time to time. Material changes will be reflected in the "Last updated" date at the top of this page.

Contact Summary

PurposeEmail
DMCA notices, counter-notices, and image / asset removal[email protected]
GDPR / UK GDPR / CCPA / CPRA requests[email protected]
PDPA requests (Singapore Data Protection Officer)[email protected]
Factual inaccuracy / scan correction[email protected]
Trademark complaints and other legal correspondence[email protected]
Postal mail (all matters)Alpha CISO Pte. Ltd., #14-04, SBF Center, 160 Robinson Road, Singapore, 068914