Policy

Privacy Policy

Effective date: 2026-02-03

This Privacy Policy explains how Cage Access Guard (the “Extension”) and the optional policy/logging server (the “Service”) handle information. Cage Access Guard is provided by ZS Tech Labs.

📌 1. What the Extension Does

Cage Access Guard enforces organization-defined restrictions on supported freelancing platforms (Upwork, Freelancer, PeoplePerHour) through:

Navigation blocking (redirects to safe pages)
XHR/fetch request cancellation (API-level enforcement)
UI element hiding/disabling (CSS-based guardrails)

🔍 2. Information We Process

Policy configuration: JSON rules downloaded from organization-managed endpoints (allow/block patterns, UI selectors, API filters)
Event logs (optional): Blocked navigation attempts, click events, and timestamps sent to configured audit endpoints
Device identifiers (optional): Machine/profile IDs for multi-device policy targeting
No credentials: We do not request, intercept, or store user passwords, session tokens, or authentication data

⚠️ Enterprise deployments: Admin tokens for policy retrieval are configured via browser managed storage by your IT team. These tokens should be rotated regularly and restricted to internal networks.

💾 3. Data Storage & Retention

Local storage: Policy cache is stored in browser local storage (cleared on extension removal).
Server storage: When using a policy/log server, data is stored per your organization's configuration. ZS Tech Labs does not operate shared multi-tenant infrastructure; deployments use dedicated servers or on-premises hosting.
Third parties: No data is shared with advertising networks, analytics platforms, or external services.

🔐 4. Security Measures

Transport encryption: All policy/log endpoints should use HTTPS with valid TLS certificates
Token-based auth: Admin tokens prevent unauthorized policy access
Network isolation: Recommended firewall rules to restrict policy server access to trusted IPs
Tamper resistance: Enterprise policies lock extension installation to prevent user removal

🤝 5. Data Sharing & Disclosure

We do not sell personal information. Event data (when logging is enabled) is transmitted only to the endpoint specified by your organization's deployment configuration. If you use ZS Tech Labs managed hosting, data remains isolated to your account and is not shared across customers.

⚖️ 6. User Rights & Control

Since this is an enterprise-managed extension, end users should contact their IT administrator to:

Request access to logged event data
Request deletion of historical logs
Understand organization-specific retention policies

📮 7. Changes to This Policy

We may update this policy as the product evolves. Major changes will be posted here with an updated effective date. Continued use constitutes acceptance.

📧 8. Contact

Questions about this Privacy Policy? Email info@zstechlabs.com with "Privacy Inquiry" in the subject line.