Encrypted Clipboard

Open Source & Verification

Both our open-source crypto library and source-available extension are publicly accessible for independent verification. Here's how you can prove our encryption works and confirm we never collect your data.

@encryptedclipboard/crypto

Apache License 2.0 Dependency-free

Dependency-free: Our encryption library uses only the browser's native Web Crypto API. No external dependencies means fewer attack vectors and easier verification.

Chrome Extension Source

PolyForm Noncommercial 1.0.0 Source-Available

Publicly auditable: The entire extension source code is available under the PolyForm Noncommercial license. Security researchers, enterprises, and users can review every line — confirming that we collect nothing and encrypt everything.

Verify It Yourself

We believe security should never be a black box. Here's how you can verify our zero-knowledge claims:

1 Network Tab Inspection

  1. 01

    Right-click the extension icon and select Manage Extension.

  2. 02

    Enable Developer Mode and click on the service worker link under 'Inspect views'.

  3. 03

    Go to the Network tab.

  4. 04

    Copy some text — you'll see a request sent to our API.

  5. 05

    Inspect the payload: it contains only unreadable ciphertext. Your raw data never leaves your browser.

2 AI Code Analysis

Modern AI models can analyze minified Chrome extension builds and determine exactly what the code does. You can:

  1. 01

    Download the extension's source code from the Chrome Web Store (via CRX extractor or similar tools).

  2. 02

    Paste the minified code into ChatGPT, Claude, or any AI coding assistant.

  3. 03

    Ask: "Does this code send any clipboard content in plain text to any server? Does it steal user data?"

  4. 04

    The AI will confirm that our extension only sends encrypted data and never transmits your actual clipboard content.

3 Browse Source on GitHub

No need to extract CRX files or run AI analysis. The complete, human-readable source code is on GitHub for anyone to browse:

  1. 01

    Go to github.com/encryptedclipboard/chrome-extension.

  2. 02

    Browse every directory — background service worker, sidebar UI, palette, content scripts, offscreen document, and build config.

  3. 03

    Search for fetch, XMLHttpRequest, or analytics — confirm zero tracking, zero data collection.

  4. 04

    Check the commit history — no last-minute injection of hidden code. Every change is documented.

Why Browser Extensions Are More Transparent

Unlike desktop or mobile applications that compile to unreadable binaries, Chrome extensions remain as JavaScript, HTML, and CSS files that can be inspected by anyone — including AI.

PlatformCode TypeHuman ReadableAI Scannable
Desktop AppBinary/Compiled❌ No❌ No
Mobile AppBinary/Compiled❌ No❌ No
Chrome ExtensionMinified JS⚠️ Partially✅ Yes

Our Extension: Un-minified Encryption Library

We've specifically disabled webpack minification for our encryption library in the build process. This means:

  • You can directly search for @encryptedclipboard/crypto in our extension's .js files

  • The library is imported and used in plain, readable code — not hidden behind minified blobs

  • Finding our encryption usage takes seconds, not hours of reverse engineering

How to Find Our Encryption Library in the Build

  1. 01

    Download the extension CRX file from the Chrome Web Store (using a CRX extractor tool).

  2. 02

    Extract the .zip and navigate to the folder containing the built JavaScript files.

  3. 03

    Open any .js file in a text editor or use grep/search.

  4. 04

    Search for encryptedclipboard/crypto, CryptoEngine, encryptData, or decryptData.

  5. 05

    You'll find the import statement showing exactly where and how we use our open source encryption library.

Yes! The entire extension source code is publicly available on GitHub under the PolyForm Noncommercial 1.0.0 license. Anyone can read every line, verify the encryption, and confirm zero data collection.

The license restricts commercial redistribution (someone can't repackage and sell my work), but the code is fully visible and auditable. The encryption core remains separately open source under Apache 2.0.

Absolutely. I'm fully open to any official security team or independent researcher auditing my codebase. I've nothing to hide — my zero-knowledge architecture means I physically cannot access user data even if I wanted to.

As a solo founder, I can't currently afford formal paid security audits, but I welcome any volunteer security researchers to review the code. If you're a security professional interested in auditing our encryption implementation, please reach out.

Security Researchers & Partners

Interested in security research or partnership opportunities? We'd love to hear from you.

support@encryptedclipboard.app