Return Home

Sensitive Data Policy

A detailed breakdown of the data types Form Recover automatically ignores.

At Form Recover, we take a “Safety First” approach to data collection. Our extension includes a sophisticated filtering engine designed to recognize and ignore sensitive information automatically.

This document outlines the specific criteria and logic used by our Sensitive Data Filter.

How the Filter Works

Form Recover analyzes input fields in real-time. It checks attributes such as name, id, class, placeholder, and aria-label against a strict set of rules.

We categorize data into two tiers of protection:

Tier 1: Hard Block (Never Saved)

Data in this category is considered critical security information. The extension is hard-coded to NEVER save input from fields matching these patterns, regardless of user settings.

🔒 Credentials & Authentication

  • Passwords: password, passwd, pwd, current-password, new-password.
  • Tokens: token, access_token, auth_token, bearer, jwt, session_id.
  • Keys: api_key, secret_key, private_key, recovery_code.
  • MFA/OTP: otp, 2fa, mfa, verification_code, security_code.

💳 Payment Verification

  • Card Security: cvv, cvc, card_verification.
  • Card Numbers: credit_card, card_number, cc_number.

💾 Binary Data

  • Files: image, base64, binary inputs.

Tier 2: Soft Block (Manual Save Only)

Data in this category is considered Personally Identifiable Information (PII) or sensitive financial data. By default, Auto-Save is disabled for these fields to prevent accidental storage of private details.

Note: You may still be able to manually save these fields if you explicitly click the “Save” button in the extension popup, depending on your strictness settings.

🆔 Government ID

  • ID Numbers: ssn (Social Security), passport, driver_license, tax_id, nik, ktp.

🏦 Financial Identifiers

  • Banking: iban, swift, routing_number, account_number, invoice.

📍 Personal Contact Info

  • Location: address, street, city, zip_code, postal_code.
  • Contact: phone, mobile, tel, email (context-dependent).
  • Identity: dob, date_of_birth.

UI & Functional Filters

To keep your recovery vault clean, we also ignore inputs that are purely functional or part of the user interface control, such as:

  • Media Controls: volume, mute, playback, subtitle.
  • Pickers: Date pickers, time pickers, and calendar widgets (datepicker, calendar).

Reporting a False Positive/Negative

No filter is perfect. If you find a sensitive field that Form Recover failed to block, or a safe field that was incorrectly blocked, please report it to our support team immediately so we can update our definitions.

Share this
The airbag for your browser