Extension Permissions

storage

Store your drawing preferences and device ID locally

We use chrome.storage.local to save your brush settings (color, size, tool), your anonymous device identifier, and cached drawing data for offline use. This data stays on your machine and is never sent to third parties.

activeTab

Know which page you're drawing on

When you activate Layer8, we need to know the URL of the current tab so we can load and save drawings for that page. We only access the URL — we do not read page content, DOM elements, cookies, or form data from the active tab.

cookies

Maintain your sign-in session

Our authentication provider (Clerk) uses cookies to maintain your signed-in session. This permission allows the extension to read Clerk session cookies so you stay signed in between browser sessions. We only access cookies from our authentication domain — never from the sites you visit.

Content script on all URLs

Overlay the drawing canvas on any page

Layer8 injects a transparent canvas overlay on web pages so you can draw on them. This content script runs on all URLs because you should be able to draw on any page. The content script:

• Creates an isolated overlay canvas (does not modify page content)
• Captures your pointer input for drawing
• Renders existing drawings from other users
• Does NOT read, modify, or interact with page content
• Does NOT access forms, passwords, or input fields
• Does NOT capture screenshots or page text

Host permissions

Communicate with our API and auth service

The extension connects to our API server to save and load drawings, and to Clerk's authentication service for sign-in. These are the only external connections the extension makes.