Effective date: April 17, 2026 · Last updated: April 17, 2026
The short version: Inbox Extractor runs entirely in your browser. We don't operate any server that stores or receives your Messenger content. Your extracted links go directly from Messenger to a destination you choose (your Google Sheet, your local Downloads folder, or your clipboard) — they never touch our infrastructure, because we don't have any.
Inbox Extractor ("we", "our", "the extension") is a Chrome browser extension that extracts hyperlinks and their surrounding metadata from Facebook Messenger conversations at the user's explicit request. It is a one-person independent project. Contact: support@inboxextractor.xyz.
Inbox Extractor is not affiliated with, endorsed by, or sponsored by Meta Platforms, Inc., Facebook, or Messenger.
When you click the extension icon and start an extraction, the extension reads the Document Object Model (DOM) of the Messenger conversation you are viewing. Specifically, it extracts:
This processing happens entirely inside your browser. The extension reads only what's already rendered in your Messenger tab — the same information you can see with your own eyes.
If you choose "New Google Sheet", "Existing Sheet", or "Master Sheet" as your export destination, the extension requests an OAuth 2.0 token from Google using Chrome's built-in identity service. You authorize this through Google's standard consent flow. The scopes requested are:
https://www.googleapis.com/auth/spreadsheets — to create new spreadsheets in your Drive and write/append rows to sheets you specifyhttps://www.googleapis.com/auth/drive.readonly — to list the names and IDs of your existing spreadsheets, so you can pick one in the "Existing Sheet" picker. The extension does not read the contents of sheets other than those you select as a destination.You can revoke this access at any time at myaccount.google.com/permissions.
Inside Chrome's chrome.storage.local API (which stores data only on your own device), the extension saves:
These are settings, not content. They never include the text of any message or the content of any link you've extracted.
Inbox Extractor does not operate any remote server. We therefore cannot and do not collect, transmit, receive, or store the following on our side:
There is no backend. There are no third-party analytics libraries embedded in the extension. There is no crash-reporting service.
When an extraction completes, the collected links and metadata travel directly from your browser to the destination you chose. They do not pass through any server we operate.
| Destination you choose | How data travels |
|---|---|
| New Google Sheet | Browser → Google Sheets API → spreadsheet owned by your Google account |
| Existing Google Sheet | Browser → Google Sheets API → spreadsheet you selected |
| Master Sheet | Browser → Google Sheets API → your saved master sheet |
| Download CSV | File generated in browser → your local Downloads folder |
| Download XLSX | File generated in browser → your local Downloads folder |
| Copy to Clipboard | Text placed on your device's system clipboard |
The extension requests the following Chrome permissions. Each is used only for the purpose described, and no data collected via these permissions is transmitted off-device except as described in Section 4.
Inbox Extractor interacts with two third-party services, both of which are optional and only triggered by your explicit actions:
Because the extension does not send data to any server we operate, there is nothing for us to retain. Settings the extension keeps in local browser storage (Section 2.3) stay on your device until:
Data you exported to Google Sheets remains in your Google account and is under your control. You can delete it at any time from Google Drive.
Because your data does not travel through our servers, the primary security boundaries are the browser itself and Google's OAuth infrastructure. We rely on:
If you believe you have found a security issue, please email support@inboxextractor.xyz.
Because we do not collect or store personal data, most data-subject rights requests (access, portability, rectification, erasure under GDPR/CCPA) have no material data for us to act on. That said, you always have the right to:
chrome://extensions)Inbox Extractor is not directed to children under 13, and we do not knowingly process information from children. If you believe a child has used the extension, contact us and we will assist as best we can.
The extension runs locally in your browser regardless of your country. No data leaves your device except to go to the destination you explicitly choose (Google Sheets in your account, your Downloads folder, or your clipboard). GDPR, CCPA, and similar regulations that govern data controllers do not apply to data we never collect.
If we make material changes, we'll update the "Last updated" date at the top, note the change in the extension's release notes on the Chrome Web Store, and — where we can — surface a one-time notification in the extension.
Privacy questions, concerns, or requests: