Privacy Policy

GeoSpoof is committed to protecting your privacy. This extension is designed to enhance your location privacy and does not collect, store, or transmit any personal data to the extension developer.

GeoSpoof does not implement VPN functionality. It does not use NetworkExtension or any VPN framework, and it does not route, tunnel, or inspect network traffic. The word "VPN" appears only in reference to the optional "Sync with VPN" feature, which helps align your browser's reported location with the exit region of a third-party VPN you are already running.

GeoSpoof does not collect any personal data. The extension:

• Does NOT track your browsing activity
• Does NOT collect analytics or telemetry
• Does NOT store data on external servers
• Does NOT share data with third parties for advertising or marketing

All extension settings are stored locally on your device using the browser's local storage API (browser.storage.local):

• Your spoofed location coordinates
• Your timezone preferences
• Resolved location name (city, country)
• WebRTC protection settings
• VPN sync preference
• Onboarding completion status

This data never leaves your device and is only accessible by the extension.

When you use certain features, GeoSpoof (both the Safari extension and the companion app) communicates with external services. The developer operates no server and receives none of this data.

Nominatim (OpenStreetMap) — Used when you search for a city or the extension performs reverse geocoding. Sends your search query or coordinates over HTTPS. Privacy Policy

VPN Sync Services — Used only when you explicitly enable "Sync with VPN" or tap the "Re-sync" button. GeoSpoof first detects your public (VPN exit) IP, then looks up its approximate region. In the Safari extension, detection tries checkip.amazonaws.com (AWS), cloudflare.com/cdn-cgi/trace, whatismyip.akamai.com (Akamai), and ipify (api.ipify.org) in order with failover; the companion app instead sends a STUN request to Cloudflare and Google (stun.cloudflare.com, stun.l.google.com) with ipify as a fallback. The detected IP is then sent in parallel over HTTPS to up to four geolocation services; the first successful response is used and the rest are cancelled. Only your public IP is transmitted — no identifiers, account data, or browsing history:

• GeoJS (get.geojs.io) — primary service
• FreeIPAPI (free.freeipapi.com) — fallback
• ReallyFreeGeoIP (reallyfreegeoip.org) — fallback
• ipinfo.io (ipinfo.io) — fallback

Privacy safeguards for VPN Sync: all requests use HTTPS. Your IP address is held only in an in-memory cache for the current browser session — it is never written to disk. The in-memory cache is cleared the moment you disable "Sync with VPN" or switch to a different location input method.

browser-geo-tz — Makes HTTPS range requests to a CDN to fetch small chunks of timezone boundary data. Your coordinates are never sent as a query or stored by a third-party API; the extension resolves your timezone locally using the downloaded boundary data. Project page

Apple geocoding (companion app only) — When you set a manual location in the app, it uses Apple's on-device geocoding (CLGeocoder) to resolve the precise timezone for the chosen coordinates, falling back to bundled offline boundary data when offline. City search in the app is fully offline and sends nothing.

The iOS, iPadOS, and macOS app offers optional "tips" as one-time in-app purchases, letting you support development if you choose. Tips are entirely voluntary and unlock no features or functionality. All purchases are processed by Apple via In-App Purchase — the developer never receives your payment details, card information, or any personal data from a tip. Billing, receipts, and refunds are handled by Apple under its terms.

• All settings are stored locally using the browser's secure storage API
• No data is transmitted to the extension developer
• All third-party API calls use HTTPS encryption
• The developer operates no backend server and maintains no user accounts

The extension requires the following permissions. Exact permissions vary slightly by browser (some APIs do not exist on every engine), but the principles below apply everywhere.

• storage: To save your settings locally on your device
• privacy (Firefox/Chromium only): To configure WebRTC protection settings
• proxy (Firefox/Chromium only): To detect when a browser-based VPN switches exit nodes so VPN Sync can re-align your spoofed location. GeoSpoof only observes proxy changes — it never sets or routes a proxy.
• scripting: To inject the location-spoofing overrides into pages
• alarms: To run periodic health checks that keep the spoofing overrides active
• idle (Firefox/Chromium only): Part of the VPN-sync re-check scheduling
• <all_urls> / host access to all websites: To inject location spoofing on every website you visit
• webRequest permissions (Firefox only): To repair the timezone leak inside Web Workers at the network layer

These permissions are used solely for the extension's functionality and not for data collection.

When you enable GeoSpoof, Safari shows a prompt similar to: "The extension 'GeoSpoof' would like to access [websites]. This extension will be able to read and alter webpages and see your browsing history on these websites. This could include sensitive information, including passwords, phone numbers, and credit cards."

This warning is standard for any extension that runs on every site, and the specific websites Safari names are simply the tabs you happen to have open at that moment — GeoSpoof does not single them out and has no special interest in them. Safari shows this same wording for ad blockers, password managers, and dark-mode extensions.

GeoSpoof needs broad website access because its only job is to make every site you visit see your chosen location instead of your real one. To do that it must run a small script on each page that overrides the browser's location, timezone, and date APIs before the page's own code runs. There is no narrower permission that would let it spoof location site-wide.

What "read and alter webpages" technically allows vs. what GeoSpoof actually does:

The extension is open source, so you can verify all of the above: github.com/anthonysgro/geospoof

Which Safari permission option should you choose?

• Allow for One Day — best for trying GeoSpoof out. Access expires automatically, so it's the lowest-commitment option.
• Always Allow on Every Website — most convenient if you want location protection everywhere without re-granting access.
• Allow / Always Allow on specific websites — if you only want spoofing on certain sites, grant access per-site and leave the rest unprotected.
• Deny — GeoSpoof will not run on that site (it cannot spoof your location there).

You can change or revoke any of these at any time in Safari → Settings → Extensions → GeoSpoof, or per-site from the AA menu in the address bar on iOS/iPadOS. Restricting access never deletes your settings — it only controls where spoofing is allowed to run.

You have complete control over your data:

• All settings can be cleared by disabling or removing the extension
• You can view all stored data in your browser's extension storage inspector
• No account or registration is required

What this extension does NOT do:

• Does NOT implement VPN functionality — no NetworkExtension, no tunneling, no traffic interception
• Does NOT change browser language or locale settings — your browser's language preferences remain unchanged, which may create detectable inconsistencies with your spoofed location
• Does NOT spoof IP address — your real IP address is still visible to websites unless you use a VPN
• Does NOT bypass server-side detection — websites can still detect your location through IP address, payment methods, account history, and other server-side signals

Terms of service compliance. Using location spoofing may violate the terms of service of certain websites, particularly streaming services (Netflix, HBO Max, Disney+, etc.), financial services, and e-commerce platforms with region-specific pricing. You are responsible for ensuring your use of this extension complies with applicable terms of service and laws. The extension developer is not liable for any violations or consequences resulting from your use of this extension.

Intended use. This extension is intended for privacy protection and testing, web development and testing, educational purposes, and legitimate privacy enhancement. It is NOT intended for circumventing geo-restrictions on copyrighted content, fraud or deception, or violating terms of service agreements. We absolutely do not endorse any illegitimate or illegal use of this tool whatsoever. Use responsibly and in accordance with local laws and regulations.

If you are located in the EEA, UK, or Switzerland, the following applies to you in addition to the rest of this policy.

Controller: Anthony Sgro, an individual developer based in the United States, acts as the data controller for any personal data processed by this extension. You can contact the controller at support@geospoof.com.

Legal basis for processing: The only personal data processed is your public IP address, and only when you explicitly enable the "Sync with VPN" feature. We rely on your consent (GDPR Art. 6(1)(a)), which you give by enabling the feature, and which you can withdraw at any time by disabling "Sync with VPN" in the extension popup. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.

International transfers: The third-party services listed above (AWS, Cloudflare, Akamai, ipify, GeoJS, FreeIPAPI, ReallyFreeGeoIP, ipinfo.io, Google STUN, Nominatim, and the jsDelivr CDN) are operated outside the EEA, including in the United States. When you use features that contact these services, your public IP is transferred to their infrastructure. Each service is an independent controller and determines its own transfer mechanisms. The extension developer operates no server and performs no cross-border transfer on its own.

Your rights under GDPR / UK GDPR: you have the right to access, rectify, erase, restrict, object to, and port your personal data, and to withdraw consent at any time. Because the extension stores no personal data on any server controlled by the developer, most of these rights are exercised directly by you within the extension: uninstalling the extension or disabling "Sync with VPN" fully erases everything the developer could ever access. You also have the right to lodge a complaint with your local data protection authority.

Retention: Your public IP is held only in volatile memory for the current browser session and cleared when you disable the feature or close your browser. No retention period applies because no storage occurs.

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), gives you specific rights regarding your personal information.

We do not sell or share your personal information as those terms are defined under the CCPA/CPRA. We do not disclose personal information for cross-context behavioral advertising. We do not knowingly handle the personal information of consumers under 16.

Categories collected: The only category of personal information touched by the extension is an internet identifier (your public IP address), and only when you explicitly enable "Sync with VPN." It is used for the single purpose described above and is not retained.

Your rights: You have the right to know what personal information is collected, the right to delete personal information, the right to correct inaccurate personal information, the right to opt out of sale or sharing (there is nothing to opt out of here), and the right not to receive discriminatory treatment for exercising these rights. Because no personal information is retained by the developer, these rights are effectively exercised by uninstalling the extension or disabling the feature. For any inquiry, contact support@geospoof.com.

GeoSpoof is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has used the extension in a way that caused personal information to reach a third-party service referenced above, please contact us at support@geospoof.com and we will take reasonable steps to assist.

Because the extension stores no personal data on any developer-operated server, there is no developer-side database that can be breached. In the unlikely event of a security issue affecting the extension itself (for example, a vulnerability in the extension code), we will publish an advisory on the project's GitHub page and release a patched version through the relevant browser stores. Where required by applicable law, we will notify affected users and the relevant data protection authority.

If this privacy policy changes, the updated version will be posted on this page and in the extension's repository. The "Last Updated" date at the top of this page will be revised accordingly. Continued use of the extension after changes are posted constitutes your acceptance of the updated policy.

For questions about this privacy policy, contact us at support@geospoof.com or open an issue on GitHub.

GeoSpoof is open source. You can review the complete source code to verify these privacy practices: github.com/anthonysgro/geospoof.