`: support user-selected pages across the web.
+
+### Limited Use — does not apply to bproxy
+
+The Limited Use affirmative statement requirement applies to extensions that access Google user account data via OAuth/Google service APIs (Gmail, Drive, Calendar, etc.). bproxy does not use any Google account APIs. It uses only Chrome extension platform APIs (`tabs`, `scripting`, `webNavigation`, `storage`, `alarms`) for local functionality.
+
+The extension does not collect user data:
+
+- Page content is read on demand and passed to a localhost daemon on the same machine — nothing leaves the user's device.
+- The only persisted value is the pairing bootstrap token in `chrome.storage.local`.
+- No browsing history, page content, or user activity is stored or transmitted externally.
+
+In the CWS privacy fields, the correct declaration is: **"This extension does not collect user data."** No Limited Use disclosure page is needed.
+
+### Privacy policy page
+
+The CWS dashboard requires a privacy policy URL. The page should be published on the docs site at `https://dimdasci.github.io/bproxy/privacy/` and state in plain English:
+
+- The extension does not collect, store, or transmit any user data.
+- It reads page content only when an agent sends a command, and passes it to a daemon running on the same machine (`127.0.0.1`).
+- Nothing leaves the user's device. There is no remote server, no analytics, no telemetry.
+- The only value the extension persists is a pairing token in Chrome's local storage, used to authenticate the connection to the local daemon.
+- The extension communicates exclusively with `localhost:9615`. It never contacts any external service.
+
+Keep it short. No legal boilerplate. No "we may update this policy" padding. Just the facts about how it works and why there is nothing to disclose.
+
+### Listing mandatory assets
+
+The store will **reject** submissions that are missing any of:
+
+- A non-blank detailed description.
+- A 128×128 px store icon.
+- At least one 1280×800 px (or 640×400 px) screenshot.
+
+Screenshots should show the popup in both unpaired and paired states. A third screenshot may show a terminal with `bproxy service start` output to illustrate the pairing flow.
+
+### Privacy fields consistency
+
+The CWS developer dashboard privacy fields must:
+
+- Accurately declare what user data is collected (page text/structure read on demand, pairing token stored locally).
+- State that data is not transferred to any third party.
+- Be consistent with the privacy policy text and actual extension behavior.
+
+If privacy field declarations contradict the privacy policy or observed behavior, the extension may be removed from the store.
+
+### Code readability (MV3)
+
+bproxy already satisfies this requirement:
+
+- Source maps are preserved in production output (`sourcemap: true` in `wxt.config.ts`).
+- No obfuscation; code is minified only.
+- No remote logic execution — all functionality is self-contained in the extension package.
+- No `eval()`, no `
- bproxy pairing
-
-
+
+
+
+
+ Run bproxy service start and paste the one-time code shown by the daemon.
+
+
+
+