Is Highlighty Safe? Exactly What It Can See, and What It Never Sends

Written on:

Is Highlighty Safe? Exactly What It Can See, and What It Never Sends cover image

When you click "Add to Chrome," the browser warns you that Highlighty can "Read and change all your data on the websites you visit." On any extension, that line gives people pause — and it should. You're about to give a piece of software a standing pass to every page you open, including your bank, your email, and whatever confidential document you're reading at work.

This post explains, without hand-waving, what that permission actually lets Highlighty do, why a highlighter needs it, what stays on your device, and the small amount that ever touches our servers. If you read long or sensitive documents for a living, you deserve a straight answer before you install anything.

TL;DR

  • A tool that finds and colors text on any page has to be able to read the text on that page. That's what the permission is for — nothing more exotic.
  • Your queries, your saved keyword lists, your search history, and your per-site settings live in your browser's own storage, on your device.
  • Highlighty runs no analytics and no user tracking of any kind. There's no telemetry tied to what you search or what pages you visit.
  • We never inject remote code. The extension ships with all of its code reviewed in the store; it doesn't download new behavior after you install it.
  • Scanned PDFs are read by on-device OCR. The page images never leave your computer.
  • The only thing we keep on our servers is what's needed to run a PRO account: your login details and your subscription status. Never the contents of what you search.
  • It's free and ad-free, so there's no advertising business quietly making money from your attention or your data.

Why a highlighter needs to "read and change all your data"

Chrome describes every extension that can run on web pages with the same blunt sentence, whether it's a password manager or a coupon finder. The wording is the browser's, not ours, and it covers a broad category of capability. Here's what it means for Highlighty specifically.

"Read" is the core of the product. To find the word you typed and tell you how many times it appears, Highlighty has to look at the text on the page. There's no way to search a page without reading it — that's true of the browser's own Ctrl+F too; the difference is that an extension has to ask for permission out loud.

"Change" sounds scarier than it is. The only change Highlighty makes is visual: it paints colored highlights over the words that match your queries, and draws its own search bar and X-Ray panel on top of the page. It does this through the browser's native highlighting interface wherever possible, so it never alters the actual content of the page, the value of a form field, or anything that gets saved or submitted. Close Highlighty and the page is exactly as it was.

"All the websites you visit" is necessary because we can't know in advance which pages you'll want to search. You might open a contract, a research paper, a job board, or a news article — the tool has to be ready on any of them. If you'd rather it not be, you don't have to leave it that way (more on that below).

What stays on your device

The short version: the things that reveal what you're working on never leave your browser. Concretely, all of the following are stored locally, in your browser's own storage:

  • Every query you type and every keyword list you save.
  • Your search history and the per-site memory of what you last searched.
  • Your colors, filters, whitelists, blacklists, and every other setting.
  • The text of the pages and PDFs you search — including scanned PDFs, which are read by on-device OCR that never uploads the page image anywhere.

None of that is sent to us, because none of it needs to be. The work happens in your browser, on your machine. That's also why Highlighty keeps working the same way whether you're online or offline.

What touches our servers — and what doesn't

Being honest means not claiming "nothing ever leaves your device," because that isn't quite true for PRO. Here's the real boundary.

The free version needs no account and talks to no server to do its job. If you only ever use the free features, there's no sign-in and nothing to send.

PRO features — like fuzzy typo-tolerant search, regex patterns, and cross-tab find — sign in with a Highlighty account. For that, our servers hold your login details and your subscription status, so we know the account is valid. That's the entire list. We do not receive your queries, your keyword lists, your search history, or the pages you visit. Searching across tabs, for instance, sends your query from one of your tabs to your other tabs through the browser's own internal messaging — it never routes through us.

No tracking, no ads, no remote code

Three commitments are worth stating plainly, because they're the ones that quietly get broken elsewhere.

No user tracking. There's no analytics SDK watching which sites you open or what you search. We don't build a profile of you, because we don't collect the raw material to build one.

No remotely injected code. Some extensions ship a small shell and then download their real behavior from a server after you install — which means the code reviewed in the store isn't necessarily the code running on your machine. Highlighty doesn't do that. What's reviewed and published is what runs.

No ads. Highlighty is free and ad-free. There's no advertising layer with an incentive to learn more about you than the product needs. The business is the optional PRO upgrade, not your data.

You stay in control

Trust shouldn't require taking our word for it. The browser and the extension both give you levers:

  • Scope it down. Use Highlighty's whitelist or blacklist to decide which sites it runs on. You can keep it off your bank and your email entirely.
  • Restrict it at the browser level. Chrome lets you set any extension to run "on click" or only on specific sites, from the extension's options in your browser's toolbar — so it does nothing until you ask.
  • Turn features off. Every feature is optional and can be switched off, including the Cmd+F takeover, which also has a browser-level shortcut to disable it if a page misbehaves.
  • Verify the claims. Our privacy policy spells out the same boundaries described here, and the extension's store listing declares its data practices.

How to vet any extension before you install it

This advice applies well beyond Highlighty. Before you trust any extension with your pages, it's reasonable to: read its data-handling disclosure in the store, check whether it states clearly that it doesn't sell or share your data, prefer extensions that don't inject remote code, look at how recently and actively it's maintained, and be wary of free tools whose business model you can't identify. An extension that can't tell you how it makes money is one whose incentives you can't see.

Highlighty is built to pass that test on purpose. The honest summary: it reads pages because finding text requires reading text, it keeps what you search on your device, and the only thing it ever stores about you is the bare minimum to run a paid account — if you choose to have one.

Frequently asked questions

Why does Highlighty need "read and change all your data on the websites you visit"?

Because finding and highlighting text on a page requires reading that page's text, and showing the highlights requires drawing on top of it. The "change" is purely visual — colored highlights and Highlighty's own search bar — and never alters the page's real content or anything you submit. Chrome uses that same broad warning for every extension that can run on web pages.

Does Highlighty track me or sell my data?

No. There's no user tracking and no analytics tied to your searches or the sites you visit, and we don't sell or share your data. Your queries, lists, and history stay in your browser's local storage on your device.

Does anything I search get sent to Highlighty's servers?

No. The contents of your searches never reach us. The free version needs no account at all. PRO features sign in with a Highlighty account, and the only things on our servers are your login details and subscription status — never your queries, lists, history, or the pages you read.

Are my scanned PDFs uploaded anywhere for OCR?

No. Highlighty reads scanned, image-only PDFs with on-device OCR. The page images are processed on your computer and never uploaded to any server or third-party service.

Can I stop Highlighty from running on certain sites?

Yes. Use Highlighty's whitelist or blacklist to control which sites it works on, or use Chrome's own per-extension site access settings to set it to run only on click or only on sites you choose. You can keep it off sensitive sites like your bank or email entirely.

Does Highlighty download or run code from the internet after I install it?

No. Highlighty does not use remotely injected code. The code that's reviewed and published in the store is the code that runs on your machine — it doesn't fetch new behavior after installation.

If it's free, how does Highlighty make money?

Through the optional PRO upgrade, not through ads or data. Highlighty is free and ad-free, with no advertising business and no incentive to collect more about you than the product needs to work.

Would you like to read more? Please check our other blog posts here.

Highlighty logo

© 2026 WEBMIND TECHNOLOGIES LTD.

All rights reserved.

Product

How To Use?

Pricing

Resources

Blog

FAQ

Multi-Highlighter Chrome Extension

Find Multiple Words on a Page in Chrome

Legal

Terms of Service

Privacy Policy

Cookies