Privacy Policy – ERP Auth for IIT KGP

Last updated: March 12, 2026 Effective date: March 12, 2026 Extension: ERP Auth for IIT KGP

📋 Overview

ERP Auth ("the Extension") is a Chrome browser extension that automates the login process for the IIT Kharagpur ERP system at erp.iitkgp.ac.in. It does this by filling in your credentials, fetching a one-time password (OTP) from your Gmail inbox, and submitting the login form.

      We do not operate any servers. All data stays on your device or travels directly between your
      browser and Google's APIs. We never see, collect, store, or transmit your personal information.
    

🗃️ Data We Handle

The Extension handles two categories of data:

Data	Where it's stored	Who can see it
ERP Roll Number, Password, Security Answer	`chrome.storage.sync` (local device / Chrome account sync)	Only you, on your signed-in Chrome profiles
Gmail OTP email content	Read temporarily in memory; never written to disk	Only you, for the duration of the login attempt

Your ERP credentials are stored using Chrome's built-in sync storage. If you are signed into Chrome, they may sync across your devices via your Google account — this is controlled entirely by your Chrome sync settings, not by this Extension.

📧 Gmail Access

The Extension requests read-only access to your Gmail account (gmail.readonly scope) solely to detect and retrieve the OTP email sent by the IIT KGP ERP system.

Access is granted by you via Google's OAuth2 consent screen
Only emails matching the search query from:erp newer_than:5m are fetched
Email content is read in memory and discarded immediately after the OTP is extracted
No email content is stored, logged, or sent anywhere
The Extension does not read, index, or process any other emails in your inbox
You can revoke Gmail access at any time from myaccount.google.com/permissions

      Gmail data is used exclusively to extract the OTP for the current login attempt. It is never
      used for analytics, advertising, or any purpose unrelated to ERP authentication.
    

🔑 Permissions Explained

The Extension requests the following Chrome permissions:

Permission	Why it's needed
`identity`	Authenticate with Google OAuth2 to access the Gmail API for OTP retrieval
`storage`	Save your ERP credentials locally so you don't have to re-enter them each time
`scripting`	Inject automation scripts into the ERP login page to fill forms and click buttons
Host permission: `erp.iitkgp.ac.in`	Limit content script execution exclusively to the ERP login page

No other permissions are requested. The Extension does not access any other websites or services.

🚫 Data Sharing

We do not share your data with anyone, ever. Specifically:

No data is sent to any third-party server or analytics platform
No data is sold, rented, or traded
No advertising networks are used
No crash-reporting or telemetry services are integrated
The Extension makes no outbound network requests except to Google's Gmail API

🗑️ Data Retention & Deletion

Your ERP credentials persist in chrome.storage.sync until you clear them from the Extension's popup or uninstall the Extension. Uninstalling the Extension removes all locally stored data automatically.

To manually delete your stored credentials, open the Extension popup, clear the fields, and save. To revoke Gmail access, visit myaccount.google.com/permissions and remove "ERP Auth".

🛡️ Security

Credentials are stored using Chrome's built-in chrome.storage.sync API, which is protected by your Chrome profile's security. The Extension operates entirely within the browser sandbox and does not write files to your filesystem.

We recommend using a strong, unique password for your ERP account and enabling two-factor authentication where available.

This Extension is designed for personal use. Do not install it on a shared or public computer, as stored credentials may be accessible to other users of that Chrome profile.

👤 Eligibility

This Extension is intended for use by enrolled students, faculty, and staff of IIT Kharagpur who hold valid ERP credentials. It is not directed at or designed for use by children under 13.

📝 Changes to This Policy

If we make material changes to this Privacy Policy, we will update the "Last updated" date at the top of this page. Continued use of the Extension after changes are posted constitutes acceptance of the updated policy.

✉️ Contact

If you have any questions or concerns about this Privacy Policy or the Extension's data practices, please reach out:

Email: mram41614@gmail.com