TL;DR

On July 1, 2026, Google announced updated Chrome Web Store Developer Program Policies. Enforcement begins August 1, 2026. There are four changes, and two of them are the ones you should care about as somebody who installs extensions rather than writes them: collected data must be strictly necessary to the extension's disclosed single purpose, and all data collection must be prominently disclosed — with proactive notice if the practices change after you've already installed it.

Translated: an extension can no longer quietly collect things that have nothing to do with the job you installed it for, and it can no longer change the deal on you in silence. A PDF converter that wants your browsing history now has a policy problem, not just a taste problem.

This post explains what the four changes actually say, teaches you to read the Privacy practices tab on any Chrome Web Store listing in about ninety seconds, and then does the thing that would be cowardly to skip: declares exactly what Convert: Web to PDF collects. Spoiler — one anonymous ping after a conversion, carrying a random install token. No URL. No page content. No IP.


What actually changed on July 1, 2026

Google's announcement covers four policy updates. Here they are, plainly.

1. Data must be strictly necessary to the disclosed single purpose

This is the big one. Every extension on the Chrome Web Store is supposed to have a single purpose — a narrow, stated job. The new policy says the data an extension collects has to be strictly necessary to that job. Not "useful for." Not "helps us improve the product." Strictly necessary.

2. All collection must be prominently disclosed — including ongoing notice

Even data that is strictly necessary to the single purpose has to be prominently disclosed. And there's a second half people are under-reading: if an extension's data practices change after you install it, the developer owes you proactive notice. The silent post-install pivot — ship a clean tool, build an install base, then start collecting — is now explicitly against the rules.

3. Prediction-market extensions are banned

Extensions that facilitate prediction markets or wagering real money on outcomes are prohibited. Narrow category, clean line.

4. Extensions that circumvent AI safety guardrails are prohibited

Extensions designed to circumvent AI services' safety guardrails or usage restrictions are out. Also narrow, also a clean line.

Changes 3 and 4 are housekeeping for specific abuse categories. Changes 1 and 2 are structural, and they reshape what a legitimate extension is allowed to be. The rest of this post is about those two.


Why "single purpose" is the load-bearing phrase

"Strictly necessary" sounds like the operative words. They aren't. "Single purpose" is.

"Strictly necessary" is meaningless without a fixed reference point. Necessary for what? If an extension gets to define its own purpose broadly enough, everything becomes necessary. Watch how easy this is:

  • Purpose: "Convert webpages to PDF." → Browsing history is not necessary. Obviously.
  • Purpose: "Help you manage, organize, and share your web content across your workflow." → Now browsing history is arguably necessary. You need history to organize content, right?

Same extension. Same code. Different sentence in the listing. The second one launders a data grab through a vague mission statement.

The single-purpose requirement is what stops that. It forces the purpose to be one thing, stated up front, narrow enough to be checked against. Once the purpose is pinned to a single point, "strictly necessary" has something to be measured from and the test suddenly has teeth.

That's also the first rule of our manifesto: software should be small. We ship four extensions instead of one suite, each doing one thing — not to pass an audit, but because bloated software is bad software. It does mean August 1 reads to us less like a compliance burden and more like Google writing our design constraint into the rulebook.

What "strictly necessary to a single purpose" rules out

Concretely, if an extension's declared single purpose is "convert this webpage to a PDF," here is what is not strictly necessary to that:

  • Your browsing history. Converting the page in front of you requires the page in front of you. Nothing else.
  • The URLs of pages you didn't convert. Not involved.
  • A persistent identity for you. Converting a page doesn't require knowing who you are.
  • The content of the pages you convert. This one surprises people. Converting a page locally means the content never has to reach anybody's server, so a converter that transmits page content is making a choice, not meeting a requirement.
  • Your email address. No account is needed to run Chrome's own print engine.
  • Analytics on every page you visit. The extension only needs to act when you click it.

An extension in that category that wants those things isn't necessarily malicious. But it has to now stand up in front of the single-purpose test and explain itself, and "it helps us understand our users" is not going to survive the word strictly.


How to read an extension's data disclosure in 90 seconds

This is the practical skill, and it's the reason the policy matters to you even though it's addressed to developers. The disclosure only protects you if you read it.

Step 1: Find the Privacy practices tab

On any Chrome Web Store listing, there's a row of tabs near the top: Overview, Privacy practices, Reviews, Support, Related. Click Privacy practices. Almost nobody does. It takes ten seconds.

You'll see two blocks:

  1. The developer's single-purpose declaration — one sentence describing what the extension does.
  2. The data-collection disclosures — a list of categories the developer has declared, plus certifications about how that data is used.

Step 2: Read the single-purpose sentence first, before the data list

Read the purpose sentence before you look at what's collected, and read it as a promise you're going to hold the data list against. Ask: is this sentence narrow enough to be falsifiable?

  • "Converts the current webpage to a PDF file." → Narrow. Checkable.
  • "Enhances your browsing and productivity experience." → That is not a purpose, that's a mood. Nothing can be measured against it.

If the purpose sentence is vague, you've learned something important before reading a single data category. A vague purpose is how a broad data appetite gets made to look necessary.

Step 3: Now read the data categories, and subtract

Chrome's declared categories include things like personally identifiable information, health information, financial and payment information, authentication information, personal communications, location, web history, user activity, and website content.

Go down the list and, for each one that's checked, ask the question out loud: what does this have to do with the sentence I just read?

For a webpage-to-PDF tool, the honest answer for nearly every category is "nothing." So if you see web history checked on a converter, or location, or authentication information, that's not automatically a crime — but it is a gap between the stated purpose and the declared appetite, and after August 1, that gap is what enforcement is aimed at.

Step 4: Check the three certifications

Below the categories, developers certify that they:

  • are not selling or transferring your data to third parties outside of approved use cases,
  • are not using or transferring your data for purposes unrelated to the single purpose,
  • are not using or transferring your data to determine creditworthiness or for lending.

These are declarations, not proofs. But they're on the record, and a false one is a policy violation with a listing attached — a better position than a claim buried in a privacy policy nobody reads.

Step 5: Cross-check the permissions against the purpose

Last step, and it's the one that catches the most. Go back to Overview and look at what permissions the extension requests on install. A converter that needs to read the tab you're on when you click it is a different animal from one that wants <all_urls> access on every page, all the time, whether you clicked or not.

Permissions are what the extension can do. Disclosures are what it says it does. When those two disagree, believe the permissions.


Red flags by category, not by name

Here it would be easy to be cheap. We're not going to accuse named extensions of violating a policy that isn't even being enforced yet — we don't have their code, we haven't audited their traffic, and a shop whose whole pitch is honesty doesn't get to make accusations it can't back. So: categories and red flags. Apply them yourself, to anything, including us.

Page savers and PDF converters

The category we're in. Names you'll run into: PrintFriendly, GoFullPage, PDFCrowd, Smallpdf, Adobe Acrobat's extension, and ours. They're not all the same architecture and that's the point — the architecture is what to look at.

The single question that separates the whole category: does the page content leave your machine to become a PDF?

If conversion happens on a server, the page you're converting gets uploaded by construction. That's not sneaky, it's how server-side conversion works — and for a public blog post it may not matter at all. But it matters enormously for a bank statement, an internal wiki page, a Gmail thread, or a patient portal. We've written up that tradeoff in why a PDF converter should not upload your files and the broader extension vs online tool comparison.

Red flags in this category:

  • Web history declared on a tool that only acts when you click it.
  • An account required to convert a page. What is the account for?
  • A watermark on free output. That tells you the business model is upsell, which tells you where the pressure to collect comes from.
  • File size limits or daily caps. Same signal — there's a server, and it costs money to run.

Coupon tools and screenshot tools

Two categories, one lesson each. Coupon, cashback and price-comparison tools structurally have to watch what you're shopping for, so broad collection genuinely is closer to necessary — which means their purpose sentence and data list should be unusually explicit, and you should expect that. Screenshot and recording tools hide a big gap inside one label: "captures the visible tab when you click" and "has persistent access to every page" are both sold as "screenshot tool."

AI assistants and side panels

This is the hard one, and it's coming up fast. An AI assistant genuinely needs page context to be useful — that's the product. The honest read is that the single-purpose test is simply a much harder bar for broad-by-design software than for narrow-by-design software, and that's not the AI panels being shady. It's a real tension in the policy. We wrote about the local-vs-AI-browser dependency question after ClaudeBleed.

Anything free with no visible business model

Not a red flag by itself — we're free with no business model and we'd like to keep our reputation, thanks. But it's worth asking, and the answer should be somewhere you can find it. If you can't find it, that's the answer.


What we collect, stated plainly

Here's our disclosure in the same language we'd want from anyone else.

Convert: Web to PDF converts the page you're on into a PDF using Chrome's DevTools Protocol — Chrome's own print engine, running in your browser, on your machine. During conversion there are zero network requests. The page content, the URL, and the resulting PDF never touch a server, because there is no server in the path.

The one thing we do send: after a conversion completes, the extension sends a single anonymous ping. It carries a random install token — a number generated on install that isn't tied to you, your account, or your identity, because we don't have any of those. The ping does not include the URL you converted. It does not include page content. It does not include your IP.

Why does it exist? So we know roughly how many conversions happen and whether a release broke something. That's it. Is it strictly necessary to converting a webpage to a PDF? No — and we're not going to pretend otherwise. A conversion would work fine without it. It's disclosed because it exists, and this paragraph is the disclosure.

That's the point of writing this ourselves rather than waiting to be asked. Privacy is the default, not the upsell — which means the moment you start explaining away the one item on your own list, you've become the thing you criticized.

Prefer verifying to trusting? Open DevTools, watch the Network tab, convert a page. During conversion you'll see nothing. That's the claim, checkable in thirty seconds. More on the local architecture in privacy-first file conversion.


What the policy does not do

Some honest limits, because overselling this would be its own kind of dishonesty.

It doesn't audit anybody. Disclosures are declarations. Google reviews listings, but the policy is not a code audit of every extension on the store.

It doesn't stop the ownership problem. An extension can be clean for three years and then get sold, and the new code ships under the old install base and the old five-star reviews. The proactive-notice requirement bites here — a post-install change in data practices now owes you a heads-up — but a rule is a rule, not a force field. This is why we wrote our fifth manifesto line the way we did: we will not be acquired into adware. If we shut down, we publish the source and walk. That's a promise, and you should weigh promises accordingly, including ours. Background on how bad this pattern has gotten: the 108 malicious extensions story.

It isn't retroactive on your machine. Enforcement starts August 1, 2026 and applies to listings. What's already installed on your computer is still installed.


The other August date on the calendar

While you're auditing anyway: August 31, 2026 is when all remaining Manifest V2 extensions get removed from the Chrome Web Store. Already-installed copies on Chrome 138 or earlier keep running, but can't update and can't be reinstalled — one new laptop and it's gone. Chrome 138 was the last MV2-supporting version, and Chrome 139 removed the ExtensionManifestV2Availability enterprise policy that let admins hold the line. Current stable is Chrome 150 as of July 14, 2026. Full timeline: Manifest V3 final cleanup.

Two August deadlines, one useful afternoon: read the Privacy practices tab on everything you've installed, and check whether any of it is MV2 and quietly on death row.


Frequently asked questions

Does the August 1, 2026 policy mean unsafe extensions will disappear?

No, and be suspicious of anyone selling it that way. It raises the bar for what developers must declare and narrows what they're allowed to collect. It's a disclosure and scoping regime, not an audit. It makes the gap between what a tool claims and what it collects visible and rule-breaking — which is real progress, and is not the same as prevention.

What does "single purpose" mean in practice?

Google requires each extension to have one narrow, stated job, and the new policy ties the data it may collect to that job. The practical test is whether the purpose sentence on the listing is specific enough that you could catch a violation of it. "Converts the current webpage to a PDF" is checkable. "Improves your browsing experience" isn't.

Does Convert: Web to PDF collect my browsing history?

No. It has no interest in pages you didn't convert, and no way to be useful with them. Conversion runs locally through Chrome's DevTools Protocol with zero network requests. The only transmission is a single anonymous post-conversion ping carrying a random install token — no URL, no content, no IP.

Why send any ping at all if the whole pitch is privacy?

Fair challenge. It tells us conversion volume and whether a release broke. It is not strictly necessary to the conversion, we're not claiming it is, and this is the disclosure. You can verify the rest by watching the Network tab in DevTools while you convert — during conversion, you'll see nothing.

Will this policy affect extensions I already have installed?

Enforcement targets store listings from August 1, 2026 onward. Extensions already on your machine stay on your machine. That's exactly why the audit is worth doing manually — the policy won't reach back and clean up your existing install list for you.

Does any of this apply to Firefox or Safari?

No — this is Chrome Web Store policy. It covers Chrome and, in practice, the Chromium browsers that pull from the same store: Edge, Brave, Arc, Opera, Vivaldi. Our extensions run on those and not on Firefox or Safari.

Where do I find more answers about the converter itself?

The 117-question FAQ covers the product end — Article Mode, paper sizes, login-protected pages, what happens on infinite scroll, and the rest.


Bottom line

The August 1, 2026 Chrome Web Store policy update is the closest thing to good news the extension ecosystem has had in a while. Strictly necessary to a single purpose and prominently disclosed, with notice if it changes are the two rules that matter, and together they attack exactly the pattern that has burned users for years: a tool that does one small thing while collecting for a much larger one.

Ninety seconds of your time makes it work: open Privacy practices, read the purpose sentence, read the data list, and ask what one has to do with the other.

Then apply it to us. Convert: Web to PDF converts webpages to PDFs locally through Chrome's own print engine — real PDFs with selectable text, clickable links and embedded fonts, no watermark, no account, no file limits, zero network requests during conversion. It works on login-protected pages using the session you already have. The one anonymous post-conversion ping carries a random install token and nothing else, and we'd rather tell you that in our own words than have you find it in a disclosure tab.

Small software, narrow purpose, nothing to declare that we didn't just declare.