Consent-Based Screen Alerts · Chrome & Edge Extension · v12.0.11
Blasts is a lightweight browser extension that delivers Screen Blasts — rich, visual alerts from senders you have explicitly opted in to receive (delivery notifications, appointment reminders, account updates, and other announcements).
Consent is the core of the product. You decide who may send you Blasts — nobody can reach you without your explicit opt-in. This extension does NOT perform any B2B prospecting, lead generation, data scraping, or contact enrichment. It delivers opt-in screen alerts — not a sales-intelligence tool.
We do not collect, store, or transmit your browsing data for advertising or lead generation. The extension does not scrape the websites you visit, does not inject scripts into LinkedIn or Gmail, and does not monitor your browsing for prospecting.
To display a Blast on whatever page you happen to be viewing, the extension shows a small on-screen alert surface. That surface only renders the Blasts sent to you — it does not read, collect, or transmit the content of the pages you visit. Optional CRM page helpers (Salesforce/HubSpot) only add a "log this Blast" action on your own CRM record pages when you choose; they do not read or export your CRM's contact data.
Forwarding Blasts into your own Gmail — a double layer of opt-in. Auto-forwarding is entirely under the recipient's control, through two separate, explicit opt-ins:
Only when you turn this on for a specific sender does the extension use the Gmail API — with your Google OAuth consent — to place those Blasts into your mailbox. It never reads your existing email, never sends email on your behalf to anyone else, and you can switch forwarding off for any sender at any time. Forwarding is off by default.
chrome.storage.local on your device (encrypted at rest; not synced to any cloud). Optional cloud sync (off by default): if you turn on "Sync sending accounts to secure cloud for mobile portal access" in the extension, the sending credentials for your bulk Email and Text Blasts — OAuth refresh tokens, provider/CPaaS API keys, and any bring-your-own OAuth client ID/secret — are transmitted over TLS and re-encrypted at rest on our servers using AES-256-GCM envelope encryption. They are decrypted only in memory during an active campaign send, are never exposed through any read interface, and are used solely to send your own campaigns from the online portal. You can erase the cloud copy at any time by turning the toggle off.chrome.storage.sync. Display preferences only — no sensitive data.The extension contacts the Blasts service for its core function. The following are optional and are only contacted when you enable a feature or connect an account with your own credentials:
None of these are advertising or analytics networks. We use no third-party trackers.
sidePanel — Display the Blasts inbox and composer in the browser side panel.storage, unlimitedStorage — Save your preferences, approved-sender list, cached Blasts, and any keys you provide (encrypted); unlimited supports long Blast history offline.alarms — Periodic inbox polling and scheduled delivery.notifications — Desktop alerts when Blasts arrive (if enabled).activeTab — Used only when you take an action on the current tab (e.g., capture a selection to send as a Blast).tabs — Open/focus the secure pairing ("connect") page and the side panel.scripting — Render the on-screen Blast alert surface and the optional CRM "log this Blast" helper.identity — Google/Microsoft sign-in (OAuth) so you can send from — and forward to — your own mailbox. Gmail features may request gmail.insert (inbox forwarding) and gmail.settings.basic (safe-list filter); see Section 9.contextMenus — Right-click "Send as Blast".nativeMessaging — Optional license check (reads a stable machine ID) only if you install our desktop helper. The extension works without it.offscreen — Runs a local analytics database of your own send history, entirely on your device.Network/API access is limited to the specific services listed in Section 7. The optional "all sites" permission is not requested at install — it is requested only at the moment you add a custom delivery webhook, on a per-site basis.
When you connect a Google account, and only for the optional features you explicitly enable, the extension may request these Gmail scopes:
https://www.googleapis.com/auth/gmail.insert — used solely to place the Screen Blasts from senders you approved into your own Gmail inbox (per-sender forwarding; off by default). It is never used to read, modify, send, or delete any of your other email.https://www.googleapis.com/auth/gmail.settings.basic — used solely to create, at your explicit request, a single Gmail filter that keeps a chosen sender's mail out of Spam (a "never send to Spam" / safe-list filter). It is not used to change any other Gmail setting.Blasts' use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
This extension's use of information received from Chrome APIs also adheres to the Chrome Web Store User Data Policy, including its Limited Use requirements.
This extension contains no analytics, no telemetry, no advertising, and no tracking pixels. We do not collect usage data. There are no calls to Google Analytics, Mixpanel, Segment, or any other analytics service from extension code.
For privacy questions, contact support@cockpit.bot
Website: blasts.app
Publisher: Tips Marketing Services, Corp
Last updated: July 6, 2026 · v12.0.11