Attributions for third-party data, and the Content Filter Addendum.
Our optional Content Filter uses website category lists from the Université Toulouse Capitole (UT1) blacklists, maintained by Fabrice Prigent, supplemented by a small curated list we maintain.
The UT1 lists are provided under the Creative Commons Attribution-ShareAlike (CC BY-SA) license. We ingest them server-side to power blocking; we do not redistribute the raw lists. We gratefully acknowledge this work.
Version 2026-06-17 · effective June 17, 2026
This addendum applies only to organizations that explicitly enable the optional Content Filter. It supplements our Privacy Policy. Content Filtering is off by default; nothing below applies unless your organization turns it on. The version above is recorded when an administrator accepts this addendum.
When enabled, the ThouShaltNotClick browser extension blocks websites in the categories your administrator selects, for the audiences they choose (students and/or staff), with per-site allow/deny overrides. Blocking is performed locally in the browser.
To give administrators visibility, the extension records policy events only: when a blocked site is accessed, and when a staff member chooses to bypass a warning. Each record contains the site domain, the category, and a timestamp. By default this is shown to administrators as aggregate counts; per-event detail is available only if the organization explicitly turns it on.
We do not record general browsing history. Sites that are not blocked are never logged. The block decision itself happens on the device; your browsing is not sent to us to be filtered.
For school deployments, the school is the data controller and acts under FERPA; TSNC acts as a school official with a legitimate educational interest / service provider. The school is responsible for any parental notice or consent required by FERPA, COPPA, or local law before deploying the filter to student devices, and for configuring its device-management policy (e.g., Google Admin) appropriately. See the Content Filter deployment guide for the device-side setup (force-install, incognito lockdown, enforced sign-in).
Policy-event data is stored with the rest of your organization’s data, is accessible only to your authorized administrators, is never sold or shared with third parties, and is subject to the retention and deletion terms in our Privacy Policy. Detailed per-event records are retained for a limited window and then pruned.
To block sites, the extension needs broad host access so it can evaluate navigations and show the “blocked” page. This access is used solely to enforce the filter on the device; it is not used to collect browsing data. See Privacy Policy → Browser Extension.
Questions? Email privacy@thoushaltnotclick.com.