Is LanceRank Sync safe to install? Yes — and here's exactly why.

The extension is granted access to the currently active tab (via activeTab) plus a strict allow-list of freelance-platform host patterns. When you visit one of those URLs, a small content script runs on that page only.

• https://www.upwork.com/freelancers/*Upwork freelancer profile pages
• https://www.fiverr.com/*Fiverr profile pages
• https://www.toptal.com/*/resume/*Toptal résumé pages
• https://www.freelancer.com/u/*Freelancer.com user pages
• https://www.peopleperhour.com/freelancer/*PeoplePerHour freelancer pages
• https://www.guru.com/freelancers/*Guru freelancer pages
• https://contra.com/*Contra profile pages
• https://99designs.com/profiles/*99designs profile pages
• https://lancerank.com/extension/connectOne LanceRank page — only to receive the auth token you grant

Even on those pages, the extension only extracts data after a same-origin ownership check (e.g. Upwork's own "edit profile" controls present, a session cookie indicating you're the profile owner, etc.). Browsing other freelancers' profiles produces zero data, zero requests, zero anything.

• Other browser tabs you have open
• Your saved passwords or autofill data
• Your platform login session cookies (we read the page, not the cookie jar)
• Messages, inboxes, job feeds, financial transactions on the platform
• Other freelancers' profiles you happen to view
• Your bank, Gmail, social media, or anything outside the platform allow-list above
• Your browsing history or bookmarks
• Your camera, mic, location, downloads, or filesystem

That's it. No analytics services, no error trackers, no third-party CDNs, no advertising pixels. One endpoint, on the same domain you're already using, authenticated with a token tied to your own account.

The token is created when you click Authorize on lancerank.com/extension/connect. Stored in chrome.storage.local on your device. Revocable instantly from your dashboard — when you revoke, the next sync attempt fails immediately.

The payload contains only the public stats from your own profile page (name, rating, review count, jobs completed, badges, member-since date, etc.). Reviewable byte-for-byte in DevTools → Network — see the "Inspect it yourself" section below.

1. 1

   See exactly what landed on your profile

   Sign in and open your sync history. You'll see every sync the extension has ever sent: the timestamp, the platform, the URL it ran on, and the exact fields it imported into your LanceRank profile. Nothing is hidden — what isn't in the list never reached us.

2. 2

   Watch the network tab

   Open Chrome DevTools (Cmd/Ctrl+Shift+I) → Network tab. Visit your Upwork/Fiverr profile while logged in. Filter by lancerank.com. You'll see exactly one POST request to /api/extension/sync with the JSON payload. That's the entire transmission.

3. 3

   Check the manifest

   Visit chrome://extensions, find LanceRank Sync, click "Details", scroll to "Site access". You'll see the exact list of URLs from section 1 above. Chrome enforces these — even our own code can't reach beyond them.

4. 4

   Try uninstalling

   Sections 7 below. The extension stops syncing instantly. Your existing LanceRank profile is unaffected. Reinstall any time and pick up where you left off.

Notably absent: tabs, cookies, history,bookmarks, downloads, webRequest,identity, nativeMessaging — none of these are requested.

• No new requests to platforms. The content scripts read the DOM your browser already rendered. They never fetch() or XMLHttpRequest back to the platform. No automation footprint. From Upwork's logs we look like any other person who loaded their own profile page.

• Ownership checks before any extraction. On every supported platform, the script first verifies that the page isyour ownprofile — using signals only the page owner sees (e.g. an "Edit profile" button, a `me` route response, or a session indicator). Browsing competitors' profiles silently does nothing.

• No password handling, ever. The extension never has a text field for, asks for, or sees your platform password. Authentication piggy-backs on your existing logged-in browser session — the same session you'd use without the extension.

• One-tap revocation. One click in your LanceRank dashboard kills the token. The extension installed in any browser, on any device, immediately stops being able to sync. The Chrome extension itself can keep running — it just won't be able to authenticate.

• Per-user, per-sync transparency. Every sync the extension performs is logged against your account and visible to you in your sync history. If something ever shows up there that you didn't expect, you'll see it immediately — and the Chrome Web Store independently reviews each published version of the extension before it can update on your machine.

1. Right-click the LanceRank Sync icon in your Chrome toolbar.
2. Choose "Remove from Chrome…".
3. Confirm. Done.

Your existing LanceRank profile and all already-synced stats stay where they are. To also revoke the device's access on the server side (recommended), visit /dashboard/extension and click Revoke next to the device.