How we
review

Every review follows the same process, and every conclusion is labeled with how we reached it. We never overstate conclusions: if we didn’t verify something, the review says so.

The process

  1. 01Permission inspection

    We read the plugin manifest and platform listing to record exactly which permissions the plugin requests — file access, network access, selection access, export access.

  2. 02Privacy policy analysis

    We read the developer’s privacy policy and terms of service, noting what data collection they declare, retention periods, and third-party sharing.

  3. 03Documentation review

    Official docs, changelogs and support pages often describe external services, sync features and account requirements that listings omit.

  4. 04Traffic inspection (when applicable)

    Where possible we run the plugin and observe its network requests: which hosts it contacts, what payloads leave the file, and when.

  5. 05External API verification

    We identify the APIs a plugin calls and check whether they belong to the developer, a cloud provider, an analytics platform, or an AI service.

  6. 06Authentication verification

    If the plugin uses accounts, OAuth or license keys, we record what the authentication unlocks and what identity data it ties usage to.

  7. 07Cloud service inspection

    For plugins that sync or export, we document where assets are stored and what the vendor states about encryption and retention.

  8. 08Manual testing

    We use the plugin the way a designer would, watching for behavior that documentation doesn’t mention.

How we label what we know

The same words appear on every plugin page. They mean exactly this, every time:

  • Verified

    We independently confirmed this — for example by inspecting network traffic or source code ourselves.

  • Observed

    We saw this behavior during manual testing, but have not exhaustively confirmed it holds in all cases.

  • Inferred

    Stated in documentation or a privacy policy, or reasonably concluded from how the feature must work — but not directly confirmed by us.

  • Unknown

    We don’t know. An Unknown is never a judgment — it marks exactly where our review stopped.

Confidence score

Each review carries an overall confidence level — Low, Medium or High — reflecting how much of the process above we were able to complete. A review based only on reading a privacy policy is Low confidence, even if nothing concerning was found. Confidence rises only with traffic inspection, source review, or repeated testing.

Limitations

Reviews are snapshots: a plugin can change behavior in any update. Closed-source plugins can’t be fully audited. Server-side behavior — what a vendor does with data after it leaves your machine — can never be directly observed, only inferred from policies. That is why every review lists its known limitations and its review date, and why “Unknown” appears so often. Transparency about what we don’t know is the point.