Aviso de privacidad para CoreAsia Download Manager
CoreAsia Download Manager por CoreAsia
Aviso de privacidad para CoreAsia Download Manager
Privacy Policy — CoreAsia Download Manager (Browser Extension)
Last updated: 18 June 2026
This policy explains exactly what the CoreAsia Download Manager browser extension ("the extension", "we") accesses, why it accesses it, and what does and does not leave your browser. It applies to the extension only — the browser add-on you install from the Chrome Web Store or Firefox Add-ons (AMO). It is written to be read by a human, not a lawyer.
In one sentence: the extension's job is to hand a download link to the CoreAsia Download Manager desktop app running on your own computer, and it sends data to nothing else.
- Who we are
The extension is published by PT Inti Asia Teknologi (brand: CoreAsia), an Indonesian company.
Website: https://coreasia.id/products/downloader
Contact for privacy questions: hello@coreasia.id
CoreAsia Download Manager is a general-purpose download manager and accelerator for the desktop (similar in spirit to tools like Internet Download Manager or JDownloader). It helps you manage your own files, file-host transfers, Creative-Commons and public-domain media, personal archives, and other publicly accessible web content. The download engine is open source (yt-dlp + aria2) and runs entirely on your machine.
This browser extension is a companion to that desktop app. By itself it does not download anything and does not store your files. It detects downloadable links and media on the page you are viewing and forwards your chosen link to the desktop app, which does the actual work.
- The core fact: where your data goes
The extension communicates with one destination only: the CoreAsia desktop app running locally on your own computer at
http://127.0.0.1:15151
127.0.0.1 (also called "loopback" or "localhost") is your own machine. Traffic to this address never leaves your computer and never travels over the internet. The desktop app additionally refuses requests that look like they come from a normal web page and rejects connections that are not addressed to loopback, as a safeguard.
The extension does not send your browsing data, the pages you visit, the links you download, your cookies, or anything else to CoreAsia's servers or to any third party. There is no remote server involved in the extension's operation, and there is no account, login, or sign-up inside the extension.
The only network requests the extension makes are to that local address:
GET http://127.0.0.1:15151/ping — to check whether your desktop app is running.
POST http://127.0.0.1:15151/add — to send a download you asked for (the link, the page address it came from, the page title, your quality/audio/subtitle choices, and, where needed, session details described below).
GET http://127.0.0.1:15151/show — to bring the desktop app window to the front when you click "View in app".
That is the complete list.
- What each permission is for
Browsers require extensions to declare permissions up front. Here is every permission the extension requests and the concrete reason it needs it. Nothing here is used for tracking or analytics.
Permission
Why the extension needs it
downloads
When you turn on "send downloads to CoreAsia" (the Capture setting), the extension acts like a classic download manager: it watches downloads you start in the browser and can take them over. If the file type matches (e.g. video, audio, archive, ISO, PDF), it hands that download to the desktop app instead, and cancels and removes the duplicate browser download so you don't get the file twice. If you have this off, browser downloads are untouched.
contextMenus
To add the right-click menu items "Download with CoreAsia", "Download this page with CoreAsia", and "Download this media with CoreAsia" so you can send a specific link, page, or media element on demand.
storage
To save your own small settings on your device: whether the floating button always shows, ask-vs-auto capture mode, the list of sites where you hid the button, and a short-lived, in-session note of media streams detected on a tab (kept only while your browser is open). These never leave your device.
cookies
Some file hosts only serve a file if you are logged in. When you choose to download such a link, the extension reads the cookies your browser already holds for that site and attaches them to the request it sends to your local app, so the download succeeds. See section 5.
alarms
To run a lightweight periodic check (about every 5 minutes) of whether the desktop app is running, instead of polling constantly. This saves battery and CPU. No data is sent anywhere by this check beyond the local ping described above.
tabs
To know the URL and title of the tab you are acting on, so the right link gets sent when you use the toolbar button, keyboard shortcut, or "send this tab". Needed because the companion must work on whatever page you are on.
webRequest
To detect media stream URLs (HLS .m3u8, DASH .mpd, and direct .mp4/.webm etc.) that the page actually loads while you play a video, so it can offer them for download. This is observe-only: the extension does not block, redirect, or modify any web request.
Host access — <all_urls>
The companion button, page scan, right-click menu, and media detection must be able to work on any website you choose to download from. The extension does not single out specific sites and does not phone any of this home.
When the desktop app is running and Capture is enabled, the extension can take over downloads you start on a page — including the site's own download buttons and links — and hand them to the desktop app instead of letting the browser download them. This behavior is controlled entirely by the Capture setting; turn it off and pages download normally through the browser.
The extension does not request the clipboardRead permission. It does not read your clipboard.
- What data the extension handles, and where it stays
Sent to your local desktop app (127.0.0.1:15151) only when you trigger a download:
The link you chose to download (or the address of the page you are on).
The page address it came from (the "referer") and the page title — used by the engine to name the file and to fetch correctly.
Your download options: audio-only, video quality, include-subtitles, playlist mode.
Your browser's User-Agent string — some hosts check it before serving a file.
Where applicable, session cookies for the target site (see section 5).
Stored locally on your device (and nowhere else):
Your settings in the extension's own storage (chrome.storage.local): auto-capture on/off (autoCapture), capture mode ask-vs-auto (captureMode), always-show-button (alwaysShowButton), the list of sites where you hid the button (fabDisabledHosts), and a one-time disclosure-seen flag.
A temporary, in-session note of media streams detected on each tab, used to offer them for download. This lives only while your browser session is open and is cleared when the tab navigates away or closes.
The saved on-screen position of the floating button. This is stored in the page's own localStorage (key coreasiaFabPos), which is separate from the extension's chrome.storage.local above.
Never collected, never sent anywhere:
Your browsing history.
The content of pages you visit.
Any personal profile, identifier, or account.
- How cookies are handled
The cookies permission exists for one purpose: to let logged-in downloads work. When you ask the extension to download a file from a site where you are signed in (for example, a file host that requires a login session), the extension reads the cookies your browser already has for that site and attaches them — as request data — to the download job it sends to your local desktop app. The desktop app then uses them so its download engine can fetch the file you are entitled to.
These cookies:
are read only for the specific URL you are downloading, at the moment you trigger the download;
are sent only to your local app on 127.0.0.1, never to CoreAsia or any third party;
are not stored by the extension and not logged anywhere by it.
If you never download from a login-gated site, this path is never used.
- What we do NOT do
No analytics or tracking. The extension contains no analytics SDK, no tracking pixels, no usage telemetry, and no advertising or fingerprinting code.
No data selling or sharing. We do not sell, rent, or share your data, because the extension does not collect or transmit your data to us in the first place.
No remote code. The extension runs only the code shipped in the package you install. It does not download, inject, or execute code from a remote server.
No server-side storage. There is no CoreAsia server in the loop. Nothing about your use of the extension is stored on our servers, because none of it is sent there.
Note: the desktop app may offer its own optional, opt-in usage statistics. That is a separate product with its own settings, and it is off unless you turn it on. The browser extension described by this policy does no such thing.
- Data retention
Because the extension does not transmit your data to us, there is no server-side data to retain. Settings and the temporary media list described in section 4 live on your own device and are under your control. You can clear them at any time by removing the extension or clearing the extension's storage, and the in-session media list is discarded automatically when you close your browser.
- Children
CoreAsia Download Manager is a general-purpose tool intended for adults managing their own files. It is not directed at children, and the extension does not knowingly collect any information from children.
- Permissions and compliance with store policies
We follow the limited-use and user-data rules of the Chrome Web Store and Mozilla Add-ons (AMO). Specifically: the data the extension accesses is used only to provide the single user-facing feature described here — sending a download you chose to your own local app — and for no other purpose. We request the narrowest set of permissions needed for that feature.
- Changes to this policy
If we change how the extension handles data, we will update this page and change the "Last updated" date above. If the change is significant, we will make a reasonable effort to highlight it (for example, in the extension's update notes). The current version is always available at https://coreasia.id/downloader/privacy.
- Contact
Questions or requests about privacy?
PT Inti Asia Teknologi (CoreAsia)
Email: hello@coreasia.id
Web: https://coreasia.id/products/downloader