The WhaleVault extension does not collect, use, store, share or disclose any of the data in its vault with either the author or any other third party.
If WhaleVault is requested to submit a signature directly to a particular blockchain, a signed transaction will be submitted to the appropriate endpoint.
In addition, signature logs are maintained locally in the browser only.
The extension injects the WhaleVault API into each website's javascript context, so that any website that you authorize can safely and securely request a signature or encrypt/decrypt a memo without ever having direct access to any of your private keys.
Because it adds functionality to the normal browser context, WhaleVault requires permission to read and write any web page that wishes to access the extension.
You can always "view source" of WhaleVault the way you would any Chrome extension or Firefox Add-on, or from the official GitHub repo: https://github.com/alexpmorris/whalevault