When initiated by a user logged into Empower, data from their portfolio stored at Empower is collected. The data includes the names and Empower's internal numbers for the accounts, and the amount, value, and classification each for asset in each account. This data is uploaded to an HTTPS endpoint specified by the user, and is not stored by the extension.
The data is used only to POST to the HTTPS endpoint specified by the user as part of configuring the extension, and is not used for any other purpose.
The transaction data is collected from Empower over HTTPS/TLS, and transmitted to the user's endpoint over HTTPS/TLS. Protection of the data after it is received by their endpoint is entirely under their control.
The URL provided by the user as the target of POST requests is is stored in browser sync storage.