Last updated: March 2026
The extension captures your playmfl.com authentication token from outgoing API requests made by the app. This token is used solely to make authorized API calls on your behalf (fetching your club's tactics and player data to run the lineup optimizer).
The auth token is stored in chrome.storage.local — local to your browser, on your device only. It is never transmitted to any server other than playmfl.com.
The extension communicates exclusively with https://app.playmfl.com and https://api.playmfl.com. No data is sent to any third-party server. The extension has no analytics, tracking, or telemetry.
The token persists in local storage until you uninstall the extension or clear browser storage. It is refreshed automatically on each playmfl.com session.
Questions? Open an issue on the GitHub repository.