Smart Finder Chrome Extension - Privacy Policy

1. Introduction

This Privacy Policy describes how Smart Finder ("we," "our," or "us") collects, uses, and protects your information when you use our Chrome extension. We are committed to protecting your privacy and ensuring transparency about our data practices.

2. Information We Collect

2.1 Personal Information

When you sign in with Google OAuth, we collect:

• Google Account Information: Name, email address, and profile picture
• OAuth Tokens: Secure tokens for authentication (stored locally and server-side)

2.2 Usage Data

We may collect:

• AI Search Queries: Text you search for using AI-powered search (processed in real-time, not permanently stored)
• Token Usage: Number of successful AI searches performed to manage your token balance
• Extension Interactions: Basic usage statistics to improve functionality (anonymized)
• Search Performance: Response times and success rates for service optimization

2.3 Data NOT Collected

We explicitly do NOT collect:

• Traditional Search Queries: Regular text searches are processed entirely locally
• Regex Patterns: Pattern searches are processed entirely locally
• Website Content: Page content is only sent to AI when you explicitly use AI search
• Browsing History: We don't track which websites you visit
• Personal Files: No access to your local files or other browser data

2.4 Technical Data

• Browser Information: Extension version, Chrome version (for compatibility and debugging)
• Error Logs: Crash reports and error information (anonymized, no personal data)
• Performance Metrics: Search response times and success rates (aggregated)
• Feature Usage: Which features are used most often (anonymized statistics)

3. How We Use Your Information

3.1 Primary Uses

• Authentication: Verify your identity and manage your account
• AI Search: Process your search queries to provide intelligent results
• Token Management: Track and manage your AI search credits
• Service Improvement: Analyze usage patterns to enhance functionality

3.2 We Do NOT

• Sell, rent, or trade your personal information
• Store your search queries permanently
• Access or store content from websites you visit
• Track your browsing behavior outside of extension usage

4. Data Storage and Security

4.1 Local Storage

• Chrome Extension Storage: User preferences, authentication tokens, and settings
• Automatic Cleanup: Data is cleared when you uninstall the extension

4.2 Server Storage

• Secure Servers: User accounts and token balances stored on encrypted Vercel/Supabase infrastructure
• Data Encryption: All data transmitted and stored using industry-standard encryption
• Access Controls: Strict access controls and monitoring

4.3 Data Retention

• Account Data: Retained while your account is active
• Search Queries: Processed in real-time and not permanently stored
• Usage Analytics: Aggregated and anonymized data retained for service improvement

5. Third-Party Services

5.1 Google OAuth

• Used for secure authentication
• Subject to Google's Privacy Policy
• We only request necessary permissions (openid, email, profile)

5.2 Payment Processing

• Stripe for secure payment processing
• We do not store credit card information
• Subject to Stripe's Privacy Policy

5.3 AI Services (Groq)

• AI Provider: Groq (Llama 3.1 8B Instant model)
• Data Processing: Search queries and page content sent only when you use AI search
• No Permanent Storage: Queries processed in real-time and not stored by Groq or us
• Rate Limiting: Built-in protections against abuse (20 calls/min, 100/hour, 400/day)
• Content Filtering: Large pages split into batches for processing efficiency

6. Permissions and Justifications

Our extension requests the following Chrome permissions:

• activeTab: Access current tab content for search functionality
• scripting: Inject search interface into web pages
• storage: Save user preferences and authentication tokens locally
• identity: Enable Google OAuth sign-in
• host_permissions: Connect to our secure servers (*.vercel.app, *.supabase.co)

7. Your Rights and Choices

7.1 Account Control

• Sign Out: Disconnect your Google account at any time
• Account Deletion: Permanently delete your account and all associated data through the extension interface
• Data Access: Request a copy of your personal data

7.2 Account Deletion Process

You have the right to delete your account and all associated data at any time. To delete your account:

1. Open the Smart Finder extension popup
2. Click on "Delete account" in your user profile section
3. Review the deletion warning and click "Request Deletion"
4. Enter the 6-digit confirmation code to permanently delete your account

What gets deleted:

• Your profile and account information
• All purchased and free tokens
• Your usage history and preferences
• All search data and interactions
• Authentication tokens and stored credentials

Important notes:

• Account deletion is permanent and cannot be undone
• Purchase records may be retained in anonymized form for financial compliance, but will not be linked to your identity
• The deletion process is immediate and irreversible
• You cannot recover tokens or data after deletion

7.3 Extension Control

• Disable/Remove: Disable or uninstall the extension to stop all data collection
• Permission Management: Manage extension permissions in Chrome settings

8. Children's Privacy

Our extension is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will delete such information promptly.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your personal information in accordance with applicable data protection laws.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Updating the "Last Updated" date at the top of this policy
• Providing notice through the extension interface
• For significant changes, requiring your consent to continue using the extension

11. Legal Basis for Processing (GDPR)

For users in the European Union, our legal basis for processing personal information includes:

• Consent: You provide consent when signing in with Google
• Contract: Processing necessary to provide our services
• Legitimate Interest: Improving our services and preventing fraud