Effective Date: June 2026 Product: Wasf Chrome Extension
This Privacy Policy explains how Wasf Chrome Extension processes limited user data strictly necessary to provide its functionality.
1. Information We Collect
We collect only the minimum data required to operate authentication, AI generation, billing, and abuse prevention systems.
1.1 Authentication Data
When you sign in using Google OAuth, we receive:
Email address
Google user ID
Basic profile information (name and avatar if available)
Purpose:
This data is used exclusively for:
User authentication
Session management
Subscription and access control
Justification:
Authentication data is required to securely identify users and maintain access to the service across extension and backend systems.
1.2 User-Provided Input Data (AI Processing)
We process only text explicitly entered by the user inside product input fields, such as:
Product title
Product description
Product attributes (e.g. size, color, features)
Scope Limitation:
Only manually entered fields are processed
No full-page content is accessed
No browsing history is collected
No hidden fields, customer data, or order data are accessed
Technical Restriction:
The extension includes input-level restrictions to minimize accidental processing of non-product data. It is not designed to process customer or sensitive business information.
Important Restriction:
Customer personal data
Store order information
Financial or sensitive business records
Users are responsible for ensuring that only product-related content is entered.
Purpose:
This data is used solely to generate AI-based product titles and descriptions.
1.3 Minimal Usage Data (Billing & Abuse Prevention Only)
We store strictly minimal technical records required for:
Credit usage tracking
Fraud and abuse prevention
Billing reconciliation
Each record may include:
Feature used (e.g. title generation)
Timestamp of request
Credit consumption amount
Success or failure status
Explicit Limitations:
This data is NOT used for:
Behavioral profiling
Analytics or marketing analysis
Advertising
Cross-site tracking
Additional Clarification:
Usage logs are strictly operational and cannot be used to reconstruct user behavior across sessions.
Justification:
These records are required strictly for enforcing credit-based billing and preventing automated abuse of AI services.
1.4 Authentication Tokens
We store authentication tokens locally using Chrome’s storage API (chrome.storage.local).
Security Model:
Tokens are short-lived
Tokens are automatically rotated via backend session logic
Tokens are invalidated server-side upon logout or suspicious activity
Purpose:
Used only to maintain authenticated sessions between the extension and backend services.
2. Data We Do NOT Collect
Customer data from Salla stores
Orders or transaction history
Payment card or banking information
Full HTML content of web pages
Browsing history
Cross-site user activity
3. Data Scope Limitation (Content Script Access)
The extension uses Chrome content scripts restricted to specific DOM elements inside the Salla product editor interface.
Access is strictly limited to:
Product name input field
Product description field
Product attribute fields entered manually by the user
Technical Enforcement:
No full-page DOM scanning
No HTML or page snapshot extraction
No background page access
No access to customer, order, or analytics sections
Implementation Note:
Access is enforced through selector-based content scripts scoped only to product input fields.
No raw page content, DOM snapshots, or browsing history is transmitted outside the extension.
4. Data Usage and Flow
All data flows are initiated only by explicit user actions and are transmitted through secure HTTPS backend APIs.
No background or silent data collection occurs.
We use collected data strictly for:
AI content generation
Authentication and session management
Credit-based billing enforcement
Fraud and abuse prevention
No additional processing is performed.
5. Data Storage
5.1 Local Storage (Browser)
Stored locally:
Authentication tokens
User preferences
Security:
Stored in Chrome sandboxed storage
Tokens are short-lived and rotated
Tokens are invalidated server-side upon logout or abnormal activity
5.2 Backend Storage (Supabase)
Stored securely:
User account data
Subscription status
Billing and credit usage records
Security:
We do not access the database directly from the extension. All database operations are handled through secure backend services.
Row-Level Security (RLS) ensures users can only access their own data.
6. Third-Party Services
6.1 OpenAI
Used for AI generation.
Shared data:
Product text inputs (title, attributes)
Not shared:
User identity
Authentication tokens
Page content or store data
6.2 Google OAuth
Used for authentication only.
Received data:
Email
User ID
Basic profile information
6.3 LemonSqueezy
Used for subscription and billing.
Shared data:
User ID (non-sensitive identifier)
Selected subscription plan
No payment card or financial credentials are processed by the extension.
6.4 Supabase
Used for backend infrastructure and database.
Stored data:
User accounts
Subscription status
Minimal billing and usage records
7. Data Retention
Active accounts: data retained until deletion request
Billing records: retained for fraud prevention and financial reconciliation
Local storage: retained until logout or extension removal
8. User Rights
Access stored account data
Request deletion of their data
Revoke authentication by logging out
Stop using the extension at any time
9. Security Summary
Wasf Chrome Extension follows strict data minimization principles:
Only product-related user input is processed
No behavioral tracking or surveillance is implemented
No cross-site data collection occurs
No browsing activity is monitored or analyzed
No data is used for profiling or advertising purposes