Privacy Policy

1. Information We Don't Collect

Let's start with what we DON'T do:

• ❌ Browsing History: We don't track or store which websites you visit
• ❌ Personal Data: Beyond your email for account creation, we don't collect personal information
• ❌ Page Content: We don't store the content of pages you scan
• ❌ Analytics Tracking: No Google Analytics, Facebook Pixel, or any third-party trackers
• ❌ Advertising Data: We don't build advertising profiles
• ❌ Location Data: We never access your geographic location
• ❌ Device Fingerprinting: We don't create unique device identifiers

2. Information We Do Collect

2.1 Account Information (For Trial Users Only)

When you sign up for the 30-day free trial, we collect:

• Email Address: Used for account creation and authentication
• Password (Hashed): Stored securely using industry-standard encryption via Supabase
• Trial Start/End Dates: To manage your 30-day trial period
• Subscription Status: Whether you're on trial, subscribed, or expired

Why we collect this: To provide authenticated access to premium features and manage your trial/subscription.

2.2 Usage Statistics (Anonymous & Aggregated)

We collect minimal anonymous usage data for improving the product:

• Total Scans Count: How many times you've run security scans (stored locally)
• Scan Timestamps: When scans were performed (stored locally for scan history)
• Extension Version: Which version of the extension you're using

Why we collect this: To understand feature usage and identify bugs/performance issues.

2.3 Local Storage Only

The following data is stored ONLY in your browser using chrome.storage.local:

• Scan results and history
• User preferences and settings
• Authentication session tokens

Important: This data never leaves your device unless you explicitly delete your browser data.

3. How We Use Your Information

3.1 Account Management

• Authenticate your identity when you sign in
• Manage your trial period and expiry warnings
• Process subscription payments (if you choose to subscribe)
• Send critical account-related emails (password resets, trial expiry)

3.2 Service Improvement

• Identify and fix bugs
• Improve scanner accuracy
• Optimize performance
• Develop new features based on usage patterns

3.3 Security & Compliance

• Detect and prevent fraud or abuse
• Comply with legal obligations
• Protect against security threats

4. Data Sharing & Third Parties

4.1 We Do Not Sell Your Data

Period. We will never sell, rent, or trade your personal information to third parties for marketing purposes.

4.2 Third-Party Services We Use

We use the following trusted third-party services, all of which are GDPR-compliant:

• Supabase: Authentication and database hosting (PostgreSQL) - Their Privacy Policy
• Stripe (if you subscribe): Payment processing - Their Privacy Policy

These services only receive the minimum data necessary to function (e.g., Stripe gets payment info, Supabase gets your email/hashed password).

4.3 Threat Intelligence APIs

Our scanners query these public threat databases:

• URLhaus (abuse.ch): We send the URL you're visiting to check if it's known malware
• OpenPhish: We check URLs against their phishing database
• GitHub Phishing Feed: Community-maintained phishing list

Important: These services may log the URLs we query. We cache results for 5 minutes to minimize queries.

5. Data Retention

5.1 Account Data

• Active accounts: Retained as long as your account is active
• Deleted accounts: Permanently deleted within 30 days of account deletion request
• Inactive accounts: Accounts inactive for 2+ years may be deleted

5.2 Local Data

• Scan history: Stored in your browser until you clear it or uninstall the extension
• Settings: Persist until you clear browser data

6. Your Rights (GDPR & CCPA Compliance)

You have the following rights regarding your data:

6.1 Access & Portability

• Right to Access: Request a copy of all data we have about you
• Data Portability: Receive your data in a machine-readable format (JSON)

6.2 Correction & Deletion

• Right to Rectify: Correct inaccurate information
• Right to Erasure: Delete your account and all associated data
• Right to Restrict: Limit how we process your data

6.3 Objection & Withdrawal

• Right to Object: Object to certain types of processing
• Withdraw Consent: Revoke consent for data processing at any time

To exercise these rights: Email us at support@chesta.website

7. Cookies & Tracking

We do NOT use cookies for tracking.

The extension uses chrome.storage.local (not cookies) to store:

• Authentication session tokens
• User preferences
• Scan history

Our website may use essential cookies only for:

• Remembering your cookie consent preference
• Maintaining active sessions (if logged in via website)

8. Children's Privacy

Chesta Security Pro is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us immediately, and we will delete it.

9. Data Security

We implement industry-standard security measures:

• Encryption: All data transmitted between your browser and our servers is encrypted using TLS/SSL
• Password Hashing: Passwords are hashed using bcrypt (never stored in plain text)
• Access Controls: Limited access to production databases (only authorized personnel)
• Regular Audits: Security audits and penetration testing
• Supabase RLS: Row-level security policies prevent unauthorized data access

10. International Data Transfers

Your data is primarily stored in:

• Supabase Servers: Cloud infrastructure (specify region based on user location)
• EU Data Protection: We comply with GDPR for EU users
• US Privacy Shield: Our third-party providers are Privacy Shield certified

11. Changes to This Privacy Policy

We may update this privacy policy from time to time. When we do:

• We'll update the "Last Updated" date at the top
• For material changes, we'll notify you via email (if you have an account)
• Continued use after changes means you accept the updated policy

12. Contact Us

Questions about this privacy policy or your data?

• Email: support@chesta.website
• General Support: support@chesta.website
• Contact Page: Contact Form