Privacy Policy

12.1 Prominent Disclosure and Affirmative Consent

In accordance with the Chrome Web Store User Data Policy (Prominent Disclosure / Purple Nickel), before any personal or sensitive data is collected by the Extension, we disclose the following to the user in-product AND require an affirmative action to proceed:

• What is disclosed: The Extension popup and the first-run screen clearly indicate that clicking "Analyze" will read the current page's SEO-related HTML, and that logging in will send analysis data to seocheckr.io and Supabase.
• When it is disclosed: BEFORE any collection occurs. No data is read, stored or transmitted until you perform one of these actions: (a) click the extension icon to open the popup, (b) click "Analyze" on an open tab, or (c) click "Log in / Connect".
• How consent is obtained: Your affirmative click on "Analyze" (local analysis) or "Log in" (server sync) constitutes explicit consent to the practices described in sections 12.2-12.6. Closing the popup without clicking cancels any collection.
• Link to this policy: The extension popup contains a visible link to this Privacy Policy (https://www.seocheckr.io/privacy#extension) so you can review it at any time.
• Opt-out and revocation: You can withdraw consent at any time by: (a) not clicking "Analyze", (b) logging out (which removes the auth token), (c) turning off "Save History" in Settings, (d) clicking "Clear History", or (e) uninstalling the Extension — which removes ALL local data.
• Scope limitation: The Extension does NOT run in the background, does NOT auto-collect data, and does NOT access data on pages you did not explicitly ask to analyze.

12.2 Permissions Used and Why

• activeTab: Grants temporary access to ONLY the currently active tab, and ONLY at the moment you click the extension icon. Required to read SEO-relevant HTML of the page you explicitly choose to analyze. No access to any other tab, no background access.
• storage: Uses Chrome's local storage API to save your settings (autoAnalyze, saveHistory), your local analysis history (max 50 entries), and — if you log in — an authentication token. Stored locally on your device; not synced by us to any cloud.
• scripting: Required to extract SEO data (title, meta tags, headings, alt attributes, link structure, Core Web Vitals, AI readiness signals) from the page you chose to analyze. Scripts run only upon your click, only on that page.

12.3 Data Collection — What the Extension Collects

The Extension collects the following categories of user data, and ONLY at the moments described below:

• Website content (SEO technical data): Page URL, HTML meta tags (title, description, canonical, Open Graph), heading structure (H1-H6), image alt attributes, internal/external link counts, structured data (JSON-LD), robots directives, and Core Web Vitals signals. Collected ONLY when you click the extension icon and trigger an analysis on the currently open tab.
• User preferences: Your extension settings: "autoAnalyze" (default: false) and "saveHistory" (default: true). Collected when you change a setting; stored locally only.
• Local analysis history: A list of up to 50 most recent analyses you performed (URL, score, timestamp). Only created if "saveHistory" is enabled. Collected on your device only.
• Authentication information (logged-in users only): If you log in by clicking "Connect" (which opens seocheckr.io), the extension stores an authentication token and your associated email/account status returned by our server. Collected only after you explicitly sign in.

12.4 Data Processing — How We Use the Data

The data described in 12.3 is processed exclusively for the following purposes. We do NOT use it for any secondary purpose, do NOT profile you, and do NOT train AI models on your data.

• Local SEO analysis (primary purpose): Extracted HTML/SEO data is processed entirely in your browser to compute scores, detect issues (missing alt text, broken meta tags, heading structure), and build the report shown in the extension popup. This processing happens in memory.
• Displaying results: Processed results are rendered in the extension popup for your immediate use. Raw HTML extracted from the page is discarded from memory as soon as the report is generated.
• Storing local history (if enabled): If "saveHistory" is enabled, a compact record (URL + score + timestamp — NOT raw HTML) is appended to your local history to let you revisit past analyses.
• Server-side processing (logged-in users only): If you are logged in, the analyzed page URL, the computed SEO metrics, and the analysis timestamp may be sent over HTTPS to our backend (seocheckr.io / Supabase) to associate the analysis with your account and enable premium features (AI-powered recommendations, cross-device history). Your authentication token is sent with the request to identify you. No data is sent to the server if you are not logged in.
• Service improvement: We may use aggregated, non-identifying technical data (e.g., counts of errors encountered by the extension) to fix bugs and improve features. We do NOT use the content of pages you analyze for this purpose.

12.5 Data Storage — Where and How Long

Below is an exhaustive description of where each piece of collected data is stored, on what medium, and for how long.

• Settings (autoAnalyze, saveHistory): Stored locally in Chrome's chrome.storage.local API on YOUR device. Retained until you change them, clear extension data, or uninstall. Never transmitted to our servers.
• Local analysis history: Stored locally in chrome.storage.local on YOUR device, capped at 50 most recent entries (oldest auto-removed). Retained until you clear history in the extension, disable "saveHistory", or uninstall. Never transmitted to our servers automatically.
• Raw HTML of analyzed pages: NOT stored. Processed in memory during analysis and discarded as soon as the report is generated. Neither local nor server storage.
• Authentication token and email (logged-in users): Stored locally in chrome.storage.local on YOUR device. Retained until you log out from the extension or seocheckr.io, or uninstall. Transmitted only to seocheckr.io over HTTPS to authenticate your requests.
• Server-side analysis data (logged-in users only): If you are logged in, analysis results (URL, SEO metrics, timestamp — NOT raw HTML) are stored on our secure Supabase-hosted database (EU/US regions), encrypted in transit (HTTPS/TLS) and at rest. Retained for as long as your account is active, and up to 1 year after account deletion; billing records kept for 10 years (legal obligation). You can delete this data at any time via your account settings at seocheckr.io.
• No third-party cloud sync: The extension never pushes your local data to Chrome Sync, Google Drive, or any third-party cloud. Only explicit server sync (above) occurs, and only when logged in.

12.6 Data Sharing — Third Parties and Transfers

We treat data sharing with extreme restraint. Here is the complete list of situations in which data collected by the Extension may leave your device.

• SEOCheckr.io servers (logged-in users only): Analysis URLs, SEO metrics, timestamps, and your authentication token are transmitted to seocheckr.io over HTTPS to enable account features. Purpose: service delivery. No data is sent if you are not logged in.
• Supabase (our database processor): The same server-side data is stored in our Supabase instance. Supabase acts as a data processor under a Data Processing Agreement (DPA). Purpose: secure hosting.
• Stripe (billing only): If you purchase a paid plan on seocheckr.io, Stripe processes your payment information. The Extension itself does NOT transmit anything to Stripe.
• Legal disclosure: We may disclose data if legally compelled (valid court order, subpoena, or applicable law). We will attempt to notify you when legally permitted.
• NEVER shared with: advertisers, ad networks, data brokers, analytics trackers (no Google Analytics / no Facebook Pixel in the extension), or any third party for marketing or profiling.
• Data sale: We do NOT sell or rent user data. We never have and never will.
• International transfers: Our servers and Supabase may process data in the EU and/or the United States. Transfers outside the EU rely on Standard Contractual Clauses (SCCs) and appropriate safeguards under GDPR.

12.7 Security

• All network communication uses HTTPS/TLS encryption
• Authentication tokens are stored using Chrome's storage API and transmitted only to seocheckr.io
• Server data at rest is encrypted by our hosting provider (Supabase)
• Access to production data is restricted to authorized personnel
• Regular dependency audits and security reviews

12.8 Your Rights and How to Exercise Them

• Clear local history: Open the extension → History → "Clear History".
• Disable history storage: Open the extension → Settings → turn off "Save History".
• Log out (clears local token): Open the extension → click "Log out", or log out from seocheckr.io.
• Delete server-side data: Log in to seocheckr.io → Account → "Delete my data" / "Delete account".
• Full uninstall (removes ALL local data): Right-click the extension icon → "Remove from Chrome".
• GDPR/CCPA rights: You can request access, rectification, erasure, portability, restriction, and objection by emailing contact@seocheckr.io. We respond within 30 days.

12.9 What We Do NOT Do

12.10 Children's Privacy

The Extension is not directed to children under 13 (or under 16 where applicable by local law). We do not knowingly collect personal data from children. If you believe a child has provided us with data, please contact us at contact@seocheckr.io and we will delete it.

12.11 Extension-Specific Contact

For any question related to the Chrome extension's data practices, please contact us at: contact@seocheckr.io