Privacy Policy

Last updated: 2025-09-09

This Privacy Policy explains how the Etsy Automation Helper Chrome extension (“Extension”, “we”, “us”) collects, uses, and protects information when you use the Extension on etsy.com.

We are not affiliated with Etsy, Inc. Use of the Extension must comply with Etsy’s Terms of Use.

Quick Summary

• Purpose: automate Etsy shop tasks (ads budget, daily sale, low-stock relist, auto-reply) on etsy.com by your schedule.

• We collect minimal data for sign-in and credits: Google profile (ID, email, display name, avatar) and a local sign-in token.

• We do not collect or transmit Etsy message contents or listing contents.

• Payments are processed by Stripe. We do not store card data.

• Logs and settings are stored locally in your browser; profile/credits in our database (Supabase).

• We do not sell or share data for advertising. Data in transit is encrypted (HTTPS).

Who We Are

• Controller: Alex

• Contact: kardash.by@gmail.com

Scope & Single Purpose

The Extension’s single purpose is to automate routine actions on etsy.com seller pages on a user-defined schedule (ads budget, daily sale, low-stock relist, auto-reply). We only operate on etsy.com in a way visible to the user.

Information We Collect

1. Google Profile (via Chrome Identity API)

   • Data: Google user ID, email, display name, avatar URL

   • Purpose: account identification, linking credit balance, showing profile in UI

2. Authentication Token (local only)

   • Data: OAuth token from Google Identity stored in chrome.storage.local

   • Purpose: keep you signed in; revoked on logout

   • Not sent to our servers; not used to access Gmail or other Google data

3. Settings & Logs (local only)

   • Data: job schedules, amounts/percentages, recent job results (e.g., “Restocked 2 listings”)

   • Purpose: run jobs reliably and display recent activity

   • Location: stored in your browser (chrome.storage/localStorage)

4. Credits & Profile (server)

   • Data: Google ID, email, name, avatar URL, credit balance

   • Purpose: account and billing credits administration

   • Location: stored in our database (Supabase)

5. Support Communications (optional)

   • If you email us, we keep the message and address solely to respond and support you.

What We Do NOT Collect

• No Etsy credentials, message contents, or listing contents

• No payment card numbers (cards are handled by Stripe)

• No browsing history, keystroke logging, or unrelated personal data

• No device precise location, health data, or sensitive categories

How We Use Information

• Authenticate your account and manage credits

• Run the jobs you configure (ads budget, daily sale, low-stock relist, auto-reply) on etsy.com

• Persist and show logs locally for your reference

• Provide support and service notices

We do not use your data for advertising or profiling.

Legal Bases (GDPR, if applicable)

• Performance of a contract: providing the core automation features you requested

• Legitimate interests: security, fraud prevention, service reliability

• Consent: Google sign-in flow and optional communications (where required)

You may withdraw consent by logging out or contacting us.

Sharing & Processors (No Selling)

We do not sell your data. We may share limited data with service providers (processors) strictly to deliver the service:

• Stripe (payments): processes credit purchases. Privacy: https://stripe.com/privacy

• Supabase (database/APIs): stores profile and credits. Privacy: https://supabase.com/privacy

• Google (OAuth identity): provides sign-in. Privacy: https://policies.google.com/privacy

Processors must comply with confidentiality and security commitments and use your data only as instructed.

Remote Code, Permissions & Data Safety

• Remote code: We do not load or execute remotely hosted code. All JS/CSS is bundled in the extension. Network requests are HTTPS API calls only (no code execution).

• Permissions (Chrome):

  • storage — store schedules, local logs, and minimal session info locally

  • identity — sign in with Google (profile/email only)

  • tabs/activeTab — open / reuse the Etsy “run” tab; do not read tab content

  • scripting — inject packaged UI on etsy.com to render panel and run actions

  • alarms — trigger scheduled jobs

  • host_permissions: .etsy.com/ (on-site automation), .supabase.co/ (credits/billing APIs)

• Data in transit is encrypted via HTTPS.

International Transfers

Your data may be processed in regions where our processors operate. We rely on appropriate safeguards (e.g., Standard Contractual Clauses) and vendor certifications. You can contact us for details of current data locations ([Supabase region]).

Security

• Encryption in transit (HTTPS)

• Data minimization by design

• Tokens revoked on logout

• Access limited to operational personnel and processors

No security system is impenetrable; we maintain safeguards and respond to incidents promptly.

Retention

• Profile & credits (server): retained while your account is active or as required for legal/accounting purposes; deleted upon request where feasible

• Local settings & logs: stored in your browser and can be cleared any time by you (browser storage)

• Support emails: retained up to 24 months, unless you request earlier deletion

Your Rights

Depending on your location, you may have rights to:

• Access/rectify/erase your data

• Object/restrict certain processing

• Data portability

• Withdraw consent (e.g., log out)

To exercise these rights or request account/data deletion, contact: [your-email@example.com]. We will respond within a reasonable timeframe.

For California residents (CCPA/CPRA):

• Right to know, delete, and non-discrimination for exercising rights

• We do not sell or share personal information for cross-context behavioral advertising

Children’s Privacy

The Extension is not intended for children under 13. We do not knowingly collect data from children under 13.

Changes to This Policy

We may update this policy from time to time. We’ll post updates here and adjust the “Last updated” date. Material changes may be accompanied by additional notice in the Extension UI.

Contact

• Email: kardash.by@gmail.com

• If you have unresolved concerns, you may have the right to contact your local data protection authority.

Chrome Web Store Disclosures (Summary)

• Single purpose: automate Etsy tasks on a user-defined schedule (ads budget, daily sale, low-stock relist, auto-reply).

• Data collected: Google profile (ID, email, display name, avatar) and a local sign-in token; local settings/logs; profile/credits on Supabase; no Etsy content; no card data.

• No sale or sharing of data beyond essential processors (Stripe/Supabase).

• No remote code; packaged scripts only; HTTPS APIs.

• Permissions justified strictly for functionality (see “Remote Code, Permissions & Data Safety” above).

“This application’s use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.”
https://developers.google.com/terms/api-services-user-data-policy