Privacy Policy

Last updated: April 7, 2026

Who We Are

Webtracer is a Chrome extension operated by Algomittens LLC ("we", "us", "our"). You can reach us at algomittens@gmail.com.

Single Purpose

Webtracer's single purpose is to let you monitor specific webpages you choose for visible text changes and notify you when those changes occur. Webtracer does not monitor your general browsing activity. It only accesses webpages that you explicitly add as trackers.

1. What Data We Collect

Webtracer collects only what is necessary to provide the service:

• Account data: Email address and password (hashed before storage) when you create an account.
• Website content: When you add a URL as a tracker, the extension loads that page and extracts the visible text content matching the CSS selector you specify. This extracted text is stored locally on your device in IndexedDB. The extension only accesses pages you explicitly add as trackers — it does not access, monitor, or record your general browsing activity.
• Tracker configuration: URLs, CSS selectors, tracker names, check intervals, notification rules, notes, and tags you set up.
• Subscription data: If you upgrade to a paid plan, Stripe processes your payment. We store your Stripe customer ID and subscription status — never your card number or payment details.
• Notification credentials: Discord webhook URLs, Slack webhook URLs, Telegram bot tokens and chat IDs, and custom webhook URLs you configure for change alerts.

2. How We Use Your Data

Each type of data we collect serves a specific purpose:

• Account data is used to authenticate you, manage your session, and associate your subscription tier with your account.
• Website content is used to detect changes on the pages you monitor. The extension compares newly extracted text against previously stored text to determine if a change occurred.
• Tracker configuration is used to know which pages to check, how often to check them, and how to notify you when changes are detected.
• Subscription data is used to determine which features and limits apply to your account (e.g., number of trackers, history depth).
• Notification credentials are used solely to deliver change alerts to the services you configure. They are stored locally on your device and sent directly from your browser to the respective service when a change is detected.

3. How We Handle Your Data

We take the following measures to handle your data securely:

• Encryption in transit: All data transmitted between the extension and our servers uses HTTPS (TLS 1.2+). No user data is ever sent over unencrypted HTTP connections.
• Password security: Passwords are hashed by Supabase Auth before storage. We never store or transmit plaintext passwords.
• Local-first architecture: Tracker data, change history, notification logs, and settings are stored in your browser's IndexedDB and chrome.storage.local. This data remains on your device and is not transmitted to our servers unless you explicitly use a cloud feature (Enterprise tier only).
• Minimal server-side data: Our servers store only account authentication data (email, hashed password) and subscription status. Tracker content and configuration stay on your device.
• Webhook credentials: Discord, Slack, Telegram, and custom webhook URLs/tokens are stored locally in your browser's IndexedDB. When a notification is triggered, your browser sends the alert directly to the configured service — our servers are not involved in this transmission.
• No analytics or tracking: Webtracer does not include any analytics libraries, telemetry, tracking pixels, or fingerprinting code.

No method of transmission or storage is perfectly secure. While we use reasonable measures to protect your data, we cannot guarantee absolute security.

4. Where Data Is Stored

• On your device: Trackers, extracted page content, change history, notification logs, settings, and webhook credentials are stored locally in your browser's IndexedDB and chrome.storage.local.
• Supabase (US-hosted): Account authentication tokens, email address, hashed password, and subscription status are stored in our Supabase-hosted PostgreSQL database.
• Stripe: Payment method details and billing history are stored by Stripe. We do not have access to your full card number.

5. Who We Share Data With

We do not sell, rent, or share your personal data with third parties for advertising or marketing purposes. Data is shared only with the following service providers, solely to operate Webtracer:

• Supabase — account authentication and subscription management. Supabase Privacy Policy.
• Stripe — payment processing for paid plans. Stripe Privacy Policy.
• Resend — email delivery for change notifications (only if you enable email alerts). When an email alert is sent, Resend receives your email address, the tracker name, monitored URL, previous text, new text, and a timestamp. Resend Privacy Policy.

When you configure third-party notification channels, change alerts are sent directly from your browser to:

• Discord — via your webhook URL. Discord Privacy Policy.
• Slack — via your webhook URL. Slack Privacy Policy.
• Telegram — via the Telegram Bot API. Telegram Privacy Policy.
• Custom webhooks — via any URL you provide. You are responsible for the privacy practices of custom webhook endpoints.

Notification payloads contain: tracker name, monitored URL, previous text, new text, and a timestamp. No account credentials or personal information beyond what is needed for the alert is included.

6. Host Permissions

Webtracer requests the <all_urls> host permission and the scripting permission because users can monitor any webpage of their choice. These permissions are used exclusively to:

• Open the specific URLs you add as trackers in a background tab.
• Inject a content script that extracts the visible text of the CSS selector you specified.
• Close the tab immediately after extraction.

Webtracer does not use host permissions to access, read, or monitor any page you have not explicitly added as a tracker.

7. Web Browsing Activity

Webtracer does not collect or use your web browsing activity except as necessary to provide its single purpose of monitoring the specific URLs you choose. Any browsing-related information handled by Webtracer is limited to the pages you explicitly configure for monitoring and is used only to provide the monitoring and notification features you requested. Webtracer does not collect your browsing history, track which websites you visit, or read content from your open tabs. The extracted text is stored only in your browser's local IndexedDB and is not transmitted to our servers.

8. What We Don't Collect

• Browsing history or activity outside of URLs you explicitly add as trackers
• Cookies, form data, or login credentials from monitored pages
• Personal files, device identifiers, or hardware information
• Analytics, telemetry, advertising IDs, or tracking pixels
• Full credit card numbers (payment details are handled entirely by Stripe)
• Full HTML or DOM structure of monitored pages (only visible text from your specified selector)

9. Data Retention

• Local data (trackers, history, notifications, settings) is retained on your device until you delete it or uninstall the extension.
• Account data (email, hashed password, subscription status) is retained on our servers until you delete your account.
• Payment records are retained by Stripe per their retention policy.

10. Data Deletion

You can delete your data at any time:

• Local data: Uninstall the extension or clear your browser's site data for the extension.
• Individual trackers: Delete trackers from the dashboard to remove their stored content and history.
• Account and server-side data: Delete your account from the Account section in Settings. This removes your authentication record and subscription data from our servers.
• Full deletion request: Email algomittens@gmail.com to request complete deletion of all data associated with your account.

11. Your Rights

Depending on your location, you may have the right to:

• Access, correct, or delete your personal data
• Export your data (use the Export feature in Settings)
• Object to or restrict processing of your data
• Withdraw consent at any time by deleting your account
• Lodge a complaint with your local data protection authority

To exercise any of these rights, email algomittens@gmail.com.

12. Children's Privacy

Webtracer is not intended for use by anyone under the age of 13. We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact us and we will promptly delete it.

13. Cookies

Webtracer does not use cookies. Authentication tokens are stored in chrome.storage.local, which is accessible only to the extension.

14. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the "Last updated" date above. Continued use of Webtracer after changes constitutes acceptance of the updated policy.

15. Chrome Web Store User Data Policy Compliance

Webtracer's use of user data adheres to the Chrome Web Store User Data Policy, including the Limited Use requirements:

• Webtracer only uses data in ways that are necessary to provide and improve the extension's single purpose: monitoring web pages for content changes and notifying you of those changes.
• Webtracer does not transfer user data to third parties except as necessary to provide the service (as described in Section 5), to comply with applicable laws, or to protect against malware, spam, phishing, or other fraud or abuse.
• Webtracer does not use or transfer user data for personalized advertisements.
• Webtracer does not sell user data to third parties, data brokers, or information resellers.
• Webtracer does not use or transfer user data to determine credit-worthiness or for lending purposes.
• No human reads your user data unless (a) you give explicit consent for a specific support request, (b) it is necessary for security purposes such as investigating abuse, or (c) it is required to comply with applicable law.

16. Financial & Authentication Data

Webtracer does not publicly disclose any financial or payment information. Credit card details are handled exclusively by Stripe and are never accessible to us. Authentication credentials (passwords, tokens, session data) are never publicly disclosed, logged in plaintext, or exposed to third parties. Webhook tokens and API keys you configure are stored only in your local browser storage.

17. Contact

Questions, concerns, or data requests? Email algomittens@gmail.com.