Tyre Kicker is a security reconnaissance tool for authorized testing. This privacy policy explains what data we collect, how we use it, and your rights regarding your information.

Key Points: Your scan results are stored locally in your browser and never transmitted to our servers. We only collect email addresses for subscription management.

1. Information We Collect
   A. Data Stored Locally (Never Leaves Your Browser)
   URLs of websites you scan
   Scan results (detected patterns, security scores, findings)
   Your scan history (automatically deleted after 30 days)
   Extension preferences and settings
   Technology versions detected during scans
   B. Data Sent to Tyre Kicker Servers
   Your email address (for subscription management only)
   Browser extension ID (for subscription validation)
   Scan count (to enforce free tier limits: 5 scans per 30 days)
   Subscription status and payment information (processed via Stripe)
   C. Data Sent to Third Parties
   Stripe: Payment processing only. Credit card information is handled directly by Stripe and never stored on our servers.
   D. Data We DO NOT Collect
   ❌ Scan results are never sent to our servers
   ❌ Browsing history beyond scanned pages
   ❌ Personal information from scanned websites
   ❌ Analytics or telemetry data
   ❌ Third-party tracking cookies
   ❌ IP addresses or device identifiers
2. How We Use Information
   Security Analysis: Perform local pattern matching for API keys, passwords, and vulnerabilities
   CVE Detection: Check detected technologies against a locally stored database of known vulnerabilities (CVEs) sourced from NVD
   Subscription Management: Validate your subscription status and enforce scan limits
   Payment Processing: Process subscription payments via Stripe
   User Support: Respond to support requests (if you contact us)
3. Data Sharing and Disclosure
   We do NOT sell, rent, or share your personal information. The only third parties with access to limited data are:

Stripe: Payment processing (PCI-DSS compliant, receives email and payment info)
Legal Requirements: We may disclose information if required by law or to protect our rights
4. Data Storage and Security
Local Storage: Scan results stored in Chrome's local storage (never on our servers)
Server Storage: Email and subscription status stored in encrypted SQLite database on our server
Encryption: All API communication uses HTTPS/TLS encryption
Retention: Scan history automatically deleted after 30 days (locally)
Security Measures: Industry-standard encryption, secure server configuration, regular updates
5. Your Rights and Choices
Access: View your subscription status in the extension popup
Delete Scan History: Clear scan history via extension settings or by uninstalling
Cancel Subscription: Cancel at any time via Stripe customer portal
Delete Account: Contact
support@mg.tyre-kicker.com
to delete your account and all associated data
Uninstall: Removes all local data immediately from your browser
6. Cookies
The Chrome extension does not use cookies. Our website (tyre-kicker.com) may use session cookies for authentication during checkout. These cookies are temporary and deleted when you close your browser.

1. Third-Party Services
   Stripe: Payment processing.
2. Children's Privacy
   This extension is not intended for users under 13 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us.
3. International Users
   Tyre Kicker is operated from the United States. By using the extension, you consent to this transfer.
4. Changes to This Policy
   We may update this privacy policy from time to time. Changes will be posted on this page with an updated "Last Updated" date.
5. Legal Basis for Processing (GDPR Compliance)
   For users in the European Union, our legal basis for processing personal data is:

Legitimate Interest: Providing security analysis tools to developers and security professionals
Contract: Subscription agreement for paid tier users
Consent: By installing the extension, you consent to this privacy policy
12. Important Disclaimer
Tyre Kicker detects possible security issues using pattern matching and public vulnerability databases. Findings may include false positives. All findings should be manually verified before taking action. This tool is intended for authorized security testing only. Users are responsible for ensuring they have explicit permission to scan websites. Unauthorized scanning may violate laws or terms of service.

1. Contact Us
   If you have questions about this privacy policy or your data, please contact us:

Email:
support@mg.tyre-kicker.com
Website: https://www.tyre-kicker.com
We will respond to privacy inquiries within 30 days.