1. Overview

SniffIt is a browser extension that checks online stores and product pages in real time to warn you about scams, fakes, and overpriced items. To do that responsibly, we process the minimum data needed and nothing more.

The short version: We check the domain and product page you're on to score it. We don't read your email, track your keystrokes, scrape your cart, or sell your data. Ever.
2. What we collect
Automatically

Store URL & product URL — needed to score the page you're visiting.
Page metadata — title, price, currency, and product identifiers (e.g., ASIN, GTIN) used to compare against known listings.
Extension version & browser — for compatibility and debugging.
Anonymous usage events — aggregate counts of warnings shown, not tied to your identity.


When you create an account (optional)

Email address
Authentication token
Preferences (alert thresholds, saved merchants)


1. What we never collect
   
   Keystrokes, form inputs, or passwords.
   The contents of your shopping cart or checkout.
   Email, chat, or social media content.
   Browsing history on non-shopping pages.
   Payment card details.

Heads up: SniffIt only activates on recognized shopping domains. Non-shopping sites are ignored entirely — no requests leave your browser.
4. How we use data

We use the data above strictly to:

Return a risk score for the store or product you're viewing.
Detect new scam patterns across our user base (using aggregated, non-identifiable signals).
Fix bugs, improve accuracy, and keep the service reliable.
Send account-related emails if you've signed up (never marketing without consent).


1. Sharing & third parties

We don't sell, rent, or trade your data. We share data only with:

Infrastructure providers (hosting, databases) under strict data-processing agreements.
Law enforcement, only when legally compelled by valid process.


1. Retention

Scoring requests are retained in hashed form for up to 30 days to improve detection. Aggregated statistics are kept indefinitely. Account data is kept until you delete your account, after which it is purged within 30 days.
7. Your rights

Depending on your jurisdiction (GDPR, CCPA, UK DPA, etc.) you may:

Request access to the data we hold about you.
Request correction or deletion.
Object to or restrict certain processing.
Port your data to another service.


Email info@poslovno.ba and we'll respond within 30 days.
8. Security

All traffic is encrypted in transit (TLS 1.3). Data at rest is encrypted with AES-256. Access to production systems is restricted and logged. We run regular security audits and welcome researcher reports — see our Responsible Disclosure page.
9. Children

SniffIt is not directed at children under 13 (or 16 in the EEA). We don't knowingly collect their data. If you believe a child has provided us data, contact us and we'll delete it.
10. Changes to this policy

If we make material changes, we'll notify you in the extension and by email (if you have an account) at least 14 days before they take effect. The "Last updated" date at the top always reflects the current version.
11. Contact

Privacy questions and general inquiries: info@poslovno.ba