Privacy Policy

1. Overview
   Shutup Extensions ("the extension", "we", "us") is a browser extension that manages your installed browser extensions. This privacy policy explains what data we collect, why, and how we handle it.

In short: We collect minimal, pseudonymous data. We never sell your data. We never track your browsing history. Your extension configuration stays on your device. No third-party analytics or tracking SDKs are used — all telemetry is first-party and self-hosted on our own server.

1. What we collect
   2a. Extension information (local only)
   The extension reads your installed browser extensions using the Chrome Management API to display them in the options page and manage their enabled/disabled state. This data is processed entirely on your device and is never sent to our servers unless you opt in to analytics.

2b. Configuration data (local only)
Your settings — including your whitelist, domain rules, theme preference, and Pro license key — are stored locally in your browser using Chrome Storage. This data stays on your device and syncs across your Chrome profile if you use Chrome Sync, but is never sent to our servers.

2c. Tab URLs (local only, domain extraction)
The extension reads the URL of your active tab to apply per-site extension rules (Pro feature). Only the hostname (e.g. "youtube.com") is extracted from the URL — the full URL, path, query parameters, and page content are never read, stored, or transmitted. This domain matching happens entirely on your device.

2d. System memory (local only)
The extension reads your system's total and available RAM using the Chrome System Memory API to display the RAM indicator in the sidebar. This data is used only for display purposes and is never transmitted.

2e. Device identifier
On first install, the extension generates a random unique identifier (UUID) stored locally on your device. This is a pseudonymous identifier — it is not linked to your name, email, browser profile, or any account. It is stable within one browser installation but cannot be used to identify you personally. It is sent to our server for: trial enforcement (one trial per installation), install counting, error report deduplication, and device binding for Pro licenses.

2f. Server-pushed configuration
The extension periodically fetches a public configuration from our server containing theme colors, subscription pricing, and optional announcement banners. This request does not transmit any personal data — the endpoint is unauthenticated and returns the same response to all users. The fetched configuration is cached locally and used only for display purposes.

1. What we never collect
   We want to be explicit about what we never collect or transmit:

IP addresses — your IP address is used only for in-memory rate limiting and is never written to our database. Rate-limit records are purged from memory every 10 minutes.
Browsing history — we do not access or request the History API
Full URLs — tab URLs are only used locally for domain extraction; the full URL is never sent to our server
Cookies or authentication tokens — we do not access or request the Cookies API
Bookmarks — we do not access or request the Bookmarks API
Page content, form data, or keystrokes
Personal files or downloads
Screen content or location data
Data from other extensions — we read extension names and enabled status via the Management API, but never access their internal data, storage, or network traffic
4. Analytics & usage data
4a. Base telemetry (always collected)
Regardless of your analytics consent setting, the extension sends the following pseudonymous technical data to our server. This data is necessary for basic product operation — install counting, version tracking, and error diagnosis:

Device ID — the pseudonymous UUID described above
Extension version — e.g. "2.1.1"
Browser name and major version — e.g. "Chrome 125" or "Edg 124"
Pro/trial/free status
Lifecycle events — install, startup heartbeat, license activation, trial start (event name only, no additional data)
Aggregate counts — total number of installed extensions, whitelist entries, and domain rules (counts only, no names or details)
4b. Error reporting (always collected)
If the extension encounters a JavaScript error, it automatically sends a crash report containing the error message, stack trace, function context name, extension version, browser version, and device ID. Error reports are rate-limited to one per unique error per hour. They do not contain any browsing information, URLs, extension names, or personal data.

4c. Detailed analytics (consent required)
When you opt in to analytics, the extension additionally sends:

Extension list — the ID, name, and enabled/disabled status of each installed extension
Domain rule names — the domains you have configured in your per-site rules (e.g. "youtube.com", "github.com")
Analytics consent is disabled by default. You are asked once after setup, and you can change your choice at any time in the Settings page. This detailed data is sent at most once per day.

4d. Feedback (user-initiated)
If you submit feedback through the Settings page, we collect the message text, optional email address (only if you provide it), star rating, and extension version. This data is stored on our server and used solely to improve the product.

1. What changes with your consent choice
   Your analytics consent toggle controls whether detailed extension and domain data is shared. Base telemetry (counts, version, errors) is always collected to keep the product working.

Consent OFF (default)
Device ID (pseudonymous UUID)
Extension, whitelist, and domain rule counts (numbers only)
Extension version and browser version
Pro/trial/free status
Lifecycle event names (install, heartbeat)
Error reports (error message + stack trace)
Consent ON
Everything above, plus:

The names and IDs of your installed extensions and their enabled/disabled status
The domain names in your per-site rules
6. Subscription & payment data
6a. PayPal payments
Subscription payments are processed entirely by PayPal. We never see, store, or have access to your credit card number, bank account details, or PayPal password. PayPal provides us with:

Your PayPal email address (for subscription management and license delivery)
Subscription ID (to track your subscription status)
Payment status (active, cancelled, etc.)
6b. License keys
When you subscribe, we generate a unique license key (format: SHUT-XXXX-XXXX-XXXX-XXXX) and store it on our server alongside your PayPal email and subscription status. The license key is also stored locally in your browser to validate your Pro access.

6c. Device binding
When you activate a Pro license, your device ID and browser type are linked to that license to enforce device limits. You can view and remove linked devices from the Account page, or contact us to reset them.

6d. Free trial
Free trials require no payment information. We only store your pseudonymous device identifier and trial start/end dates to manage the trial period.

6e. Optional email
You may optionally save an email address on the Account page for support purposes. This is entirely voluntary and is stored separately from your subscription data. If you have an active PayPal subscription, the email from PayPal is used instead.

1. How data is stored
   Server-side data (subscriptions, analytics, error reports) is stored in a SQLite database on our server hosted by Hostinger. We retain:

Subscription data: for the duration of your subscription plus 30 days after cancellation
Analytics data: aggregated after 90 days
Error reports: deleted after 90 days
Feedback: retained indefinitely unless you request deletion
8. Third-party services
We use the following third-party services:

PayPal — payment processing only. Subject to PayPal's Privacy Policy.
Hostinger — server hosting. Subject to Hostinger's Privacy Policy.
We do not use any third-party analytics services (such as Google Analytics), advertising networks, tracking pixels, social media SDKs, or any other third-party data collection tools. All telemetry is first-party: collected by our extension and sent directly to our own server. No data is shared with, sold to, or made accessible to any third party.

1. Data deletion
   You can delete all your data from our servers directly from the extension:

Open the extension's Settings page
Scroll to Privacy and click "Delete my data"
This immediately and permanently deletes all analytics records, event logs, error reports, feedback, trial records, and any stored email associated with your device ID. Your license key and subscription status are preserved so your Pro access continues to work. This deletion is irreversible.

You can also email us at info@tawaar.net to request a full manual deletion including subscription records.

1. Your rights
   You have the right to:

Control analytics — toggle detailed analytics on or off in Settings at any time
Delete your data — use the in-app "Delete my data" button or email us
Request your data — email us to receive a copy of any data we hold about you
Cancel your subscription — manage directly through PayPal or contact us
11. Changes to this policy
We may update this privacy policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For significant changes, we will notify users through the extension's options page.

1. Contact
   If you have questions about this privacy policy or your data, contact us at:

Email: info@tawaar.net

Developer: Tawaar Technologies