This Privacy Policy ("Policy") describes the practices of NameSet ("Company," "we," "us," or "our") regarding the collection, use, disclosure, and protection of information obtained from users ("you" or "User") through the NameSet browser extension, website (nameset.me), and any associated services (collectively, the "Service").
NameSet is committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the California Online Privacy Protection Act (CalOPPA), and the Children's Online Privacy Protection Act (COPPA).
2. Information We Collect
We collect information through several primary channels: (a) information you provide directly, (b) information collected automatically through Service usage, (c) receiving from third-party processors, and (d) data required for technical execution of the browser extension.
2.1 Information You Voluntarily Provide
Account and Identity Data: During registration via Google OAuth or Supabase, we collect your primary email address, full name, and profile picture URL.
Brand Asset Data: Users may voluntarily input brand-specific data, including but not limited to brand names, taglines, biographies, industry categories, location data, and hex-code color values.
Billing Information: When purchasing "Brand Tokens," financial transactions are handled by our Merchant of Record, Polar.sh, and its payment processor, Stripe. We receive transaction confirmation data, but we do not store full credit card numbers or sensitive financial credentials.
2.2 Automatically Collected Data (Extension Telemetry)
Technical Identifiers: We collect anonymous technical data including browser version, operating system, extension version, and unique installation IDs.
Automation Telemetry: To improve the "Engine v2" performance, we collect anonymous success/failure metrics associated with specific third-party domains.
Network Interaction: We log high-level interaction data via Cloudflare to prevent abuse, including request timestamps.
2.4 Chrome Extension Permissions
activeTab: Used to detect form fields and inject brand data only on the specific tab you are interacting with.
storage: Used to save your encrypted brand identity data locally on your device for quick access.
scripting: Required to execute the auto-fill automation logic on third-party websites upon user request.
host_permissions: Required to communicate with our Cloudflare API and supported platforms to retrieve remote rules.
2.5 Data We Do NOT Collect
NameSet does NOT collect or transmit passwords for third-party websites, store credit card numbers, track your browsing history on unsupported sites, or read the content of your private messages.
3. Legal Basis for Processing (GDPR)
If you are a resident of the European Economic Area (EEA), our legal basis for processing information depends on the context: Performance of a Contract (to provide orchestration services), Legitimate Interests (improving Service security), and Consent (where required by law).
4. Third-Party Data Processors
Google LLC: Authentication and identity verification.
Supabase, Inc.: Database management, cloud hosting, and authentication.
Polar.sh / Stripe, Inc.: Secure payment processing and global tax/VAT compliance.
Cloudflare, Inc.: Network security and technical telemetry processing.
5. Data Retention and Erasure
Users may initiate a "Wipe Cache" within the Service or contact privacy@nameset.me to request the permanent deletion of their account and all associated brand data from our cloud infrastructure.