Privacy Policy for Pigeon Extension

1. Introduction

Pigeon ("we," "our," or "us") is a Chrome browser extension that helps users find real opinions from Reddit about web pages they're viewing. This Privacy Policy explains how we collect, use, and protect your information when you use our extension.

2. Information We Collect

2.1 Page Content Data (Temporary Processing Only)

When you use Pigeon, we temporarily process limited information about the web page you're viewing. This data is NOT stored permanently:

• Page Title: The title of the webpage (limited to 150 characters)
• Meta Description: The page's meta description (limited to 200 characters)
• Keywords: Meta keywords from the page (limited to 8 key phrases, filtered)
• Headers: H1, H2, and first 2 H3 headings from the page (limited to 80/60 characters each)
• URL: The webpage URL you're viewing

Note: This page content is only processed in real-time to generate questions and is not stored in our database.

2.2 Browser Fingerprinting Data (Hashed & Stored)

For rate limiting and service optimization, we collect and hash anonymous browser characteristics:

• Client ID: A randomly generated UUID stored locally in your browser
• User Agent: Your browser type and version
• Language Settings: Your browser's language preferences
• Platform: Your operating system
• Timezone: Your timezone information
• Hardware Info: CPU cores and device memory (if available)
• Extension ID: Our extension's unique identifier

Note: This data is hashed using SHA-256 and stored as a fingerprint for rate limiting purposes.

2.3 Usage Data (Temporary Storage for Rate Limiting)

We track usage patterns to provide fair service limits. This data is temporarily stored in our database:

• Request Counts: Number of page analyses and searches performed (stored for 24 hours)
• IP Address: Your public IP address for rate limiting (stored for 24 hours)
• Operation IDs: Temporary identifiers for tracking requests (not stored)

3. How We Use Your Information

We use the collected information for the following purposes:

• Service Provision: To analyze web pages and generate relevant questions
• Reddit Integration: To search Reddit for relevant posts and comments
• AI Processing: To generate summaries using AI services (Groq)
• Rate Limiting: To ensure fair usage and prevent abuse
• Service Improvement: To optimize our extension's performance

4. Data Storage and Security

4.1 Data Storage

• Local Storage: Client ID is stored locally in your browser using Chrome's storage API
• Database (Supabase): Only usage statistics and hashed fingerprints are stored temporarily
• No Personal Data: We do not store personal information, names, email addresses, or page content
• No Page Content Storage: Web page titles, descriptions, and content are processed in real-time but never stored

4.2 Data Retention

• Usage Counts: Stored for 24 hours for rate limiting (analyze_count, search_count)
• IP Addresses: Stored for 24 hours for rate limiting
• Hashed Fingerprints: Stored for 24 hours for user identification and rate limiting
• Page Content: Never stored - only processed temporarily for analysis
• Operation IDs: Temporary identifiers that are not stored
• Database Reset: All stored data is automatically cleared every 24 hours

5. Third-Party Services

We use the following third-party services:

• Reddit API: To fetch posts and comments (Reddit's privacy policy applies)
• Google Custom Search API: To find relevant Reddit posts (Google's privacy policy applies)
• Serper API: Alternative search service for finding Reddit posts
• Groq AI: For generating summaries and analyzing content (Groq's privacy policy applies)
• Supabase: For temporary database storage of usage statistics only (encrypted, EU-based, cleared every 24 hours)
• Railway: For hosting our backend services (US-based)

Note: We only send page content data to Groq AI for analysis. No personal information is shared with third parties.

6. Your Rights and Choices

• Uninstall: You can uninstall the extension at any time
• Local Data: Uninstalling removes all locally stored data
• No Account Required: We don't require registration or personal information
• Anonymous Usage: All data is anonymized and cannot be traced back to you personally
• Automatic Data Deletion: All server-side data is automatically deleted every 24 hours

7. Data Sharing

We do not sell, trade, or share your personal information with third parties. We only share data as follows:

• Page Content: Sent to Groq AI for analysis (titles, descriptions, headers only)
• Search Queries: Sent to Reddit API, Google Custom Search, and Serper API to find relevant posts
• No Personal Data: We never share your IP address, browser fingerprint, or any identifying information
• Legal Compliance: We may share data if required by law or to protect our rights

8. Children's Privacy

Our extension is not intended for children under 13. We do not knowingly collect information from children under 13.

9. International Users

Our services are hosted in the United States (Railway) with database storage in the European Union (Supabase). By using our extension, you consent to the transfer of your information to these locations for service provision.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of any material changes by updating the "Last Updated" date at the top of this policy.