Privacy Policy — StackEasy Chrome Extension

The short version: checkout detection happens entirely on your device — the pages you visit are never transmitted anywhere. Your card selections stay in Chrome storage. We collect no browsing history, we sell no data, and we never inject affiliate links or hijack purchase credit.

1. What the extension does

The StackEasy extension helps you choose which credit card to use when you are about to make a purchase. To do that, a content script runs locally in your browser on the pages you visit. It reads the page URL and page structure (DOM) on your device to determine whether you are on a product or checkout page, identify the merchant category, and extract the purchase total so it can rank your cards for that specific purchase.

All of this detection happens on-device. The contents of the pages you visit — URLs, page text, prices, anything else the content script reads — are never transmitted to StackEasy or to any third party. The page analysis exists only inside your browser and is discarded when you leave the page.

2. Your wallet (card selections)

You can tell the extension which credit cards you carry by selecting them from our card catalog. No account is required for this.

Wallet selections are stored using Chrome's extension storage (chrome.storage) on your device. Chrome may sync this selection across your own signed-in Chrome profile, under Google's Chrome Sync terms.
Your wallet is never sold and never shared with third parties.
Full-catalog card search: if you search the full card catalog while setting up your wallet, your search text and the name of the card you add are sent to StackEasy’s card database API (over HTTPS) to look up that card’s rewards rates. This happens only during wallet setup, at your request. The rates are then cached on your device — ranking at checkout never makes network requests, and no browsing activity is ever included in these lookups.
Removing a card from your wallet, or uninstalling the extension, removes this data.

3. Optional StackEasy account connection

You may optionally connect your StackEasy account to get recommendations informed by your real card data — balances, utilization, APR promotion deadlines, and payment due dates.

Connection uses OAuth. You authorize the extension on api.stackeasy.ai; the extension never sees your StackEasy password.
The connection is read-only. The extension fetches your card data from api.stackeasy.ai to display recommendations and alerts. It cannot modify your account, move money, or write data to your profile.
Access tokens are stored in chrome.storage.local on your device only.
You can revoke access at any time by signing out in the extension (which revokes the token) or by uninstalling the extension.
Network requests made by the extension go only to StackEasy hosts: api.stackeasy.ai for your own account data, and our card database API (t.stackeasy.ai) for the catalog rate lookups described above. The extension sends no data about your browsing to either — it only requests card information you ask for.

Data in your StackEasy account itself is governed by the main StackEasy privacy policy at stackeasy.ai.

4. What we do NOT do

No browsing-history collection. We do not log, store, or transmit the websites you visit. There is no analytics beacon in the content script.
No selling of data. We do not sell, rent, or trade any data from this extension to anyone, for any purpose.
No affiliate-link injection or link hijacking. The extension never rewrites links, never inserts or replaces affiliate or tracking codes, and never claims commission credit on your purchases. This is a deliberate design decision and a core difference from coupon-style shopping extensions.
No payment form access. The extension never reads, autofills, or intercepts card numbers or payment forms.
No ads and no third-party trackers inside the extension.

5. Permissions, explained

Site access (https://*/*): required so the local content script can detect checkout pages on any store you shop at. Detection is on-device only.
storage: saves your wallet selections and settings locally (and tokens, if you connect an account).
identity: powers the optional OAuth sign-in flow for connecting your StackEasy account.
sidePanel / tabs / activeTab / scripting: used to open and update the recommendation panel for the tab where a checkout was detected.
alarms: schedules periodic refreshes of your own card data so APR-deadline alerts stay current.

6. Data retention

Because page analysis is on-device and ephemeral, there is nothing for us to retain about your browsing. Wallet selections and cached card data live in Chrome storage until you remove them or uninstall the extension. Revoking the account connection deletes stored tokens from your device.

7. Changes to this policy

If we change this policy, we will update this page and the effective date above. Material changes that affect what data the extension handles will be highlighted in the extension's release notes.

8. Contact

Questions about this policy or your data: support@stackeasy.ai

← Back to the StackEasy extension page