Privacy Policy for CRO Djinn Chrome Extension

Effective Date: September 29, 2025

Last Updated: September 29, 2025

1. Introduction

CRO Djinn ("we," "our," or "the Extension") is a Chrome browser extension that provides AI-powered conversion rate optimization analysis for websites. This Privacy Policy explains how we collect, use, protect, and share your information when you use our Extension.

2. Information We Collect

2.1 Page Content Data

When you choose to analyze a webpage, we collect:

  • Page text content (headings, paragraphs, button text, form labels)
  • Page structure (HTML elements, metadata, viewport information)
  • Page screenshots (optional, when visual analysis is enabled)
  • URL of the analyzed page
  • Page title and meta description

2.2 Settings and Configuration Data

We store locally on your device:

  • AI provider preferences (OpenAI or Google Gemini)
  • API keys (encrypted and stored locally)
  • Model selection preferences
  • Analysis settings (screenshot preferences, cache settings)

2.3 Usage Data

We may collect:

  • Analysis timestamps for cache management
  • Error logs for troubleshooting (stored locally)
  • Consent records per domain (stored locally for 30 days)

2.4 Data We Do NOT Collect

  • Personal information (name, email, address)
  • Browsing history beyond pages you explicitly analyze
  • Login credentials or passwords
  • Financial or payment information
  • Data from pages you haven't consented to analyze

3. How We Use Your Information

3.1 Primary Purposes

  • Conversion Rate Optimization Analysis: Process page content to provide CRO recommendations
  • Visual Analysis: When enabled, analyze screenshots for design and layout insights
  • Results Delivery: Present analysis results and export PDF reports
  • Performance Optimization: Cache results to avoid redundant API calls

3.2 Local Processing

  • Settings and preferences are stored locally in Chrome storage
  • Analysis cache is maintained locally on your device
  • No data is sent to our servers

4. Data Sharing and Third-Party Services

4.1 AI Service Providers

When you use our Extension, we share page content with:

OpenAI (when OpenAI provider is selected):

  • Data Shared: Page content, screenshots (if enabled)
  • Purpose: AI analysis for CRO recommendations
  • OpenAI Privacy Policy: https://openai.com/privacy
  • Data Processing: Subject to OpenAI's data usage policies

Google Gemini (when Gemini provider is selected):

  • Data Shared: Page content, screenshots (if enabled)
  • Purpose: AI analysis with visual capabilities
  • Google Privacy Policy: https://policies.google.com/privacy
  • Data Processing: Subject to Google's AI services terms

4.2 Data Transmission Security

  • All API communications use HTTPS encryption
  • API keys are encrypted using Chrome's crypto APIs
  • No data is transmitted without your explicit consent per domain

4.3 No Other Third Parties

We do not share your data with any other third parties, advertisers, or data brokers.

5. User Consent and Control

5.1 Explicit Consent Required

  • Per-Domain Consent: You must explicitly consent for each website domain
  • Clear Disclosure: Consent dialog explains what data will be collected
  • Consent Expiration: Consent expires automatically after 30 days
  • Withdrawal: You can withdraw consent at any time through the extension settings

5.2 User Controls

  • Settings Management: Full control over AI provider and analysis preferences
  • Cache Management: Clear cached analysis results anytime
  • Consent Management: View and revoke consent for specific domains
  • Data Deletion: Clear all extension data through Chrome settings

6. Data Security

6.1 Encryption and Protection

  • API Keys: Encrypted using Chrome's built-in crypto APIs with PBKDF2 key derivation
  • Local Storage: Protected by Chrome's security model
  • Transmission: All data sent via encrypted HTTPS connections
  • Access Control: Only you can access your extension data

6.2 Data Minimization

  • We collect only data necessary for CRO analysis
  • Screenshots are optional and user-controlled
  • Page content is summarized to minimize API costs and data transmission

7. Data Retention

7.1 Local Data

  • Analysis Cache: Retained for 7 days, then automatically deleted
  • Settings: Retained until you uninstall the extension or clear data
  • Consent Records: Automatically expire after 30 days

7.2 Third-Party Retention

  • AI Services: Data retention governed by respective AI provider policies
  • No Permanent Storage: We do not permanently store your data on external servers

8. International Data Transfers

When using AI services, your data may be processed in:

  • OpenAI: United States and other countries where OpenAI operates
  • Google Gemini: Countries where Google AI services are available

These transfers are necessary for providing AI analysis services and are subject to the respective providers' privacy policies and data protection measures.

9. Children's Privacy

Our Extension is not intended for use by children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided information through our Extension, please contact us.

10. Your Rights and Choices

10.1 Access and Control

  • View Settings: Access all your preferences through the extension options
  • Data Export: Export analysis results as PDF reports
  • Consent Management: View and manage site-specific consents

10.2 Data Deletion

  • Clear Cache: Remove all cached analysis results
  • Clear Consents: Remove all domain consent records
  • Complete Removal: Uninstall extension to remove all local data

10.3 Opt-Out Options

  • Visual Analysis: Disable screenshot capture in settings
  • Specific Domains: Deny consent for specific websites
  • Service Providers: Choose between AI providers or discontinue use

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do:

  • Notification: Changes will be reflected in the extension update notes
  • Effective Date: Updated effective date will be posted at the top
  • Material Changes: Significant changes will require new consent

Your continued use of the Extension after changes constitutes acceptance of the updated Privacy Policy.

12. Legal Basis for Processing (GDPR)

For users in the European Union, our legal basis for processing includes:

  • Consent: Explicit consent for page analysis and data sharing with AI services
  • Legitimate Interest: Improving extension functionality and user experience
  • Performance of Service: Providing the CRO analysis service you requested

13. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or your data:

Email: cro.djinn.help@gmail.com

For Chrome Web Store related privacy concerns:
Google Chrome Web Store: https://support.google.com/chrome_webstore/

14. Compliance and Certifications

This Extension complies with:

  • Chrome Web Store Developer Program Policies
  • General Data Protection Regulation (GDPR) for EU users
  • California Consumer Privacy Act (CCPA) for California residents
  • Children's Online Privacy Protection Act (COPPA)

Version: 1.0

Document ID: CRO-Djinn-Privacy-Policy-2025

This privacy policy is designed to be transparent and comprehensive. If you have any questions about how your data is handled, please don't hesitate to contact us.

Built with v0