Privacy Policy

Introduction

This Privacy Policy describes how Cartrize collects, uses, discloses, and protects information when you use our websites (including https://www.cartrize.com), our Cartrize browser extension published on the Chrome Web Store, and related applications or support channels (collectively, the “Services”). In this policy, “Cartrize,” “we,” “us,” or “our” refers to the operator of the Services.

This document is written to align with the Google Chrome Web Store Developer Program Policies and common User Data disclosure categories used in the Chrome Web Store listing. Where the Chrome Web Store asks what data the extension handles, the categories below are the authoritative description of our practices, subject to this policy as a whole.

If you do not agree with this policy, please do not use the Services. Where local law requires a different lawful basis or provides you additional rights, we apply those requirements as described below and in any supplemental notices we may provide.

Data controller

The data controller for personal information processed in connection with the Services is the Cartrize entity operating the Services and identified in customer agreements or checkout flows. For general privacy inquiries, use the contact method in Contact us.

Chrome extension and single purpose

The Cartrize extension has a single, narrow purpose: when you are signed in, it helps you capture the listing page in the browser tab you are using and send structured listing-related content to your Cartrize account so you can compare and publish Quotes in the web application. The extension is not a general-purpose tracker, keylogger, or passive browsing-history product.

User-initiated capture. Saving a listing is an action you take in the extension while viewing a page. We do not build or store a continuous list of every web page you visit across the web (Chrome Web Store “Web history” style disclosure). We process website content from pages you intentionally save, and related technical metadata needed to operate the save (for example the page URL you captured).

No remote executable code. All JavaScript that runs as part of the extension is shipped inside the extension package. Responses from Cartrize servers are used as data (for example JSON) to authenticate you and complete saves; we do not download executable script from the network to run inside the extension in place of packaged code.

Extension permissions (summary). The published manifest may request permissions such as storage (local UI and progress state), cookies (session cookies for Cartrize origins only so the extension can call your account APIs), tabs and scripting (targeting the tab you save, using packaged scripts), notifications (optional progress or outcome notices during a save), and broad http(s)://*/* access so a content script can read listing text from the many third-party listing sites where you may work. We request host access only to fulfil the single purpose above, not for unrelated advertising or surveillance.

Information we collect (Chrome disclosure mapping)

The following categories are phrased so you can map them to Chrome Web Store Data usage checkboxes and similar regulatory summaries:

• Personally identifiable information (Chrome: Personally identifiable information): for example email address, display name if you provide one, and identifiers supplied by a sign-in provider (such as Google or Apple) when you choose those options.
• Authentication information (Chrome: Authentication information): for example password hash if you use email sign-in, session tokens, and cookies used to keep you signed in to Cartrize in the browser and extension.
• Financial and payment information (Chrome: Financial and payment information): when you subscribe or pay, our payment processor processes payment details; we typically receive limited billing metadata (such as subscription status, customer identifiers, and invoice references), not full payment card numbers.
• Location (Chrome: Location): for example approximate location derived from IP address in server logs and security-related processing, and city or region fields you or the product supply for Quotes or profiles where applicable.
• User activity (Chrome: User activity): for example device and browser type, access times, referring URLs where available, diagnostic and error logs, and interaction events needed to operate, secure, and improve the Services (not keystroke logging on arbitrary sites).
• Website content (Chrome: Website content): text, URLs or fingerprints of pages you capture with the extension, structured fields and notes you enter, extracted or derived listing content, and model outputs generated from content you choose to save or process in the product.
• Personal communications (Chrome: Personal communications): when you use the Quote Board, inbox, respond flows, or contact forms, we process the messages and related metadata needed to deliver those features (for example thread identifiers and timestamps). Routine support or sales inquiries you send to us are included here as well.

We do not use the Services to collect health information as a designated category of sensitive health records. We do not treat the extension as a tool to record a full browsing history feed of unrelated pages you did not choose to save.

Quote Board and granular consent

Publishing a Quote to the public Quote Board makes a comparison snapshot visible to other users. Sellers or other viewers may use Cartrize to send you inbox messages in connection with that post where the product allows it.

Before you can complete a publish action in the product, Cartrize requires an explicit in-product confirmation—such as checking a box that states you understand you may receive inbox messages from people who view the post—together with a server-side check. This granular consent step is separate from general account creation and exists so promotional or sensitive messaging expectations are not bundled into unrelated controls.

How we use information

We use personal information to:

• Provide, maintain, operate, and improve the Services;
• Create and manage accounts, authenticate users, and enforce security;
• Process transactions, fulfil orders, communicate about billing, and send service-related notices;
• Respond to inquiries, troubleshoot issues, and provide customer support;
• Detect, prevent, and investigate fraud, abuse, and security incidents;
• Analyze aggregated or de-identified trends to improve product quality; where required, we rely on legitimate interests or consent for optional analytics;
• Comply with legal obligations and enforce our terms and policies;
• Communicate about features or offerings where permitted by law (you may opt out of promotional messages as described in those communications).

Legal bases (EEA, UK, and Switzerland)

Where GDPR-style laws apply, we rely on:

• Performance of a contract — to deliver the Services you request;
• Legitimate interests — to secure our systems, understand product usage at an aggregate level, and communicate with you about operational matters, balanced against your rights;
• Consent — where required for certain cookies, marketing, or for specific features such as publishing to the Quote Board with separate messaging expectations, which you may withdraw where the law allows;
• Legal obligations — where we must retain or disclose data to comply with law.

How we share information

We share personal information with service providers (“subprocessors”) that process data on our behalf under written agreements—for example hosting and infrastructure vendors, database providers, authentication and email delivery vendors, payment processors, analytics or error-reporting tools, and AI or language-model infrastructure where features rely on automated processing. We authorize them to use personal information only as needed to deliver their services to us.

We may disclose information where required by law, to protect rights and safety, or in connection with a merger, financing, restructuring, or acquisition, subject to standard confidentiality safeguards.

We do not sell personal information in the conventional sense. We do not use or transfer user data for purposes unrelated to the item’s single purpose described above, and we do not use or transfer user data to determine creditworthiness or for lending purposes, in line with typical Chrome Web Store certification questions.

International transfers

We may process and store personal information in the United States and other countries where we or our providers operate. Where we transfer personal information from jurisdictions that mandate safeguards, we rely on lawful transfer mechanisms recognized by those laws (such as adequacy decisions or standard contractual clauses) as applicable.

Retention

We retain personal information for as long as needed to fulfil the purposes described above, unless a longer period is required or permitted by law—including for backups, audits, disputes, accounting, fraud prevention, and enforcing agreements. Criteria include the nature of the data, the risk of harm, legal requirements, and whether we can achieve the purposes through aggregated or pseudonymous data.

Security

We maintain administrative, technical, and organizational measures appropriate to the nature of our processing—for example encryption in transit, access controls, least-privilege practices, patching, and vendor review. No method of transmission over the Internet is completely secure; we encourage you to use strong passwords and protect your account credentials.

Your privacy rights

Depending where you reside, you may have rights such as accessing, correcting, deleting, or exporting your personal information; restricting or objecting to certain processing; opting out of targeted advertising or profiling where applicable; lodging a complaint with a supervisory authority; and withdrawing consent where processing is consent-based.

United States — California & similar state laws: Residents covered by comprehensive state privacy laws may have rights to know, delete, and correct certain personal information and to appeal our responses. Where “sale” or “sharing” definitions apply narrowly to online advertising signals, our practices are described in this policy. Verified requests may be submitted through Contact us. We do not discriminate for exercising lawful privacy rights.

Cookies and similar technologies

We use cookies, local storage, and similar technologies to keep you signed in, remember preferences, analyze performance, diagnose errors, and mitigate abuse. You can adjust browser controls to refuse some cookies; parts of the Services may not function correctly if you block essential cookies.

Children

The Services are not directed at children under 13 (or higher age where local law mandates). We do not knowingly collect personal information from children. If you believe we have processed a child's personal data in error, please contact us and we will take appropriate steps to delete it.

Third-party listing sites

The Cartrize extension may summarize or capture information from third-party listings or websites that you intentionally save. Those sites have their own terms and privacy practices; we encourage you to read them and ensure you comply with site rules and applicable law.

Changes

We may update this Privacy Policy from time to time. We will publish the updated version with a revised “Last updated” date and, where the law or the change materially affects you, obtain consent or notify you using email or prominent notice.

Contact us

For privacy-related requests—including access, portability, corrections, deletions, and questions about transfers or subprocessors — please contact us through our Contact sales page and include “Privacy” in your message subject or body so we route it to the right team promptly.