SamuAI (“we,” “us,” or “our”) operates the website at samuai.dev and the SamuAI browser extension (collectively, the “Service”). This Privacy Policy explains how we collect, use, and protect your information when you use our Service.

Information We Collect

Account Information

When you create an account, we collect your email address and a hashed password. We do not store passwords in plain text. If you subscribe to a paid plan, payment processing is handled entirely by Stripe — we never see or store your credit card number.

Scan Data

When you scan a tool, we process the tool's publicly available metadata: its manifest, permissions, store listing, developer information, and privacy policy URL. We do not collect any data from your personal use of those tools. Scan results are stored in our database so they can be displayed in the catalog and shared via reports.

Browser Extension

The SamuAI browser extension uses the management permission to list your installed extensions for auditing. This data is processed locally and sent to our API only when you explicitly click “Scan” on an extension. We do not passively collect data about your browsing activity, tabs, or page content.

Usage Data

We collect basic server logs (IP address, request timestamps, user agent) for rate limiting and abuse prevention. These logs are not linked to your account and are automatically purged after 30 days.

How We Use Your Information

• •To provide, maintain, and improve the Service
• •To process your scans and display results
• •To manage your account and subscription
• •To enforce rate limits and prevent abuse
• •To respond to support requests

We do not sell your personal information. We do not use your data for advertising. We do not share your information with third parties except as described in this policy.

Third-Party Services

We use the following third-party services:

• •Stripe— payment processing for paid subscriptions. Stripe's privacy policy applies to payment data.
• •Vercel— hosting and infrastructure. Our application runs on Vercel's platform.
• •Neon— PostgreSQL database hosting. Your account and scan data is stored in Neon's infrastructure with encryption at rest.

Data Security

We implement industry-standard security measures to protect your data: all connections use TLS/HTTPS, passwords are hashed with bcrypt, authentication uses httpOnly secure cookies and JWT tokens, and our database connections are encrypted. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

Cookies

We use a single httpOnly session cookie to keep you signed in. We do not use tracking cookies, analytics cookies, or advertising cookies. The browser extension uses chrome.storage.local to store your authentication token locally.

Data Retention

Account data is retained for as long as your account is active. Scan results are retained indefinitely as part of the public catalog. Server logs are purged after 30 days. You can request deletion of your account and associated data by emailing support@samuai.dev.

Your Rights

You have the right to:

• •Access the personal data we hold about you
• •Request correction of inaccurate data
• •Request deletion of your account and data
• •Export your scan history

To exercise any of these rights, contact us at support@samuai.dev.

Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us and we will promptly delete it.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email. The “last updated” date at the top of this page reflects the most recent revision.

Contact

If you have questions about this Privacy Policy, contact us at support@samuai.dev.