Privacy Policy

1. What We Collect

SearchPulse collects the following data to provide its core functionality:

• Account credentials: Your email address and password, used solely for authenticating with the SearchPulse backend.
• Amazon session tokens: Anti-CSRF tokens extracted from Amazon Seller Central pages you visit. These are used to authenticate API requests to download Search Query Performance (SQP) reports on your behalf.
• SQP report data: Search query performance data (search terms, impressions, clicks, cart adds, purchases) downloaded from your Amazon Seller Central account.
• Brand information: Brand names and IDs associated with your Seller Central account, used to scope report downloads.

2. How We Use Your Data

• Report downloading: Session tokens are used to request and download SQP reports from Amazon Seller Central on your behalf.
• Local storage: Downloaded reports are stored locally in your browser using IndexedDB and Chrome storage.
• Backend sync: When you choose to sync, report data is transmitted to the SearchPulse backend for analysis, visualization, and long-term storage.
• Authentication: Your email and password are used to log in to your SearchPulse account. A JWT token is stored locally to maintain your session.

3. Data Storage

• Browser local storage: Report data, settings, and session tokens are stored in Chrome's local storage (IndexedDB and chrome.storage). This data stays on your device.
• Backend database: When synced, report data is stored in a secure PostgreSQL database hosted on Railway infrastructure.
• Session tokens: Amazon CSRF tokens are stored temporarily in Chrome's session storage and are cleared when you close your browser.

4. Third-Party Sharing

We do not sell, rent, or share your data with any third parties. Your data flows only between:

• Your browser (the Chrome extension)
• Amazon Seller Central (to download your own reports)
• The SearchPulse backend (for analysis, only when you initiate a sync)

5. Single Purpose

SearchPulse has a single purpose: download and analyze Amazon Search Query Performance (SQP) reports across all marketplaces. All features, permissions, and data collection serve this purpose exclusively.

6. Permissions Explained

• storage: The storage permission is used to persist user settings (selected marketplaces, brands, date range preferences), authentication tokens for the backend, and downloaded Search Query Performance report data locally in the browser using IndexedDB and chrome.storage.
• tabs: The tabs permission is used to query open Amazon Seller Central tabs and retrieve session tokens (anti-CSRF tokens) needed to authenticate API requests for downloading Search Query Performance reports. The extension sends a message to content scripts in open Seller Central tabs to obtain fresh tokens when the service worker restarts.
• alarms: The alarms permission is used to schedule periodic background sync of downloaded Search Query Performance report data to the user's backend account. This ensures reports are kept up to date without requiring the user to manually trigger syncs.
• Host permissions (Amazon Seller Central — sellercentral.amazon.*): Required to extract session tokens from the user's authenticated Seller Central pages and to download Search Query Performance reports via Amazon's internal API.
• Host permissions (Amazon S3 — prod-eu-downloaded-reports.s3.amazonaws.com, prod-na-downloaded-reports.s3.amazonaws.com): Required to download the generated CSV report files from Amazon's report storage.
• Host permissions (SearchPulse backend — diligent-peace-production.up.railway.app): Required to sync report data to the user's SearchPulse account for analysis and visualization.

7. Remote Code

This extension does not use any remote code. All JavaScript is bundled locally within the extension package. No scripts are loaded from external servers at runtime.

8. Your Rights

• Delete local data: You can clear all locally stored data by removing the extension from Chrome.
• Delete backend data: Contact us to request deletion of your account and all associated data from our servers.
• Data export: You can export your data from the SearchPulse dashboard at any time.

9. Security

All communication between the extension, Amazon, and the SearchPulse backend is encrypted using HTTPS/TLS. Passwords are hashed before storage. JWT tokens expire after a set period and are automatically refreshed.

10. Contact

For questions or requests regarding your data, please contact us at:

contact@m19.com