Legal · plain English

Privacy policy.

The short version: we never sell your data, we never read your browsing history, and we only send page details to our AI partners when you actively scan a product page. The long version is below.

Last updated: May 15, 2026 · Version 2.0

01Introduction

FindPrices ("we", "our", or "us") operates the FindPrices Chrome extension and the findprices.com website. This Privacy Policy explains what data we collect, why we collect it, who we share it with, and the rights you have over it.

02Information we collect

A. Product page content (when you scan)

When you actively invoke FindPrices on a product page, we read that page's visible content — the DOM, extracted Markdown text, and a screenshot — so the extension can identify the product and search for it at other retailers.

We do not read pages you do not actively scan, beyond a lightweight local detector that recognises whether a product page is open. That detector runs entirely on your device and does not transmit any page content.

B. Account data

If you sign in with Google, we receive your email address and your Google profile identifier via the OAuth scopes userinfo.email and userinfo.profile. We use this to identify your account, sync saved deals across devices, and enforce the free-tier daily quota.

C. Search and quality telemetry

To run, monitor, and improve the price-comparison service, we store the following in our Firebase backend, associated with your account ID (or the placeholder anonymous if you are signed out):

  • Submissions — each scan you initiate, with the product URL, identified product, search query, list of candidate results, decision metadata for each candidate, latency, and provider cost breakdown. Up to roughly 250 KB per scan.
  • Errors — runtime errors (message, stack trace, severity, the part of the extension where the error occurred), so we can diagnose and fix problems.
  • Selector failures — when our product-page extractor cannot parse a page it expected to, we log the domain, failing selector, page URL, and (to help us fix the extractor) a screenshot and Markdown capture of the page. This is the same data described in (A) — only captured for pages you have already actively scanned.
  • PDP-learning entries — when our local detector misjudges a page, we log the URL and detector score so we can train the detector to recognise it.
  • Analytics events — lightweight named events with a small parameter map, used to understand product usage.

These telemetry collections carry your account ID where you are signed in. They are pseudonymised, not anonymised — the ID could be used to re-associate the data with your account.

D. Local-only data (never transmitted)

The following is stored on your device via chrome.storage.local and is never sent to us:

  • Preferences (country, currency, region).
  • Onboarding state and side-panel UI state.
  • Cumulative savings counter and per-URL savings cache.
  • Data-sharing consent record (consentVersion, consentAcceptedAt).
  • Slide-in frequency state and snoozed-domain list.
  • Caches of recent comparison results.

chrome.storage.local is browser-managed local storage. It is not encrypted at rest by Chrome — treat it as device-local data. We do not store secrets there.

03How we use your Google account information

If you sign in with Google, we use the data we receive (email + profile ID) only for:

  • Identification: creating a stable user ID for your settings and savings history.
  • Quota management: tracking your daily search usage against free-tier limits.
  • Sync: synchronising your saved deals and total-savings counter across your signed-in devices.
We do not sell your personal identity data. We do not use your email for marketing unless you explicitly opt in.

04Sub-processors and third parties

The sub-processors below process data on our behalf under contractual obligations that align with this policy. We do not sell or rent personal data, and we do not share your general browsing history.

A. AI and search providers (only when you scan)

  • OpenAI — receives pseudonymised product-page details from pages you scan, to identify the product and generate search queries. Privacy policy →
  • SerpAPI — receives the generated search queries (no personal data), to retrieve retailer pricing. Privacy policy →
  • Firecrawl — receives candidate product-page URLs and metadata, for verification crawling. Privacy policy →
  • Perplexity AI — receives generated search queries for niche-retailer discovery. Privacy policy →
  • Exa — receives generated search queries for retailer search. Privacy policy →

B. Backend infrastructure

  • Google Firebase (Firestore, Cloud Functions, Authentication) — backend storage, authentication, and orchestration. Privacy policy →

C. Install attribution (one-time, at install only)

  • Trillion — receives the findprices_sid cookie value at install time so we can attribute the install to the marketing channel that referred you. Not used for ongoing tracking inside the browser. Privacy policy →
  • Reddit (Conversion API) — receives the findprices_rdt_cid cookie value at install time for marketing attribution of Reddit referrals. Not used for ongoing tracking. Privacy policy →
We do NOT share your browsing history. We only process the specific product page you are currently viewing when you actively invoke the extension.

05Monetisation & affiliate disclosure

FindPrices is a free service supported by referral partnerships.

  • Cashback referrals: we receive a referral bounty when you use our links to sign up for cashback services (e.g., ShopBack).
  • Affiliate links: some product links may contain tracking codes that allow us to earn a small commission on purchases, at no extra cost to you.
  • Impartiality: our results are sorted strictly by lowest verified price. We do not prioritise retailers based on commissions.

06Cookies & install attribution

A. Install-attribution handoff (one-time)

When you first install the extension, the welcome page that opens performs a one-time attribution handoff. It loads a small page on findprices.com which reads its own first-party cookies and posts them back via the browser's postMessage API. The values forwarded are:

  • findprices_sid — Trillion attribution session ID.
  • findprices_rdt_cid — Reddit conversion attribution ID.
  • findprices_utm — UTM source / medium / campaign attribution.
  • findprices_ref_code — Referral code linking your install to the FindPrices user who shared the extension with you. Stored locally on your device for 30 days.

The extension does not request the cookies Chrome permission. It cannot read cookies on any other website, and it cannot read findprices.com cookies outside of this one-time install handoff. The values are forwarded once to first-party FindPrices Cloud Functions, which relay the attribution signals to Trillion and Reddit. They are not used for ongoing advertising tracking inside the browser.

B. Website analytics cookies

Our website may use Firebase / Google Analytics cookies to understand how visitors use findprices.com. These collect anonymised data about page visits and interactions.

  • Cookie names: _ga, _ga_*.
  • Duration: up to 2 years.
  • Consent: if you are in the UK, EU, EEA, or Switzerland, we ask for your consent via the cookie banner before setting these cookies.

C. Essential cookies (no consent required)

  • Consent preference: stored in localStorage (not a cookie) to remember your cookie-banner choice for 6 months.

D. How to manage cookies

  • Browser settings: you can delete cookies through your browser at any time.
  • Reset consent: clear localStorage for this site to be asked again.
  • Analytics opt-out: install the Google Analytics Opt-out Browser Add-on.

We do not use third-party advertising cookies on the website.

07Data retention

We retain data only as long as we need it. Retention is enforced by Firestore TTL policies on a per-collection expiresAt field that the extension stamps on every write.

Data category Retention
Account information (email, profile ID)Until you delete your account.
Saved deals and preferencesUntil you delete them or your account.
Submissions, selector_failures, pdp_learning, analytics_events90 days.
Errors30 days.
Feedback (in-extension and contact form)1 year.
Server logs30 days.
Anonymised aggregate website analyticsUp to 2 years.

08Your rights

At any time you may:

  • Access, correct, or delete your data by emailing support@findprices.com or via the in-extension "Delete account" option.
  • Export your data — a machine-readable copy is available on request.
  • Opt out of website analytics via the cookie banner, the browser's Do Not Track signal, or the Global Privacy Control signal.

UK / EU / EEA / Switzerland (GDPR)

You have the rights under the GDPR including access, rectification, erasure, restriction, portability, objection, and the right to lodge a complaint with your supervisory authority.

California (CCPA / CPRA)

You have the rights under the CCPA / CPRA including the right to know, delete, correct, and opt out of sale or share. We do not sell or share personal information for cross-context behavioural advertising. We honour the Global Privacy Control signal. We do not discriminate against consumers who exercise these rights.

09Limited Use of Google User Data

FindPrices's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements:

  • We use Google user data only to identify your account and synchronise your preferences and saved deals — features that are user-facing and prominent in the FindPrices interface.
  • We do not transfer Google user data to third parties except as needed to provide or improve those features, to comply with law, or as part of a merger or acquisition with appropriate safeguards.
  • We do not use Google user data for advertising.
  • We do not allow humans to read Google user data unless you give explicit consent, the access is necessary for security or legal reasons, or the data has been aggregated for internal operations.
  • We do not use Google user data to develop, improve, or train generalised AI or machine-learning models.

10Data security

  • All network traffic uses HTTPS over TLS.
  • OAuth tokens are managed by Chrome's identity API; we do not see or store the raw token.
  • Access to production systems is restricted to authorised personnel and protected by single sign-on with multi-factor authentication.
  • Our Firestore security rules enforce per-collection field allowlists, size caps, and write authorisation on all user-data collections.
  • We follow the OWASP Top Ten guidance and review dependencies regularly.

11Children's privacy

FindPrices is not directed to children under the age of 13, or under the age of 16 in the EEA and the UK. We do not knowingly collect data from minors. If you believe a minor has provided us with data, please contact us and we will delete it.

12International data transfers

Our sub-processors may process data outside of your country, including in the United States. Where required by law we rely on the EU Standard Contractual Clauses or an equivalent safeguard.

13Breach notification

If we become aware of a personal data breach affecting you, we will notify you and the relevant supervisory authority within 72 hours where required by applicable law.

14Changes to this policy

We will post material changes to this page, update the "Last updated" date, and — for significant changes — notify signed-in users by email or in-extension banner before the change takes effect.

When we materially change what data is sent to sub-processors or for what purpose, we will also bump the in-extension consent version, which re-prompts you to accept the updated disclosure before your next scan.

15Contact us

  • Email: support@findprices.com
  • Controller: Inspire Team Pty Ltd (Australia)
  • Postal address: Level 8, 97 Creek St, Brisbane, QLD 4000, Australia