Privacy Policy
OtomasiAjaShopee Extension
December 27, 2025
kmgkjdolkfdcnhajllldndghajhacfgp
otomasiajaowner@gmail.com
TL;DR - Quick Summary
Data We Collect
Email, authentication tokens, Shopee data, usage analytics, payment info
How We Protect It
HTTPS encryption, bcrypt passwords, JWT tokens, Row Level Security
Who We Share With
Only Supabase (backend) and Midtrans (payments) - we never sell data
Your Rights
Access, delete, export your data anytime via support request
1. Overview
This privacy policy explains what data OtomasiAjaShopee collects, how we use it, and your rights regarding your data.
By installing and using this extension, you agree to this privacy policy. This policy applies to all users of the OtomasiAjaShopee browser extension.
2. Data Collection
3. Plan Limits
Free
Free Trial (3 days)
Pro
Business
4. Data Usage
Primary Purposes
- 1Authentication and Account Management
- 2Feature Access Control (enforce plan-based limits)
- 3Service Functionality (scraping, automation, bulk messaging)
- 4Payment Processing
- 5Analytics and Improvement
5. Data Sharing
Supabase (Backend)
Data Shared: All user data (PII, authentication, analytics, payments)
Purpose: Database, authentication, edge functions
Privacy Policy: supabase.com/privacy
Midtrans (Payments)
Data Shared: Order ID, amount, plan type, user email
Purpose: Process subscription payments
PCI Compliance: Yes (PCI DSS Level 1)
Privacy Policy: midtrans.com/privacy-policy
We Do NOT:
- Sell user data to third parties
- Share data with advertisers
- Use data for marketing purposes outside our service
- Transfer data for unrelated purposes
6. Data Storage and Security
Encryption
- •HTTPS for all communications
- •JWT tokens (RS256)
- •Passwords hashed with bcrypt
- •Database encrypted at rest
Access Control
- •Row Level Security (RLS)
- •Users access only their data
- •Service role key never exposed
- •Auto-logout on token expiry
Storage
- •Local: chrome.storage.local
- •Remote: Supabase PostgreSQL
- •Indefinite retention
- •Manual deletion via support
7. Your Rights
Access Your Data
View your profile in extension UI, export scraped data to CSV, or contact support for full data export.
Delete Your Data
Email otomasiajaowner@gmail.com with subject 'Delete My Account'. We will process requests within 30 days.
Correct Your Data
Update email address, password, or plan type via extension UI or password reset.
Export Your Data
Export scraped creator/product/sample data to CSV via extension UI. Contact support for full account export.
Revoke Permissions
Disable or uninstall extension in Chrome settings. Extension stops collecting data immediately.
8. GDPR & CCPA Compliance
GDPR (EU Users)
Your rights under GDPR:
- • Right to access
- • Right to rectification
- • Right to erasure ("right to be forgotten")
- • Right to restrict processing
- • Right to data portability
- • Right to object
- • Right to withdraw consent
CCPA (California Residents)
Your rights under CCPA:
- • Right to know what data is collected
- • Right to delete personal information
- • Right to opt-out of sale (we don't sell data)
- • Right to non-discrimination
To exercise rights: Email otomasiajaowner@gmail.com with subject "CCPA Request"
9. Data Breach Notification
In case of a data breach: We will notify affected users within 72 hours via email to all registered user emails stored in Supabase.
Notification will include: What data was affected, when breach occurred, and remediation steps.
Your action: Change password immediately, monitor account for suspicious activity, contact support with concerns.
10. Contact Information
Privacy Questions
otomasiajaowner@gmail.com
Response: 7 business days
Data Requests
Subject: "Data Request"
Response: Within 30 days
Security Issues
Priority handling
Response: 24-48 hours
This privacy policy has been 100% verified against the actual codebase on December 27, 2025.
All statements are factual and binding. Any deviation from this policy constitutes a privacy violation and must be reported immediately.