Privacy Policy for Svava Chrome Extension
Last updated: January 27, 2026
- We only use data to provide or improve user-facing features that are prominent in our extension's user interface
- We do not transfer data to third parties except as necessary to provide or improve user-facing features, as required by law, or for security purposes
- We do not use or transfer data for serving advertisements
- We do not allow humans to read user data except with user consent for support purposes, for security investigations, to comply with law, or when data is aggregated and anonymized for internal operations
1. Introduction
Svava ("we," "our," or "us") operates the Svava Chrome Extension ("Extension" or "Service"). This Privacy Policy explains how we collect, use, store, share, and protect your information when you use our Extension.
By installing and using the Svava Extension, you agree to the collection and use of information in accordance with this Privacy Policy. This policy is designed to be transparent about our data practices and to comply with the Chrome Web Store Developer Program Policies.
2. Information We Collect
We collect only the minimum data necessary to provide our AI-powered web page analysis service. Below is a comprehensive list of all data we collect:
2.1 Data You Actively Provide
- Authentication Data: Email address and password (or OAuth tokens if using third-party login) when you sign in to the service. Passwords are never stored in plain text.
- Chat Messages: Text messages you send to AI assistants through the Extension. These messages are stored to maintain your conversation history.
- Screenshots and Attachments: Web page screenshots you capture for AI analysis (only when you explicitly click the capture button), and any files you choose to upload. These are stored as part of your conversation history.
- Organization Selection: Your selected organization/team within the service, if applicable.
2.2 Data Collected Automatically
Web browsing activity disclosure: When you initiate analysis, we collect the active tab's URL/title and capture the visible page content you choose to analyze. This is limited to the specific tab and moment you trigger the feature.
- Tab Information: URL and title of the active tab when you request a screenshot or analysis. This is used solely to provide context to the AI for your analysis request.
- Captured Page Content: The visible content included in screenshots you capture for analysis.
- Session Data: Authentication tokens to maintain your logged-in state across browser sessions.
- Extension Settings: Your preferences such as capture strategy, selected AI assistant, and language preference. These are stored locally on your device.
2.3 Data We Do NOT Collect
- General browsing history across tabs or over time (we only access the active tab you choose to analyze at the time you click the capture/analysis action)
- Passwords or sensitive form data from websites you visit
- Personal identification beyond what you provide during authentication
- Location data or geolocation information
- Device identifiers, fingerprints, or hardware information
- Data from tabs you don't actively analyze
- Cookies from websites you visit
- Keystrokes or input data outside of the extension interface
3. How We Use Your Information
| Data Type | Purpose | Legal Basis |
|---|---|---|
| Authentication Data | To verify your identity and provide access to the service | Contract performance |
| Chat Messages | To process your requests and generate AI responses | Contract performance |
| Screenshots | To analyze web page content and provide AI insights | Contract performance |
| Tab Information | To provide context for AI analysis of the page you're viewing | Legitimate interest |
| Web Page Content (Screenshots/Images) | To analyze the page you choose to capture and provide AI insights | Contract performance |
| Settings | To remember your preferences and customize your experience | Legitimate interest |
4. Data Storage
4.1 Local Storage (On Your Device)
The following data is stored locally on your device using Chrome's storage APIs:
- Extension settings and preferences (capture strategy, selected assistant)
- Authentication tokens (encrypted)
- Server configuration preferences
4.2 Server Storage (Supabase Cloud)
The following data is stored on our secure Supabase servers:
- User account information
- Chat conversation history and messages
- AI assistant configurations
- Uploaded attachments and screenshots (for conversation context)
- Organization and team memberships
4.3 Storage Security
- All data transmission uses HTTPS/TLS encryption
- Server data is stored in Supabase's secure cloud infrastructure
- Authentication tokens are stored using Chrome's secure storage mechanisms
- Database access is protected by row-level security policies
5. Data Sharing and Third Parties
We are committed to transparency about who has access to your data. Below is a complete list of all parties with whom your data may be shared:
5.1 AI Processing
To provide AI-powered analysis, your messages and screenshots are processed through:
- Our Supabase Backend: All AI requests are routed through our secure edge functions hosted on Supabase infrastructure
- OpenAI: Your chat messages and screenshots may be sent to OpenAI's API (GPT models) to generate AI responses
- Google (Gemini): Your chat messages and screenshots may be sent to Google's Gemini API to generate AI responses
- Anthropic: Your chat messages and screenshots may be sent to Anthropic's API (Claude models) to generate AI responses
What data is sent to AI providers:
- The text content of your chat messages
- Screenshots or images you attach to your messages
- URL and title of the webpage being analyzed (for context)
- Relevant visible page content included in screenshots you capture
- Previous messages in the conversation (for context continuity)
What data is NOT sent to AI providers:
- Your email address or account credentials
- Your authentication tokens
- Your browsing history
- Data from other conversations or sessions
5.2 We Do NOT:
- Sell your personal data to any third parties under any circumstances
- Share your data with advertisers or ad networks
- Use your data for advertising or marketing purposes
- Transfer your data to third parties for their own marketing purposes
- Permit human review of your data except as described in Section 5.4 below
5.3 Service Providers
We use the following service providers who may process your data as part of providing our service:
| Provider | Purpose | Data Processed |
|---|---|---|
| Supabase | Cloud database, authentication, and serverless functions | Account data, chat history, attachments, settings |
| OpenAI | AI response generation | Chat messages, screenshots, page context |
| Google (Gemini) | AI response generation | Chat messages, screenshots, page context |
| Anthropic | AI response generation | Chat messages, screenshots, page context |
5.4 Human Access to Data
We limit human access to your data. Our employees and contractors may only access your personal data in the following limited circumstances:
- With your explicit consent: When you contact us for technical support and authorize us to review your data to resolve an issue
- For security purposes: When investigating potential abuse, fraud, or security incidents
- To comply with law: When required by valid legal process
- Aggregated and anonymized: For internal analytics and service improvement, where individual users cannot be identified
6. Data Retention
We retain your data only as long as necessary to provide our services. Below are our specific retention periods:
| Data Type | Retention Period | How to Delete |
|---|---|---|
| Chat History | Retained until you delete it or close your account | Delete individual conversations in the extension, or request full deletion |
| Screenshots/Attachments | Retained as part of conversation history until the conversation is deleted | Delete the associated conversation |
| Account Data | Retained while your account is active; deleted within 30 days of account closure | Contact us to close your account |
| Local Settings | Retained until you uninstall the extension or clear extension data | Uninstall the extension or clear data in Chrome settings |
| Authentication Tokens | Retained until you sign out or they expire (typically 7 days) | Sign out of the extension |
Data sent to AI providers: Data sent to AI providers (OpenAI, Google, Anthropic) for processing is subject to their respective data retention policies. We do not control how long they retain data after processing. Please refer to their privacy policies for details.
AI provider data use: Your data is shared with AI providers solely to generate responses. Provider data handling (including any model training or retention settings) is governed by their respective policies and agreements.
7. Your Rights and Choices
7.1 Access and Control
- View Your Data: Access your chat history and settings through the Extension interface
- Delete Conversations: Remove individual conversations or clear all chat history
- Export Data: Request a copy of your data by contacting us
- Delete Account: Request complete account deletion by contacting us
7.2 Extension Controls
- Uninstall: Remove the extension to delete all local data
- Sign Out: Log out to clear authentication tokens
- Settings: Modify your preferences at any time through the settings panel
7.3 Rights for EU/EEA Users (GDPR)
If you are located in the European Union or European Economic Area, you have the right to:
- Access your personal data
- Rectify inaccurate personal data
- Request erasure of your personal data
- Restrict processing of your personal data
- Data portability
- Object to processing
- Lodge a complaint with a supervisory authority
7.4 Rights for California Users (CCPA)
California residents have the right to:
- Know what personal information is collected
- Know whether personal information is sold or disclosed and to whom
- Say no to the sale of personal information (we do not sell your data)
- Access your personal information
- Request deletion of your personal information
- Equal service and price (non-discrimination)
8. Chrome Extension Permissions
Our Extension requires certain permissions to function. Here's why each permission is needed:
| Permission | Purpose |
|---|---|
| activeTab | To capture screenshots of the webpage you're viewing when you click the capture button |
| scripting | To inject content scripts that enable screenshot capture functionality |
| storage | To save your preferences, authentication tokens, and settings locally |
| sidePanel | To display the main chat interface in Chrome's side panel |
| tabs | To access tab information (URL, title) for providing context to AI analysis |
| offscreen | To process screenshots in a dedicated environment without blocking your browsing |
| debugger | For advanced screenshot capture of complex web applications and dynamic content |
| contextMenus | To add right-click menu options for quick access to AI analysis features |
| Host permissions | To capture and analyze content from any webpage you choose to analyze |
9. Data Security
We implement appropriate technical and organizational measures to protect your data:
- Encryption in Transit: All data is transmitted over HTTPS/TLS
- Encryption at Rest: Server data is encrypted using industry-standard encryption
- Access Controls: Row-level security policies restrict data access
- Secure Authentication: Session tokens are securely managed and can be revoked
- Regular Security Reviews: We regularly review and update our security practices
10. Children's Privacy
Our Extension is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us so we can delete such information.
11. International Data Transfers
Your data may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers, including:
- Standard contractual clauses approved by relevant authorities
- Data processing agreements with our service providers
- Compliance with applicable data protection laws
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of changes by:
- Updating the "Last updated" date at the top of this policy
- Posting the updated policy on this page
- For significant changes, notifying you through the Extension interface
We encourage you to review this Privacy Policy periodically for any changes.
13. Contact Information
If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:
- Email: elia.morling@svava.io
- Website: https://svava.io
For data protection inquiries or to exercise your rights, please email us with the subject line "Privacy Request".
14. Compliance
This Privacy Policy is designed to comply with:
- Chrome Web Store Developer Program Policies (including User Data Policy and Limited Use requirements)
- General Data Protection Regulation (GDPR)
- California Consumer Privacy Act (CCPA)
- Other applicable data protection laws
15. Summary of Data Practices
For clarity, here is a summary of our key data practices:
| Practice | Our Commitment |
|---|---|
| Data Collection | We collect only what is necessary to provide our AI-powered web page analysis service |
| Data Use | We use your data only to provide and improve the service features you use |
| Data Sharing | We share data only with AI providers to generate responses, and with Supabase for storage |
| Data Sale | We do NOT sell your data to anyone, ever |
| Advertising | We do NOT use your data for advertising or share it with advertisers |
| Human Access | Humans cannot read your data except with consent, for security, or legal compliance |
| Data Security | All data is encrypted in transit (HTTPS/TLS) and at rest |
| User Control | You can view, export, and delete your data at any time |