Privacy Policy - Svavatars Chrome Extension

Privacy Policy for Svavatars Chrome Extension

Last updated: January 27, 2026

Summary: Svavatars is an AI-powered web page analysis extension. Your data is processed through our secure Supabase backend servers. We collect only what's necessary to provide the service. We do not sell, trade, or transfer your personal data to third parties for marketing or advertising purposes.
Chrome Web Store Limited Use Disclosure: Svavatars' use and transfer to any other app of information received from Google APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements. Specifically:
  • We only use data to provide or improve user-facing features that are prominent in our extension's user interface
  • We do not transfer data to third parties except as necessary to provide or improve user-facing features, as required by law, or for security purposes
  • We do not use or transfer data for serving advertisements
  • We do not allow humans to read user data except with user consent for support purposes, for security investigations, to comply with law, or when data is aggregated and anonymized for internal operations

1. Introduction

Svava ("we," "our," or "us") operates the Svavatars Chrome Extension ("Extension" or "Service"). This Privacy Policy explains how we collect, use, store, share, and protect your information when you use our Extension.

By installing and using the Svavatars Extension, you agree to the collection and use of information in accordance with this Privacy Policy. This policy is designed to be transparent about our data practices and to comply with the Chrome Web Store Developer Program Policies.

2. Information We Collect

2.1 Data You Actively Provide

  • Authentication Data: Login credentials and session tokens when you sign in to the service
  • Chat Messages: Text messages you send to AI assistants through the Extension
  • Screenshots: Web page screenshots you capture for AI analysis (only when you explicitly click the capture button)
  • Organization Selection: Your selected organization/team within the service

2.2 Data Collected Automatically

  • Tab Information: URL and title of the active tab when you request a screenshot or analysis (used to provide context to the AI)
  • Session Data: Authentication tokens to maintain your logged-in state
  • Extension Settings: Your preferences such as capture strategy and selected AI assistant

2.3 Data We Do NOT Collect

  • Browsing history (we only access the active tab when you explicitly request analysis)
  • Passwords or sensitive form data
  • Personal identification beyond what you provide during authentication
  • Location data
  • Device identifiers or fingerprints
  • Data from tabs you don't actively analyze

3. How We Use Your Information

Data Type Purpose Legal Basis
Authentication Data To verify your identity and provide access to the service Contract performance
Chat Messages To process your requests and generate AI responses Contract performance
Screenshots To analyze web page content and provide AI insights Contract performance
Tab Information To provide context for AI analysis of the page you're viewing Legitimate interest
Settings To remember your preferences and customize your experience Legitimate interest

4. Data Storage

4.1 Local Storage (On Your Device)

The following data is stored locally on your device using Chrome's storage APIs:

  • Extension settings and preferences (capture strategy, selected assistant)
  • Authentication tokens (encrypted)
  • Server configuration preferences

4.2 Server Storage (Supabase Cloud)

The following data is stored on our secure Supabase servers:

  • User account information
  • Chat conversation history and messages
  • AI assistant configurations
  • Uploaded attachments and screenshots (for conversation context)
  • Organization and team memberships

4.3 Storage Security

  • All data transmission uses HTTPS/TLS encryption
  • Server data is stored in Supabase's secure cloud infrastructure
  • Authentication tokens are stored using Chrome's secure storage mechanisms
  • Database access is protected by row-level security policies

5. Data Sharing and Third Parties

5.1 AI Processing

To provide AI-powered analysis, your messages and screenshots are processed through:

  • Our Supabase Backend: All AI requests are routed through our secure edge functions
  • AI Model Providers: Your content may be processed by AI providers (such as OpenAI or Anthropic) through our backend to generate responses
Important: We do not share your raw data directly with AI providers. All requests are processed through our secure backend, which handles API authentication and data routing.

5.2 We Do NOT:

  • Sell your personal data to third parties
  • Share your data with advertisers
  • Use your data for purposes unrelated to providing the service
  • Transfer your data to third parties for their marketing purposes

5.3 Service Providers

We use the following service providers who may process your data:

  • Supabase: Cloud database and authentication services (data storage and user management)
  • AI Model Providers: For generating AI responses (accessed through our backend)

6. Data Retention

  • Chat History: Retained until you delete it or close your account
  • Screenshots/Attachments: Retained as part of conversation history until deleted
  • Account Data: Retained while your account is active; deleted upon account closure
  • Local Settings: Retained until you uninstall the extension or clear extension data

7. Your Rights and Choices

7.1 Access and Control

  • View Your Data: Access your chat history and settings through the Extension interface
  • Delete Conversations: Remove individual conversations or clear all chat history
  • Export Data: Request a copy of your data by contacting us
  • Delete Account: Request complete account deletion by contacting us

7.2 Extension Controls

  • Uninstall: Remove the extension to delete all local data
  • Sign Out: Log out to clear authentication tokens
  • Settings: Modify your preferences at any time through the settings panel

7.3 Rights for EU/EEA Users (GDPR)

If you are located in the European Union or European Economic Area, you have the right to:

  • Access your personal data
  • Rectify inaccurate personal data
  • Request erasure of your personal data
  • Restrict processing of your personal data
  • Data portability
  • Object to processing
  • Lodge a complaint with a supervisory authority

7.4 Rights for California Users (CCPA)

California residents have the right to:

  • Know what personal information is collected
  • Know whether personal information is sold or disclosed and to whom
  • Say no to the sale of personal information (we do not sell your data)
  • Access your personal information
  • Request deletion of your personal information
  • Equal service and price (non-discrimination)

8. Chrome Extension Permissions

Our Extension requires certain permissions to function. Here's why each permission is needed:

Permission Purpose
activeTab To capture screenshots of the webpage you're viewing when you click the capture button
scripting To inject content scripts that enable screenshot capture functionality
storage To save your preferences, authentication tokens, and settings locally
sidePanel To display the main chat interface in Chrome's side panel
tabs To access tab information (URL, title) for providing context to AI analysis
offscreen To process screenshots in a dedicated environment without blocking your browsing
debugger For advanced screenshot capture of complex web applications and dynamic content
contextMenus To add right-click menu options for quick access to AI analysis features
Host permissions To capture and analyze content from any webpage you choose to analyze

9. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption in Transit: All data is transmitted over HTTPS/TLS
  • Encryption at Rest: Server data is encrypted using industry-standard encryption
  • Access Controls: Row-level security policies restrict data access
  • Secure Authentication: Session tokens are securely managed and can be revoked
  • Regular Security Reviews: We regularly review and update our security practices

10. Children's Privacy

Our Extension is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us so we can delete such information.

11. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers, including:

  • Standard contractual clauses approved by relevant authorities
  • Data processing agreements with our service providers
  • Compliance with applicable data protection laws

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of changes by:

  • Updating the "Last updated" date at the top of this policy
  • Posting the updated policy on this page
  • For significant changes, notifying you through the Extension interface

We encourage you to review this Privacy Policy periodically for any changes.

13. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

  • Email: elia.morling@svava.io
  • Website: https://svava.io

For data protection inquiries or to exercise your rights, please email us with the subject line "Privacy Request".

14. Compliance

This Privacy Policy is designed to comply with:

  • Chrome Web Store Developer Program Policies
  • General Data Protection Regulation (GDPR)
  • California Consumer Privacy Act (CCPA)
  • Other applicable data protection laws
Questions? If you have any questions about this Privacy Policy or how we handle your data, please don't hesitate to contact us.