Last updated: 19 May 2026
SafeCart is a Chrome extension that protects online shoppers from phishing checkout pages, tracks the payments you make online so you know when an order confirmation is missing, and tells you when a store you shop at appears in a known data breach. This policy describes exactly what data SafeCart sees, where it goes, and what we never collect.
We’ve written this in plain English. Where a sentence has a footnote (¹, ², …), it points to the specific source file in the SafeCart code so you can verify the behavior yourself.
SafeCart processes the following kinds of data, only on the pages and at the moments described:
When you open a web page, SafeCart’s content script runs and looks at the page’s URL and DOM to see whether the page has a credit-card input field.¹ If a card field is present, the URL is scored for phishing risk.
example.com) to https://rdap.org to check how old the domain is. RDAP is a public WHOIS lookup; no user identifier is sent.URLs are never used for advertising, profiling, or any purpose other than scoring the page in front of you.
When you click a “Buy” or “Pay” button on a page that has a credit-card field, SafeCart records:⁴
og:site_name meta tag, page title, or hostname)This record stays in chrome.storage.local on your device. It is never sent to our servers.
If you uninstall SafeCart, this data is removed by Chrome with the extension.
If you choose “Connect Gmail” in Settings, SafeCart requests the https://www.googleapis.com/auth/gmail.readonly OAuth scope. With your permission, the extension reads your inbox only to look for order-confirmation emails matching a payment record.⁵ This happens:
All Gmail reads happen inside your browser, in the extension’s service worker. Email content is never transmitted to SafeCart’s servers. The match result (matched / not matched, plus the sender, subject, and date of the matching message if any) is written only to your chrome.storage.local.
You can disconnect Gmail any time in Settings; SafeCart will lose access immediately.
Each store where SafeCart detects a checkout or buy click is added to a “tracked merchants” list, stored locally. Once a day, the registered domain of each tracked merchant (e.g. example.com — never a path, query string, or URL specific to you) is sent to the HaveIBeenPwned “breaches by domain” endpoint to check whether that store has had a known data breach.⁶
We send only public store domains. Your email address, password, and personal identifiers are never sent to HIBP through SafeCart.
If you sign up for SafeCart Premium or Family, you create an account with our authentication provider, Supabase. Your email and password go from your browser directly to Supabase over HTTPS — SafeCart’s own backend never sees your password.⁷ Supabase issues a short-lived access token (JWT) which the extension uses to authenticate to our backend.
If you do not create an account, you can still use SafeCart’s free features.
Premium and Family subscriptions are processed by Stripe. We store the following in our database (one row per paid user):⁸
free, premium, family)active, trialing, past_due, canceled, …)We do not store your name, billing address, card number, or any other card data. Stripe handles all card data and is PCI-DSS Level 1 compliant.
| Third party | What they see | Why |
|---|---|---|
| Google Safe Browsing | A URL when you reach a checkout page | Phishing/malware reputation lookup |
| PhishTank | A URL when you reach a checkout page | Phishing reputation lookup |
| RDAP (rdap.org) | A domain when you reach a checkout page | Domain-age lookup |
| HaveIBeenPwned | A domain (once per tracked merchant, daily) | Data-breach lookup |
| Google Gmail API | Inbox read queries, from your browser | Order-confirmation matching (only if you connect Gmail) |
| Supabase | Your email + password (signup/sign-in only); your user ID + subscription state thereafter | User accounts |
| Stripe | Your email and card data (only at checkout, on Stripe’s site, never via SafeCart’s UI) | Payment processing |
| Cloudflare | Encrypted traffic to our Workers backend | Hosting infrastructure |
We do not use cookies for tracking. We do not embed third-party scripts in any UI surface.
chrome.storage.local and chrome.storage.sync (the latter syncs across the Chrome installs signed into your Google account, and contains only your SafeCart identity UUID and feature toggles).chrome://settings/cookies/detail?site=chrome-extension://<id> or simply uninstall the extension.We aim to action data deletion requests within 7 days.
SafeCart is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has created a SafeCart account, contact us and we will delete it.
We will post any material changes to this page and update the “Last updated” date at the top. If the change broadens what data we collect or share, we will surface a notice in the extension before the change takes effect.
Privacy questions, deletion requests, or anything else: hewzijian06@gmail.com
¹ src/content/checkout-detector.js — checkout-page detection logic. ² src/background/phishing-engine.js — scoring logic and offline heuristics. ³ workers/src/routes/proxy-safe-browsing.js, workers/src/routes/proxy-phishtank.js — proxy implementation. ⁴ src/background/payment-tracker.js — what a payment record contains. ⁵ src/background/email-checker.js — the privacy note at the top of this file describes the in-browser data flow. ⁶ src/background/breach-monitor.js — daily breach scan. ⁷ src/background/auth-client.js — sign-up and sign-in talk to Supabase directly. ⁸ workers/supabase/migrations/0001_init.sql — exact schema.