PackyCode Cost Monitor - Privacy Policy Last Updated: January 2025 1. OVERVIEW PackyCode Cost Monitor is a Chrome browser extension that helps users monitor their PackyCode API usage and budget spending. This privacy policy explains how we collect, use, and protect your information. 2. INFORMATION WE COLLECT 2.1 Automatically Collected Information: - PackyCode authentication tokens (JWT) from your browser cookies - API usage statistics from PackyCode services - Budget and spending data from your PackyCode account - Extension usage analytics (locally stored) 2.2 Information We Do NOT Collect: - Personal browsing history outside PackyCode domains - Passwords or sensitive credentials - Credit card or payment information - Personal files or documents - Location data 3. JWT TOKEN HANDLING - IMPORTANT CLARIFICATION 3.1 Local Storage Only: - JWT tokens are NEVER transmitted to our servers or any third-party services - All JWT tokens are stored EXCLUSIVELY in your local browser environment - Tokens are only used for making API requests to PackyCode services on your behalf - No JWT token data is collected, logged, or stored by our extension remotely 3.2 Token Processing: - JWT tokens are extracted from PackyCode cookies in your browser - Tokens are stored securely using Chrome's local storage APIs - Tokens are automatically deleted when they expire - Tokens are used solely for authenticating with PackyCode's official APIs 3.3 Token Security: - Tokens never leave your local machine - No token data is transmitted to analytics services - No token backup or synchronization across devices - Tokens are handled in accordance with JWT security best practices 4. HOW WE USE YOUR INFORMATION 4.1 Primary Uses: - Display real-time API usage statistics - Monitor budget consumption and spending limits - Provide cost alerts and notifications - Sync data with your PackyCode account 4.2 Technical Uses: - Local authentication with PackyCode services - Cache data for improved performance (5-minute cache) - Maintain extension functionality 4.3 What We Do NOT Do: - Store JWT tokens on remote servers - Share tokens with third parties - Use tokens for analytics or tracking - Transmit tokens outside your local environment 5. DATA STORAGE AND SECURITY 5.1 Local Storage: - All sensitive data is stored locally in your browser - Uses Chrome's secure storage APIs - JWT tokens are handled securely without plain text storage - Automatic cleanup of expired tokens 5.2 Data Transmission: - Secure HTTPS connections to PackyCode APIs only - JWT tokens are sent directly to PackyCode servers (not our servers) - No data sent to third-party services - Direct communication with PackyCode servers only 5.3 Remote Data: - We do NOT maintain any remote database of user tokens - We do NOT store any user authentication data on our servers - We do NOT have access to your JWT tokens at any time 6. THIRD-PARTY SERVICES 6.1 PackyCode Services: - www.packycode.com (main service) - packy.te.sb (speed testing) - packy-status.te.sb (service status) - analytics.te.sb (usage analytics) 6.2 Token Usage: - JWT tokens are sent only to official PackyCode endpoints - Tokens are never shared with any other services - All API calls use your tokens directly with PackyCode 6.3 No Other Third Parties: - We do not share data with advertising networks - No tracking pixels or external analytics services - No social media integrations that collect data 7. USER RIGHTS AND CONTROL 7.1 Data Access: - All your data remains in your PackyCode account - Extension only displays data you already have access to - No additional data collection beyond what's necessary 7.2 Data Deletion: - Uninstalling the extension removes all local data immediately - You can clear extension data through Chrome settings - JWT tokens are automatically deleted when expired - Contact PackyCode directly to delete account data 7.3 Token Control: - You can revoke tokens through PackyCode's dashboard - Logging out of PackyCode invalidates tokens - Tokens automatically expire based on PackyCode's policies 8. COOKIES AND TRACKING 8.1 Cookie Usage: - Extension reads PackyCode authentication cookies only - No tracking cookies created by the extension - Uses browser's native cookie API securely - Cookies are processed locally only 8.2 No Cross-Site Tracking: - Extension only operates on PackyCode domains - No tracking across other websites - No behavioral analytics or profiling - No token sharing across domains 9. TECHNICAL IMPLEMENTATION 9.1 Token Extraction: - Tokens are extracted from PackyCode cookies using Chrome's cookie API - Extraction happens locally in your browser - No token data is transmitted during extraction 9.2 Token Storage: - Uses Chrome's secure storage.local API - Tokens are stored with appropriate security measures - Storage is encrypted by Chrome's security layer 9.3 Token Usage: - Tokens are used directly in API calls to PackyCode - No intermediate servers or proxies - Direct browser-to-PackyCode communication 10. CHILDREN'S PRIVACY This extension is not intended for children under 13. We do not knowingly collect information from children under 13 years of age. 11. CHANGES TO THIS POLICY We may update this privacy policy from time to time. Changes will be posted at: https://packycode-cost.te.sb/policy.txt 12. OPEN SOURCE TRANSPARENCY This extension is open source and available at: https://github.com/94mashiro/packycode-cost You can review the complete source code to verify our JWT token handling and privacy practices. 13. CONTACT INFORMATION For privacy-related questions or concerns: - GitHub Issues: https://github.com/94mashiro/packycode-cost/issues - Extension Developer: 94mashiro - PackyCode Service: Contact through www.packycode.com 14. LEGAL BASIS (GDPR COMPLIANCE) For EU users, our legal basis for processing: - Legitimate interest: Providing the core extension functionality - Consent: When you install and use the extension - Contract performance: Fulfilling the service you requested You have the right to: - Access your personal data - Rectify inaccurate data - Erase your data - Restrict processing - Data portability - Object to processing 15. DATA RETENTION - JWT tokens: Automatically expire based on PackyCode's token policy - Cached data: Cleared every 5 minutes automatically - Extension settings: Retained until extension is uninstalled - No long-term data storage by the extension - No remote storage of any user data 16. SECURITY MEASURES - Secure token handling with automatic expiration - HTTPS-only communication - No plain text storage of sensitive data - Local-only token processing - Chrome's built-in security for storage APIs - Regular security updates through extension updates 17. IMPORTANT REMINDER JWT TOKENS ARE NEVER COLLECTED, STORED, OR TRANSMITTED BY OUR EXTENSION TO ANY REMOTE SERVERS. ALL TOKEN PROCESSING HAPPENS LOCALLY IN YOUR BROWSER FOR THE SOLE PURPOSE OF MAKING API REQUESTS TO PACKYCODE SERVICES. This privacy policy is effective as of the last updated date and governs the use of the PackyCode Cost Monitor browser extension.