Chrome Extension Privacy Policy
Last updated: May 3, 2026
Introduction
The Monitope Chrome Extension ("the Extension") is provided by kakuo gadgets ("we", "us") as part of the Monitope web page change monitoring service. This Privacy Policy comprehensively discloses how the Extension collects, uses, stores, and shares user data, in accordance with the Chrome Web Store Developer Program Policies.
Please also review the Monitope Privacy Policy for information about the underlying service.
Limited Use Disclosure
The Extension's use and transfer of information received from Chrome APIs and from monitored pages will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements. We use user data only for the following purposes:
- To allow you to register, edit, and delete monitors via the Extension.
- To display change-detection results and the unread notification badge to you.
- To authenticate the Extension with your Monitope account.
- To run user-enabled local checks for pages you have explicitly registered as monitors.
We do not use or sell user data for advertising purposes (including personalized ads or remarketing). Humans access user data only when (1) you give explicit consent, (2) it is necessary for security (abuse or vulnerability investigation), (3) it is required by law, or (4) the data has been aggregated or anonymized for statistics.
1. Data We Collect
1.1 Data Handled by the Extension
| Type | Examples | When collected |
|---|---|---|
| Authentication information | Email address and password during regular login (password is transmitted to Monitope for authentication and is not stored by the Extension), Google ID token when you choose Google sign-in, Monitope access token and refresh token | When you sign in or refresh the login session |
| Web history | URL and page title of the active tab when you press the "Register monitor" button | Only on user action; we do not capture your browsing history automatically |
| User-entered content | Monitor URLs, selectors (XPath / CSS), selected visual-area coordinates, tags, notes, notification settings, credentials for login-protected page monitoring, preferred language, and time zone | When you create or edit a monitor |
| Authentication cookies | Cookie name, value, domain, path, expiration time, HttpOnly flag, Secure flag, and SameSite value for the domain you explicitly chose to monitor | Only when you press the save-cookie button for a specific monitor |
| Website content | Text from selected elements or pages registered for local check | Only for monitors you created and only when element selection or local check runs; local check may open the registered URL in a background tab |
| Technical information | Extension version, error messages, API response codes | Only as needed for server communication |
1.2 Data the Extension Does NOT Collect
- Your automatic browsing history (URLs of pages you open without explicitly creating a monitor are not recorded).
- Content of pages you have not chosen to monitor.
- Postal addresses or phone numbers used to identify you personally.
- Payment data such as credit card numbers (payments are processed on the Monitope website by Stripe; the Extension is not involved).
- Sensitive data such as health, finance, sexual orientation, race, or political views.
2. How We Use Your Data
We use the collected data only for the following purposes:
- Service delivery: Registering, executing, and displaying results of monitors and updating the notification badge.
- Change detection: Comparing hashes of retrieved text to detect page changes.
- Authentication: Securely connecting the Extension to Monitope servers.
- Security and quality improvement: Diagnosing issues from error logs and improving stability.
We do not use user data for advertising, sell it to third parties, or use it for credit decisions.
3. Permissions and Their Purpose
The Extension requests the following permissions in its manifest:
| Permission | Purpose |
|---|---|
storage |
Stores Monitope access and refresh tokens, language settings, cached unread count, and pending edit requests in browser extension storage. |
activeTab |
Reads the URL and title of the current tab when you click the toolbar action. |
tabs |
Creates or updates tabs in order to re-open the correct target page and display the registration overlay. |
scripting |
Injects the registration overlay and element-picker UI into the page when you start element selection. |
alarms |
Schedules periodic refresh of the unread badge count and user-enabled local-check task polling. |
identity |
Used by the "Sign in with Google" feature to run an OAuth 2.0 / OpenID
Connect flow via chrome.identity.launchWebAuthFlow (scopes:
openid email profile). The resulting ID token is sent to the Monitope server
(/api/users/google-login); your Google account ID (sub), email address, and
display name are stored to associate the credential with your Monitope account.
|
cookies |
For login-protected page monitoring, the Extension reads cookies only for the domain you explicitly chose to monitor and only when you press the save-cookie button. The cookie data is sent to Monitope over HTTPS, stored encrypted on Monitope servers, and used only so the server-side Agent can browse the page in the same authenticated state. |
host_permissions<all_urls> |
Allows the Extension's content script to be available on any site so you can monitor arbitrary pages. The script does not send page content merely because a page is opened; page content is read only when you actively start element selection, edit a registered monitor, or enable local check for a registered URL. |
4. Data Storage and Retention
| Data | Location | Retention |
|---|---|---|
| Access token and refresh token | Browser local storage (chrome.storage.local) | Deleted immediately on logout or uninstall. The access token expires after 7 days; the refresh token is retained only to keep you signed in. |
| Monitor settings and history | Monitope servers (PostgreSQL hosted on AWS Tokyo region) | Until you delete them. All records are removed when you delete your account; backups are erased within 30 days. |
| Credentials for login-protected monitoring | Monitope servers (encrypted with AES-256) | Until you delete the corresponding monitor. |
| Cookies for login-protected monitoring | Monitope servers (encrypted with AES-256) | Until you delete or replace the saved cookies, or delete the corresponding monitor. |
| Error logs | Monitope servers | Automatically deleted within 90 days. |
5. Data Sharing and Third Parties
We do not sell or rent user data to third parties. We engage the following sub-processors to operate the service:
| Third party | Role | Data handled |
|---|---|---|
| Amazon Web Services, Inc. (AWS) | Server hosting, database, storage, transactional email (Amazon SES) | Monitor settings, authentication tokens, change-detection results, notification email addresses sent from the Extension |
| Google LLC | OAuth 2.0 / OpenID Connect identity provider for the "Sign in with Google" feature | Only when you choose to sign in with Google: the Google ID token, your Google account ID (sub), email address, and display name (within the scope you approve on Google's consent screen) |
| Stripe, Inc. | Processing of paid plan payments (web only; the Extension does not transmit payment data) | Subscription identifiers and billing status (independent of the Extension) |
| OpenAI, L.L.C. / Microsoft Azure OpenAI | Generates AI summaries of changed text only when you opt in | Text of pages where a change is detected (only when you enable AI summary) |
Each sub-processor is contractually required to process data only on our instructions and to maintain appropriate technical and organizational safeguards. Other than the recipients listed above, we disclose user data only when required by applicable law.
6. International Data Transfers
User data is stored primarily in the AWS Tokyo region. If you enable AI summaries, the text to be summarized may be transferred to OpenAI servers in the United States. Cross-border transfers are conducted in accordance with applicable laws, including the GDPR and Japan's Act on the Protection of Personal Information.
7. Your Rights and Choices
- Logout: Logging out from the Extension popup immediately removes your local authentication token.
- Uninstall: Removing the Extension from your browser deletes all locally stored data.
- Delete account: You can request deletion of all server-side user data from "Account settings" on the Monitope website.
- Access / correction requests: You may request access to, correction of, or suspension of use of the user data we hold via the contact form.
- Opt-out of AI summary: You can disable the AI summary feature at any time from the settings screen.
8. Security
- All communication between the Extension and our servers is encrypted with HTTPS (TLS 1.2 or higher).
- Access tokens are JWTs that expire after 7 days.
- Credentials and cookies for login-protected monitoring are encrypted at rest using AES-256.
- Sensitive data is masked before being written to server logs.
9. Children's Privacy
The Extension is not directed to children under 13 (or under 16 in some jurisdictions). We do not knowingly collect data from children under those ages.
10. Changes to This Policy
If we make material changes to this Privacy Policy, we will notify you via the Chrome Web Store listing, Extension update notes, or within the Monitope service. Your continued use of the Extension after such changes constitutes acceptance of the updated policy.
Supplementary Provisions
These supplementary provisions take effect on May 3, 2026.
Contact Us
For questions about this Privacy Policy or about how your user data is handled, please contact us via the Contact Form .
Operator: kakuo gadgets