Privacy Policy
SolidBerry ("we", "us", "our") operates the SolidBerry browser extension and the supporting API service at api.solidberry.com. This Privacy Policy explains what information we collect, how we use it, and the choices you have.
We built SolidBerry with privacy as a core principle. We collect minimal personal information, do not track your browsing history, and offer a free tier that works without creating an account.
1. Information We Collect
1.1 Product Information from Product Pages
When you visit a supported product page, the extension reads publicly available product information from that page:
- Product name, brand, price, and category
- Product URL
- SKU, barcode, and variant options (size, color, etc.)
This data is used solely to run buying-decision checks (reviews, price comparison, used listings, local availability, and alternatives) and is sent to our API for analysis.
We do not read or collect any information from unsupported pages. The extension includes a lightweight detector that identifies supported online stores; on all other websites, no data is extracted or transmitted.
1.2 Anonymous Identifiers
We generate the following anonymous identifiers, none of which are linked to your personal identity:
| Identifier | Purpose | Lifetime |
|---|---|---|
| Instance ID | A random UUID assigned when the extension is installed. Used for rate limiting to prevent abuse. | Permanent until extension is uninstalled |
| Session ID | A random UUID that rotates every 24 hours. Used to group anonymous usage events within a single day. | Regenerated daily |
| Journey ID | A random UUID for a shopping session. Used to understand how users interact with checks on a single product. | Expires after 30 minutes of inactivity; cleared when the browser closes |
None of these identifiers are associated with your name, email address, IP address, or any other personal information.
1.3 Account Information (Optional)
SolidBerry offers a free tier (Check 1: Reviews) that works without an account. To unlock all five checks, you may create an account using one of the following methods:
- Email and password — We store your email address (for login and email verification) and a securely hashed password. We never store your password in plain text.
- Google Sign-In — We receive your name, email address, and profile picture from Google. We do not receive or store your Google password.
If you create an account, we also store a session token (opaque, not a JWT) for authentication and your account creation date.
We use your email address to send transactional emails only: email verification, password reset, and account-related notices. We do not send marketing emails.
You can delete your account at any time through the extension, which removes all account data from our servers.
1.4 Anonymous Usage Events
To improve the product and understand how checks are used, the extension collects anonymous behavioral events such as:
- Viewing a scorecard, expanding or collapsing a check
- Clicking a source link, alternative product, or used listing
- Staying on or leaving a page after viewing the scorecard
- Detection of a checkout/thank-you page (no purchase details are captured)
Each event includes the anonymous identifiers described above, the product name/URL/brand/category/price of the product being viewed, and a timestamp. No personal information is included in any event.
1.5 Approximate Location
When you request buying-decision checks, Cloudflare (our infrastructure provider) derives your approximate location (city and region) from your IP address at the network edge. This is used to find local store availability near you.
Your IP address is never stored in our databases. The city/region information is used only during the check and as part of cache keys to serve location-relevant results. It is not associated with your identity.
1.6 Information Stored on Your Device
The following data is stored locally on your device using Chrome's storage APIs and is never sent to our servers:
- Instance ID, session ID, and journey ID
- Your overlay display preferences (e.g., snooze/hide settings)
- Purchase history (planned feature) — stored in your browser's local IndexedDB, never uploaded
You can clear all locally stored data by uninstalling the extension.
2. How We Use Information
- Running buying-decision checks — Product information is analyzed to provide you with reviews, price comparisons, used/refurbished listings, local store options, and alternative products.
- Rate limiting — The instance ID (for anonymous users) or user ID (for logged-in users) is used to enforce a daily limit on product checks, preventing abuse.
- Product intelligence — Anonymous, aggregate usage data helps us understand which product categories benefit most from the tool. This data is never linked to individuals.
- Cost management — We track our own API costs to operate the service sustainably. This does not involve user data.
- Service improvement — Anonymous behavioral events help us understand which features are useful and where the experience can be improved.
3. Third-Party Services
To run buying-decision checks, our API sends product information (not user information) to the following third-party services:
3.1 Exa.ai (Web Search)
We send product names, brands, and (for local availability checks) your approximate city/region to Exa.ai's semantic search API to find reviews, price comparisons, alternative products, and nearby stores.
Exa receives: Product name, brand, and city/region. No user identifiers.
3.2 OpenAI (Analysis)
We send product information and web search results to OpenAI's API (GPT-4o-mini) for structured analysis — summarizing reviews, comparing prices, and ranking alternatives.
OpenAI receives: Product name, brand, price, and search result content. No user identifiers.
Requests to OpenAI may be routed through Cloudflare AI Gateway for caching and reliability.
3.3 eBay Browse API (Used Listings)
We query eBay's Browse API using the product name and brand to find used and refurbished listings.
eBay receives: Product name, brand, and variant details. No user identifiers.
3.4 Skimlinks (Affiliate Links)
Some outbound links in check results may be wrapped through Skimlinks, an affiliate network. If you click one of these links, Skimlinks receives the destination URL and standard browser referrer information.
Skimlinks receives: The destination URL when you click a link. No SolidBerry-specific identifiers are passed to Skimlinks. Affiliate links are labeled in the extension interface per FTC guidelines.
3.5 Resend (Transactional Email)
If you create an account, we use Resend to send transactional emails (email verification, password reset). Resend receives: Your email address and the email content. No other user data.
3.6 Google (Authentication)
If you sign in with Google, the authentication flow uses Google's OAuth2 service. Google receives: Standard OAuth2 authentication data. We receive your name, email, and profile picture from Google.
3.7 Cloudflare (Infrastructure)
Our API runs on Cloudflare Workers. Cloudflare provides serverless compute, key-value storage (KV), database (D1), network-edge IP geolocation, and AI Gateway (optional proxy for OpenAI requests).
Cloudflare's privacy policy: cloudflare.com/privacypolicy
4. Data Retention
| Data | Retention | Location |
|---|---|---|
| Check results (cached) | Up to 48 hours | Cloudflare KV |
| Rate limit counters | 24 hours | Cloudflare KV |
| Behavioral events | 180 days | Cloudflare D1 |
| Journey records | 180 days | Cloudflare D1 |
| Product intelligence | 180 days | Cloudflare D1 |
| API cost records | 180 days | Cloudflare D1 |
| Account data (email, hashed password) | Until you delete your account | Cloudflare D1 |
| Session tokens | Until expiry or logout | Cloudflare D1 |
| Local data (instance ID, preferences) | Until extension is uninstalled | Your device |
After the retention period, data is automatically deleted.
5. What We Do NOT Collect
- No personal information beyond what you provide — If you create an account, we store only your email address and hashed password (or Google profile info). We do not collect your phone number, physical address, or payment information.
- No account required for basic use — Check 1 (Reviews) works without creating an account.
- No browsing history — The extension only activates on supported product pages.
- No IP addresses stored — Your IP is used transiently for geolocation and is never written to our databases.
- No cookies — The extension does not read, write, or modify any cookies.
- No cross-site tracking — We do not track you across websites.
- No fingerprinting — We do not use browser fingerprinting.
- No data sold — We do not sell, rent, or trade any data to third parties.
6. Browser Permissions Explained
| Permission | Why We Need It |
|---|---|
| Content script access (product pages) | The extension injects a scorecard overlay on supported product pages. Content scripts match URL patterns containing /products/ to identify product pages. |
| activeTab | Allows the extension to interact with the tab you are currently viewing when you click the extension icon. |
| storage | Stores your anonymous instance ID, session token, and display preferences locally on your device. |
| alarms | Schedules periodic tasks such as flushing collected events to the server. |
| identity | Used for Google Sign-In. The Chrome Identity API handles the OAuth flow securely. |
7. Your Choices and Controls
- Snooze the overlay — Temporarily hide the SolidBerry overlay on any page.
- Delete your account — If you created an account, delete it at any time through the extension. This permanently removes your email, profile data, and session tokens from our servers.
- Uninstall — Removes all data stored on your device. Server-side anonymous data is deleted after the 180-day retention period.
- Disable — Disable the extension at any time via chrome://extensions.
8. Children's Privacy
SolidBerry is not directed at children under the age of 13. We do not knowingly collect information from children.
9. Data Security
We protect collected data through:
- All communication encrypted via HTTPS/TLS
- API secured with an API key authenticating legitimate extension requests
- Server-side data stored in Cloudflare's enterprise-grade infrastructure
- Rate limiting and budget controls to prevent abuse
- Passwords stored as secure hashes, never in plain text
10. International Users
Our API runs on Cloudflare's global edge network. Data is processed at the data center closest to you.
If you are in the EEA, UK, or another jurisdiction with data protection laws:
- Anonymous usage data is not linked to an identifiable person. Under GDPR, truly anonymous data falls outside the regulation's scope.
- Account data (email, name) is processed under contract performance and your consent. You can withdraw consent and delete your account at any time.
- Exercise your right to erasure by deleting your account and uninstalling the extension.
11. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will update the "Last Updated" date at the top of this page.
12. Contact Us
If you have questions about this Privacy Policy or your data:
- Email: privacy@solidberry.com
- Website: solidberry.com
This Privacy Policy applies to the SolidBerry browser extension and the SolidBerry API service.