Information collection and use

We collect a limited amount of information for the sole purpose of providing and improving the Service.

Account data

The Service requires you to sign in with Google in order to track your free extraction quota and any active Pro subscription across devices. When you sign in, Google provides us with your email address, a stable Google-issued user identifier, and your basic profile name. We use these only to identify your account, enforce your quota, deliver the entitlements associated with any subscription you purchase, and respond to support requests. We never receive your Google password.

Subscription and billing data

If you upgrade to a paid plan, payment is processed by our third-party payment processor (ExtensionPay / Stripe). We do not receive or store your full payment card details. We receive only the information necessary to fulfill your subscription, such as the plan you selected, the subscription status, and a transaction identifier.

Device identifier (browser fingerprint)

To prevent quota abuse (for example, repeatedly creating new accounts to bypass the free tier), the Service generates a stable, pseudonymous device identifier using a vendored, locally-executed copy of the open-source FingerprintJS library. This identifier is computed in your browser from non-identifying signals such as user-agent, language, time zone, screen metrics, and platform. It is sent to our backend only alongside quota and entitlement requests and is associated with your account for fraud and abuse prevention. It is not used to track you across unrelated websites, build advertising profiles, or share with third-party data brokers.

Usage data (quota events)

Each time you initiate an extraction, the extension records a quota event with our server (a request identifier, a timestamp, and a counter increment) so that we can atomically deduct one unit from your remaining quota and prevent over-consumption. We additionally collect limited, aggregated technical information (“Usage Data”), such as the extension version in use and non-identifying diagnostic signals used to monitor feature health. Usage Data is not used to reconstruct your browsing activity or to build advertising profiles.

Page content (DESIGN.md / SKILL.md output)

The Service does not upload, mirror, store, or transmit the DOM, computed styles, or any other content of the pages you extract from. The probe runs only when you click the toolbar icon, reads the active tab in-process, and the DESIGN.md / SKILL.md file is built entirely on your machine and saved through Chrome’s standard download flow. Our servers never see the page bytes themselves. The active tab’s URL and title are used locally to label the output file and to display the source in the popup; neither is transmitted to our servers.

Local storage

The Service uses the browser’s local storage (chrome.storage.local) to retain your in-extension preferences (e.g. DESIGN.md vs SKILL.md channel selection), the most recent extraction for re-download, and a cached copy of your sign-in session and quota state for offline display. Such data remains on your device and is removed when you uninstall the Service.

Cookies and similar technologies

The Service does not use cookies, web beacons, or comparable technologies to track users across unrelated sites. The device identifier described above is used solely to identify your install to our own backend for fraud prevention and quota integrity, not for cross-site tracking. A standard authentication token is used solely to keep you signed in to your DESIGN.md Extractor account.

Use of data

We use the information described above for the following purposes:

• To provide and maintain the Service
• To authenticate your account and enforce your extraction quota
• To deliver the entitlements associated with any subscription you purchase
• To monitor aggregate usage and feature health
• To detect, prevent, and address technical issues, fraud, and abuse
• To respond to inquiries you voluntarily submit to us

We do not use your information for advertising profiles, behavioral advertising, or resale.

Transfer of data

Your information may be processed on servers located outside your state, province, country, or other jurisdiction, where data protection laws may differ from those in your jurisdiction. Your continued use of the Service following such processing constitutes your agreement to that transfer. We will take all steps reasonably necessary to ensure that your information is treated securely and in accordance with this Privacy Policy.

Disclosure of data

Legal requirements

We may disclose information we hold in the good faith belief that such action is necessary to:

• Comply with a legal obligation
• Protect and defend our rights or property
• Prevent or investigate possible wrongdoing in connection with the Service
• Protect the personal safety of users of the Service or the public
• Protect against legal liability

Business transfers

In the event of a merger, acquisition, reorganization, or sale of assets, information we hold may be transferred as part of that transaction. Any acquirer will be bound by the commitments made in this Privacy Policy.

Service providers

We rely on a small number of service providers to operate the Service: Google (for sign-in), and a third-party payment processor (ExtensionPay / Stripe, for subscription billing). Quota and entitlement requests are handled by our own billing endpoint at design-md-extractor.extensionfox.com. We do not engage third-party analytics providers, advertising networks, or data brokers in connection with the Service. The extension does not load or execute remotely hosted code, in compliance with the Chrome Extension Manifest V3 requirements; the FingerprintJS library is vendored and runs locally inside the extension bundle.

Links to other sites

The Service may contain links to websites or services that are not operated by us, including the page you are extracting from. If you follow such a link, you will be directed to that third party’s site. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party sites or services. We strongly advise you to review the privacy policy of every site you visit.

Security of data

The security of your information is important to us. We use commercially acceptable means to protect information transmitted to or from the Service, including encryption in transit via HTTPS. Session tokens are stored in chrome.storage.local, which is sandboxed by Chrome to the extension origin. However, no method of transmission over the Internet or method of electronic storage is 100% secure, and we cannot guarantee its absolute security.

Your rights

Subject to applicable law, you may have the right to access, correct, or delete the account information we hold about you, or to object to or restrict certain processing. You can:

• Sign out at any time from the popup — this clears the cached session.
• Uninstall the extension — this wipes all chrome.storage.local data on your device.
• Request deletion of your account and associated data (including the device identifier on record) at any time by emailing [email protected]. Once we have verified the request, we will delete your account record within 30 days, subject to any narrow retention required by law or for fraud prevention.
• Request a copy of the data we hold on you (essentially: your email, Google user ID, plan status, device identifier, and quota counter). Same email address.

If you are in the EU/UK, you have the additional rights under GDPR (access, rectification, erasure, restriction, portability, objection). If you are in California, you have the additional rights under CCPA (know, delete, correct, opt-out of sale — note we do not sell data). Contact us via the email above.

Children’s privacy

The Service is not directed to persons under the age of 13, and we do not knowingly collect personally identifiable information from persons under 13. If you become aware that a child has provided us with such information, please contact us, and we will take steps to remove that information.

Acceptable use

You are responsible for how you use DESIGN.md / SKILL.md files generated through the Service. The Service is intended for lawful, personal and professional design-research use — for example, capturing the design tokens of a page you are reverse-engineering for your own design system. You agree not to use the Service to infringe the intellectual property rights of the source site’s owner or any other rights holder, and not to redistribute extracted content in violation of applicable law or the source platform’s terms of service.

Changes to this privacy policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated Policy on this page and revising the “Effective date” above. Material changes (new data categories, new third parties) will additionally be flagged in the popup on next launch. Your continued use of the Service after any such change constitutes your acceptance of the revised Policy.

Contact us

If you have any questions about this Privacy Policy, please contact us:

• By email: [email protected]
• By visiting: https://design-md-extractor.extensionfox.com/privacy