Scuto ("we", "our", "the extension") is a Chrome extension that extracts structured data from web pages using AI. This policy explains what data we collect, how we use it, and your rights.
1. Data We Collect
Account information: email address (via Google Sign-In) for authentication and usage tracking.
Usage data: daily extraction count, plan type, timestamps. Used for quota enforcement and analytics.
Extraction schemas: if you save custom templates, the schema structure (field names and types) is stored. The actual extracted data is never stored on our servers.
Feedback: category, URL, and message text you voluntarily submit.
2. Data We Do NOT Collect
Raw HTML or page content (processed in-memory, discarded after extraction)
Extracted results (returned to your browser, never stored server-side)
Browsing history or cookies
Personal data from visited pages (unless you disable Privacy Mode)
3. How We Process Page Data
When you trigger an extraction:
The extension reads the active tab's DOM locally in your browser.
HTML is cleaned and converted to Markdown (irreversible, no raw HTML sent).
If Privacy Mode is enabled, emails, phone numbers, and SSN-like patterns are replaced with placeholders before leaving your device.
The cleaned Markdown is sent to our backend, which forwards it to Google Gemini or Anthropic Claude for AI processing.
The structured result is returned to your browser. Neither our backend nor the AI providers store the page content after processing.
4. Third-Party Services
Google (authentication): we use Google OAuth to verify your identity. Google's privacy policy applies to their authentication service.
Stripe (billing): payment processing for Pro subscriptions. We do not store credit card numbers. Stripe's privacy policy applies.
Google Gemini API: primary AI provider for data extraction. Content is processed per Google's API terms.
Anthropic Claude API: fallback AI provider for complex extractions. Content is processed per Anthropic's API terms.
Supabase: backend infrastructure (database, authentication, serverless functions) hosted in the EU.
5. Data Retention
Usage logs: retained for 90 days, then automatically deleted.
Account data: retained until you request deletion.
Feedback: retained indefinitely for product improvement (anonymized after 1 year).
6. Your Rights (GDPR)
If you are in the EU/EEA, you have the right to:
Access: request a copy of your personal data.
Rectification: correct inaccurate data.
Erasure: request deletion of your account and all associated data.
Portability: receive your data in a structured, machine-readable format.
Objection: object to processing based on legitimate interests.
7. Privacy Mode (PII Scrubbing)
Privacy Mode is OFF by default. When enabled, the extension automatically detects and replaces:
Email addresses
Phone numbers
SSN-like patterns
This happens locally in your browser before any data is sent to our servers. We recommend enabling Privacy Mode when extracting data from pages that may contain personal information.
8. Children's Privacy
Scuto is not intended for use by children under 13. We do not knowingly collect personal information from children.
9. Changes to This Policy
We may update this policy from time to time. Changes will be posted on this page with an updated date. Continued use of the extension after changes constitutes acceptance.
10. Contact
For privacy-related questions or data requests, contact us at: privacy@scuto.dev