Privacy Policy

Two categories of data live on your device. The first applies to everyone; the second only applies if you've signed in and opted in to Detailed history.

Always stored (everyone, no URLs or hostnames):

• Analytics summary — Aggregate counters with no per-page identifiers. Tracks total detection counts, breakdowns by detection layer / result / category, AI confidence buckets, and a 14-day rolling daily total. This is what powers the dashboard and what's exported when Detailed history is off.
• AI whitelist — Pages the AI classified as non-gambling so they aren't re-scanned. Each entry expires automatically after 14 days. (URLs are required here for the per-URL match on the next visit.)
• Custom lists — Domains and individual URLs you've manually blocked, plus pages you've reported as safe. These are your explicit choices and need to be exact strings to function.
• Preferences — Sensitivity level (Strict / Balanced / Light), Detailed-history toggle state, intervention toggle, evidence visibility, and custom reminder message.
• Notification log — Timestamps of accountability partner notifications, used for rate limiting. Capped at 200.
• Installation identifier — A random anonymous ID generated on first install. Used solely to enforce daily AI-classification rate limits when you're not signed in. Not linked to your identity, and uninstalling removes it.

Stored only if you opt in to Detailed history (signed-in users only):

• Detection log — URLs, hostnames, timestamps, detection method, confidence scores, and up to three evidence strings per detection. Capped at 500 entries; oldest are removed automatically.
• Intervention log — Records of when block overlays appeared and which action you took. Capped at 500.

The toggle defaults to OFF for everyone, including new signed-in users. Switching it off again stops new detail entries; existing entries stay until you clear them with the Clear button in the popup. Logging out automatically forces the toggle off.

You can export your data at any time as a multi-sheet Excel workbook. The Summary sheet, AI whitelist sheet, and your-blocklist sheets are always present. Per-category event sheets (with URLs and evidence) appear only in Detailed history mode.

Two distinct paths can send data off your device, depending on which features you use.

1. AI classification (everyone, no account required)

• When the on-device detector flags a page as borderline or high-confidence-gambling, a short text excerpt (roughly 500 characters of visible page text), the page URL, the page hostname, and the heuristic score are sent to our backend for AI analysis. The verdict is returned to your browser and stored locally.
• The excerpt is processed in memory by the AI model and is not retained on our servers after the response is returned. We do keep a single row in our database recording that a classification happened (an installation identifier or your user ID, plus a timestamp) — but no page content, hostname, or URL.
• This usage row is used only to enforce a fair-use rate limit (100 classifications per day) and is automatically rotated out.

2. Account-only data (only if you create an account)

• Authentication — Your email address and a hashed password (managed by Supabase Auth). Passwords are never stored or transmitted in plaintext. Session tokens are stored in your browser.
• Sensitivity preference — The Strict / Balanced / Light value, so it follows you across browsers if you sign in elsewhere.

If you choose not to create an account, the only thing tying your AI classifications to anything is a random anonymous installation identifier stored in your browser. We have no way to link that identifier to a person, an email, or any other GamPacto user.

This is the same disclosure GamPacto provides to the Chrome Web Store, restated here so you don't have to take our word for it. For each category Google asks extensions to disclose, here is what GamPacto does and does not collect:

• Personally identifiable information — Collected if you sign up: your account email address. Collected if you set up a partner: your partner's email and a display name. Used only to authenticate you and deliver partner notifications. Never sold or shared with third parties for advertising.
• Health information — Not collected. Although GamPacto is a harm-reduction tool, we do not ask about, infer, or store any health, medical, or addiction data.
• Financial & payment information — Not collected. The extension is free; there is no payment flow.
• Authentication information — Collected if you sign up: a hashed password (managed by Supabase Auth, never stored or transmitted in plaintext). Session tokens are stored locally in your browser.
• Personal communications — Not collected. We never read, transmit, or store the content of your emails, messages, or chats.
• Location — Not collected. We do not request or store geolocation, IP-derived location, or similar data.
• Web history — By default, NOT stored anywhere — not on your device, not on our servers. Default storage is aggregate counters only (counts by detection layer / category / day). Signed-in users may opt in to a Detailed history mode that additionally stores URLs and hostnames of flagged pages locally on their device only — capped at 500 entries, never sent to our servers, easy to clear from the popup.
• User activity — By default, only aggregate counts are kept (no per-event records); none of this is sent to our servers. Records of which intervention overlays appeared and which actions you took are stored only when you opt in to Detailed history, in which case they live on your device only.
• Website content — Transmitted only at the moment of AI classification, not retained on servers. When the on-device detector flags a page as borderline, a short text excerpt of that page (around 500 characters) plus the URL and hostname are sent to our backend for AI classification. The excerpt is processed in memory by the AI model and discarded as soon as the response is returned.

If you choose to add an accountability partner, here's what happens with their information:

• Their name and email address are stored locally on your device and in our database, so we can send emails to them.
• A 6-digit verification code is sent to their email and stored temporarily — the partner only starts receiving notifications after they enter that code, confirming they consent to be contacted.
• Notification emails contain only the date and time a detection occurred. They never contain page content, URLs, hostnames, or any browsing details.
• Notifications are sent through Resend (our email-delivery provider). Resend processes the recipient address and email content for the purpose of delivery; it does not use this data for advertising.

Two ways to stop notifications:

• You can remove your partner from the Partner tab in the popup at any time. This stops all future notifications instantly and removes their email from our database.
• Your partner can request to be unsubscribed by emailing privacy@gampacto.com. We will remove them within seven days and notify you that they have opted out.

• We never sell, rent, or share your data with advertisers or data brokers.
• We never use cookies or tracking pixels.
• We never keep page content on our servers after AI classification finishes.
• We never log your browsing history server-side — the URLs and hostnames the detector saw stay on your device.
• We never use any of your data, including page excerpts sent for AI classification, to train machine-learning models.
• We never share your accountability partner's email with anyone other than the email-delivery provider that sends the notification.
• We never read or store form data, passwords, payment details, or any sensitive form input on the pages you visit. The detector reads only visible page text, and only on pages whose initial heuristic suggests gambling-related content.

Every piece of data we collect serves a specific, transparent purpose:

• Detecting and blocking gambling content as you browse (runs locally on your device).
• AI classification of pages the local heuristic flags as borderline or high-confidence-gambling.
• Sending accountability notifications to a partner you've explicitly verified.
• Enforcing a fair-use limit on AI classification (100 requests per day per user or installation).
• Producing the multi-sheet Excel report when you export your detection log.
• Authenticating you when you sign in (account holders only).
• Notifying your accountability partner the moment you request to weaken your protection level — the cool-off itself runs locally.

Limited Use commitment: We do not use any of the data above to:

• Show, place, or target advertising of any kind.
• Train, fine-tune, or improve any machine-learning model.
• Build profiles of you for resale, lead generation, or analytics products.
• Read or process any sensitive page input (form fields, password fields, payment forms).

• Supabase — Handles authentication, database, and server functions. Processes data per their own privacy policy.
• Anthropic Claude API — Powers AI classification. Page excerpts are processed per Anthropic's usage policies and are not used to train models.
• Resend — Delivers verification codes and accountability notification emails. Processes only the recipient address and email content.

On your device

• The aggregate analytics summary keeps a 14-day rolling daily-totals window and unbounded lifetime counts. There are no per-event records to age out.
• If you've opted in to Detailed history, the per-event detection and intervention logs are capped at 500 entries each and the oldest are removed automatically. You can clear both at any time from the popup.
• AI whitelist entries auto-expire 14 days after they were added.
• Session tokens are removed when you log out, and logout also forces the Detailed-history toggle off.

On our servers

• AI-classification page excerpts are not stored after the response is returned to your browser.
• The classification-usage rows used for rate limiting hold an installation ID or user ID and a timestamp. They are not joined to any browsing data.
• Email-verification codes (account signup and accountability partner) expire and are deleted after 10 minutes.
• Account data (email, hashed password, sensitivity preference) is retained until you delete your account.
• Accountability partner email addresses are retained until you remove the partner or they request unsubscription.
• After you request account deletion, hard deletion of all live records completes within 30 days. Database backups containing snapshots of pre-deletion data are rotated within the same 30-day window.

You can clear all local data at any time by removing the extension or resetting extension storage in Chrome settings.

You always have these options:

• Use without an account — The blocklist, on-device smart detection, and AI classification all work without signing up. An account unlocks personalisation (sensitivity controls) and the optional Detailed history toggle.
• Export your data — Download your full detection log, AI whitelist, and blocklists as a multi-sheet Excel workbook from the Blocklists tab.
• Delete local data — Uninstalling the extension removes everything stored locally. You can also clear it manually in chrome://extensions/ → GamPacto → Details → Remove or reset extension storage.
• Delete your account and server-side data — Email privacy@gampacto.com from the address associated with your account, with subject line “Delete my account”. We will: (1) delete your account row from Supabase Auth, (2) delete your sensitivity preference, (3) delete any classification-usage records older than the current 24-hour rate-limit window, and (4) delete your accountability partner row if one exists. Hard deletion completes within 30 days; database backups are rotated within the same window. You will receive an email confirmation when the deletion is complete.
• Remove your accountability partner — Click the × next to their email in the Partner tab to stop notifications instantly and remove their email from our database. Your partner can also request removal directly by emailing the address above.
• Manage the AI whitelist — View and remove individual URLs from the Blocklists tab. Whitelist entries auto-expire after 14 days.
• Clear detection history — Use the “Clear detection history on this device” button in the Detection-history section of the Blocklists tab to wipe all per-event detail and intervention records. The aggregate summary remains so your dashboard stats survive.
• Disable Detailed history — Flip the toggle off in the Detection-history section. New detections stop generating per-event entries immediately; existing entries stay until you clear them.

Additional rights you have over your data

• Right to access — Email us and we will send you a copy of any personal data we hold about you (your account email, sensitivity preference, partner email if applicable, and the current day's classification-usage row).
• Right to correct inaccurate data — Update your account email by signing in and changing it; for any other correction, email us.
• Right to deletion — Use the deletion process above. We will hard-delete within 30 days.
• Right to a portable copy of your data — The export function in the popup produces a portable file containing all your local detection data.
• Right to withdraw consent — You can stop using the extension at any time by uninstalling it. You can revoke consent for AI classification by disabling smart detection in the popup.
• Right to complain to a regulator — If you believe we have mishandled your data, you may complain to the data-protection authority that has jurisdiction in your country.

We only process the limited data we send to our servers with your consent — you must accept this privacy policy on first install before any detection or classification runs. You can withdraw that consent at any time by uninstalling the extension or by emailing us to delete your account. We will never sell or share your personal information for advertising or to data brokers.

To exercise any of these rights, email privacy@gampacto.com. We will verify your request by replying to the email address associated with your account; if you do not have an account, we may ask additional questions to confirm we are removing the correct data. We will never charge you a different price, deny features, or discriminate against you in any way for exercising any of these rights.

• All communication between the extension and our backend uses HTTPS/TLS encryption.
• Authentication tokens are stored in Chrome's local storage, accessible only to the extension.
• Our server functions use Row Level Security — service-role keys are never exposed to the client.
• Verification codes are short-lived (10 minutes) and single-use.

Children's privacy: GamPacto is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with data, please get in touch and we'll remove it. The Web Store age rating for this extension is “Everyone” subject to its harm-reduction purpose.

Browser permissions GamPacto requests:

• storage — save your settings, detection log, AI whitelist, and blocklists locally in the browser.
• activeTab — read the URL of the currently active tab so the popup can show its detection status.
• tabs — route detection results back to the correct tab and refresh the popup view when you switch tabs.
• alarms — schedule the deferred application of safety-related preference changes (e.g. the 24-hour cool-off when you weaken protection).
• webNavigation — detect single-page-app navigation events on sites where the URL changes without a full page reload (so detection re-runs).
• host_permissions for all URLs — gambling content can appear on any website (news, social media, search results, advertisements). The detector needs to read page text on every URL to flag gambling-related material. Reading is local; nothing is sent off your device unless a page is flagged by the heuristic for AI classification.

International transfers: Our backend is hosted by Supabase in eu-west-2 (London). AI classification is performed by Anthropic, which may process data in the United States. Email delivery is handled by Resend, which may process data in the United States. By using AI classification or the partner feature, you consent to these international transfers. Contractual safeguards are in place with each provider to ensure your data is handled to the same standard wherever it is processed.

Policy changes: If we make material changes, we'll update the effective date at the top of this page and, if you have an account, we'll email you ahead of the change. We encourage you to check back periodically.