Add to Chrome
Legal

Privacy Policy

This policy explains how the SniffIt browser extension ("SniffIt", "we", "us") handles your data. SniffIt finds cheaper versions of products while you shop online and helps you spot when you're being overcharged.

Effective: 9 May 2026 Last updated: 9 May 2026

1. Summary

  • SniffIt has no accounts and asks for no personal information.
  • We do not sell your data.
  • We do not run advertising trackers, third-party analytics, or fingerprinting.
  • Some of the cheaper alternatives SniffIt shows are AliExpress affiliate links. We may earn a commission on qualifying purchases. See §4.
  • Our use of your data complies with the Chrome Web Store Limited Use Policy. See §5.
  • When SniffIt needs to consult an AI model or partner service to answer your scan, we name the provider in §3 below.

2. What we collect

When you scan a product page (manually with "Sniff this page", automatically on retailers you've enabled, or via the image-hover "Find this product" feature), SniffIt sends the following to our backend at sniffit-proxy.harisbug.workers.dev:

  • The product title, price, and currency shown on the page
  • The product image URL (if present)
  • The website's domain (e.g. amazon.com) — without the page path
  • A random per-install ID (UUID, generated locally on first install)

When you tap the floating "Find cheaper" button, we additionally send:

  • A short search query derived from the product title
  • For image-based search: the product image URL, which our backend downloads and forwards to our search partner (see §3)

When SniffIt converts prices to your preferred currency, it fetches daily exchange rates from open.er-api.com. That third party will see your IP address as part of the HTTP request.

We do NOT collect or send: the full URL of the page, your browsing history, form contents, cookies, passwords, payment information, identifiers tied to you personally, or activity on non-shopping websites.

3. Third parties

To answer a scan, our backend forwards data to the following partners:

  • OpenRouter (openrouter.ai) — receives the product title, price, currency, domain, and image URL so a vision-capable AI model can estimate a fair price range. See OpenRouter's privacy policy.
  • AliExpress Open Platform (api-sg.aliexpress.com) — receives the search query and clicked product URLs, used to find listings and generate affiliate links (see §4).
  • Cloudflare — hosts our backend Worker. Cloudflare processes the client IP for the request as part of standard infrastructure operation and abuse prevention. We use the IP only to enforce short-term rate limits; no IPs are written to our application logs.

4. Affiliate links

SniffIt participates in the AliExpress affiliate program. When the extension shows you cheaper product alternatives from AliExpress, the "Buy" link is rewritten to a tracked promotion link via AliExpress's official affiliate API. If you click such a link and complete a purchase, AliExpress may pay us a small commission at no additional cost to you.

  • Affiliate links never change which products we show you. We do not promote a product because it pays a higher commission, and we do not re-rank results to favour affiliate items over non-affiliate ones.
  • Affiliate links are clearly labelled in the extension UI.
  • We do not receive personal information about your purchase from AliExpress beyond aggregate program reporting.

5. Limited Use compliance

SniffIt's use and transfer of information received from your browser and from third-party APIs adheres to the Chrome Web Store User Data Policy, including the Limited Use requirements:

  • (a) Allowed Use — We use the data described in §2 only to provide SniffIt's user-facing features: estimating fair price ranges, finding cheaper alternatives, and converting prices to your preferred currency.
  • (b) Allowed Transfer — We transfer data only as needed to provide these features (see §3), to comply with applicable law, to prevent fraud or security issues, or as part of a merger, acquisition, or sale of assets with notice to users.
  • (c) Prohibited Advertising — We do not use or transfer your data to serve personalised, retargeted, or interest-based advertisements.
  • (d) Prohibited Human Interaction — No SniffIt team member or contractor reads your data, except: with your explicit consent for a support request you initiate; for security investigations; to comply with law; or in aggregated, de-identified form for service improvement.

6. What we log on our backend

Each request is logged with: a hashed (truncated SHA-256) form of your install ID, the website domain, whether the response was served from cache, and request timing. We do not log product titles, prices, image URLs, full URLs, or your IP address in our application logs.

7. What is stored on your device

SniffIt stores the following in your browser's local extension storage (never synced to us):

  • Your settings (display currency, per-retailer auto-scan toggles, image-hover toggle, muted websites)
  • Your random install ID
  • A local cache of recent scan results (1 hour TTL)
  • A history of up to 1,000 recent product scans, shown in the popup

You can clear the history at any time from the popup, or remove all local data by uninstalling the extension.

8. Server-side cache

Successful scan results are cached in our Cloudflare KV store for up to 1 hour, keyed on a SHA-256 hash of (domain | title | price | currency | image URL). The cache is automatically purged after the TTL.

9. Retention

  • Application logs: kept up to 30 days.
  • KV cache: 1 hour TTL.
  • Cloudflare access logs (operated by Cloudflare): per Cloudflare's policy.
  • Local data (settings, history, cache): until you uninstall the extension or clear it from the popup.

10. Your rights

Subject to the GDPR (EU/UK), CCPA (California), and other applicable laws, you have the right to access, correct, delete, or port your data, and to object to or restrict processing. Because SniffIt has no accounts, most data is held only on your device — uninstalling the extension removes it. For any backend data tied to your install ID, or to exercise any right, email [email protected]. We respond within 30 days.

11. International transfers

Our partners (OpenRouter, AliExpress, Cloudflare, open.er-api.com) operate globally. By using SniffIt, you understand that your data may be processed in countries outside your own, including the United States.

12. Children

SniffIt is not directed to children under 13 (or the equivalent age in your jurisdiction) and we do not knowingly collect their data.

13. Changes

If we change this policy materially, we update the "Last updated" date above and, where required, notify users in the extension.

14. Contact

Privacy questions, deletion requests, or anything else: [email protected]