Overview
This privacy policy applies specifically to the GetCurrentOffer browser extension (“Extension”). It supplements our main Privacy Policy, which governs the overall GetCurrentOffer service.
Single Purpose
The Extension has a single purpose: to help you organize and sync your personal credit card merchant offers from supported card issuer portals to your GetCurrentOffer account, and to show you relevant offers while you browse merchant websites.
Permissions & Why We Need Them
- activeTab: To detect whether you are on a supported issuer portal or merchant website and display relevant offer information.
- storage: To store your Extension settings, authentication state, and cached offer data locally on your device.
- scripting: To run content scripts on supported issuer portals that read your merchant offer data from the page.
- alarms: To schedule periodic polling for sync commands from your account.
- tabs: To detect which tab is active and show relevant merchant offer information.
- cookies: To read your authentication session from the GetCurrentOffer website for seamless sign-in.
- Host permissions (issuer sites): To access your offer data on americanexpress.com, chase.com, citi.com, capitalone.com, paypal.com, and rakuten.com when you are logged in. The Extension only reads merchant offer data and never modifies any content on these sites.
- Host permissions (all sites): To detect when you are browsing a merchant website and show you matching offers from our database. No data is collected from these sites.
Data We Collect
When you use the Extension with offer syncing enabled, we collect:
- Merchant names and offer titles/descriptions
- Offer amounts, types, and expiration dates
- Card product names (e.g., “Sapphire Preferred”)
- Last four digits of card numbers (for identification only)
- Offer activation URLs
- Issuer name and offer category
Data We Never Collect
- Full credit card numbers
- CVV/security codes or PINs
- Account balances or transaction history
- Login credentials for any website
- Browsing history (beyond the current tab URL for merchant matching)
- Personal financial information beyond offer details
How Data Is Transmitted & Stored
- All data is transmitted over HTTPS (TLS/SSL encrypted connections).
- Synced offer data is sent to our secure API endpoint and stored in our PostgreSQL database (hosted by Supabase) with encryption at rest.
- Your data is protected by row-level security (RLS) — only you can access your synced offers.
- Data is stored on servers located in the United States.
Your Controls
- Opt-in only: Offer syncing is disabled by default. You must explicitly enable it.
- Disable syncing: You can disable offer syncing at any time from your account settings.
- Delete data: You can delete all synced offer data from your account settings or via the
DELETE /api/user/data endpoint. - Uninstall: Uninstalling the Extension stops all data collection. Previously synced data remains in your account until you delete it.
Third-Party Sharing
We do not sell, rent, or share your Extension data with any third party. Data is only shared with our infrastructure providers (Supabase, Vercel) as necessary to operate the Service, under strict data processing agreements.
Data Retention
Synced offer data is retained until you delete it, disable syncing, or delete your account. Upon account deletion, all synced data is permanently removed within 30 days.
Changes to This Policy
We may update this policy as the Extension evolves. Material changes will be communicated via the Extension update notes and on this page.