Skip to main content

Privacy Policy

This privacy policy has been compiled to better serve those who are concerned with how their 'Personally Identifiable Information' (PII) is being used online. PII, as described in US privacy law and information security, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Please read our privacy policy carefully to get a clear understanding of how we collect, use, protect or otherwise handle your Personally Identifiable Information in accordance with our Chrome extension and website.

What personal information do we collect?

When using our Chrome extension, we collect the following information:

  • Web scraping outputs & DOM snapshots: When you trigger an extraction, the extension serializes the relevant DOM, sends it to our sandboxed workers, and saves the structured tables plus run metadata (page URL, title, timestamps, Python scripts, and tool logs) in your encrypted Lection account so you can rerun or delete them later.
  • Optional session context: If you turn on the “Attach cookies & fingerprint” toggle inside the extension, we collect first‑party cookies for the current origin plus a browser fingerprint and encrypt that bundle before uploading it with the scrape. This toggle is off by default and can be revoked at any time.
  • Account information: When you create an account we collect your email address, authentication state, and any profile details you submit.
  • Usage data: We log high-level product telemetry—such as which agent tools ran, pagination attempts, and scrape success/failure codes—to improve reliability. These logs never include DOM content.
  • Browser data: We only read page content after you explicitly start a scrape or request an agent action. We do not passively monitor browsing history, and you can clear stored scrapes, cookies, and fingerprints at any time from the dashboard.
  • DOM snapshots for sandboxed tools: When you ask the AI to “Run Console Expression” (or similar DOM probes), the extension serializes the active page’s HTML, selection text, and viewport metadata and sends that payload to our server-side sandbox so the script can run safely outside of Chrome. Snapshots are encrypted in transit and deleted immediately after the sandbox finishes.

How do we use your information?

We may use the information we collect from you in the following ways:

  • To process your web scraping requests, run sandboxed DOM/JS analysis, and store the resulting structured data in your account
  • To replay saved scrapes (including any cookies/fingerprints you explicitly attach) so cloud runs can stay signed in on your behalf
  • To provide customer support and respond to your inquiries
  • To send you important updates about our service
  • To analyze usage patterns and improve our extension's functionality

Data storage and security

We store the tables, scripts, and metadata generated by your scrapes in a Supabase-hosted database on Google Cloud (U.S. regions). This lets you view history, rerun past automations, and delete artifacts from the dashboard at any time. Optional cookie and fingerprint bundles are encrypted client-side with short-lived keys before upload.

When the AI needs to run custom JavaScript, the DOM snapshot, script, and helper metadata are sent to our servers purely for sandbox execution. These payloads are encrypted in transit, retained in memory just long enough to execute, and discarded after the sandbox finishes. We keep minimal audit logs—script hashes, Supabase user IDs, request timestamps, and resource limits—for up to 30 days to detect abuse.

Our website and services are scanned regularly for security holes and known vulnerabilities. We use regular malware scanning and implement a variety of security measures to maintain the safety of your personal information. All sensitive information is encrypted via Secure Socket Layer (SSL) technology.

Do we use cookies?

Yes. Cookies are small files that a site or its service provider transfers to your computer's hard drive through your Web browser (if you allow) that enables the site's or service provider's systems to recognize your browser and capture and remember certain information.

We use cookies to:

  • Help remember your preferences for future visits
  • Compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future
  • Maintain your session when using our web dashboard

Third-party disclosure

We do not sell, trade, or otherwise transfer to outside parties your Personally Identifiable Information unless we provide users with advance notice. This does include website hosting partners and other parties who assist us in operating our website, conducting our business, or serving our users. We may also release information when it's release is appropriate to comply with the law in the United States.

Third-party links

We do not include or offer third-party products or services on our website or extension.

California Online Privacy Protection Act

CalOPPA is the first state law in the nation to require commercial websites and online services to post a privacy policy. According to CalOPPA, we agree to the following:

  • Users can visit our site anonymously
  • Our Privacy Policy link includes the word 'Privacy' and can easily be found on our website
  • You will be notified of any Privacy Policy changes on our Privacy Policy Page
  • You can change your personal information by logging in to your account

How does our site handle Do Not Track signals?

We honor Do Not Track signals and Do Not Track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.

COPPA (Children Online Privacy Protection Act)

When it comes to the collection of personal information from children under the age of 13 years old, the Children's Online Privacy Protection Act (COPPA) puts parents in control. We do not specifically market to children under the age of 13 years old.

Fair Information Practices

The Fair Information Practices Principles form the backbone of privacy law in the United States. In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:

  • We will notify you via email within 7 business days

CAN SPAM Act

The CAN-SPAM Act is a law that sets the rules for commercial email. We collect your email address in order to:

  • Send information, respond to inquiries, and/or other requests or questions
  • Send you additional information related to your product and/or service

To be in accordance with CANSPAM, we agree to not use false or misleading subjects or email addresses, identify the message as an advertisement in some reasonable way, include the physical address of our business, monitor third-party email marketing services for compliance, honor opt-out/unsubscribe requests quickly, and allow users to unsubscribe by using the link at the bottom of each email.