Summary
CashbackMax does not collect, store, or transmit any personal data to the extension developer or any third party. All data fetched from cashback portals is cached locally in your browser and is never sent anywhere else.
1. What Data We Collect
We do not collect any data.
CashbackMax does not have a backend server, analytics pipeline, crash reporting service, or any remote endpoint controlled by the extension developer. There is no account creation, no login, and no user identifier of any kind.
2. What Data Is Processed Locally
To provide its functionality, CashbackMax processes the following data entirely within your browser:
- URL of the current browser tab — sent to cashback portal APIs to look up offers for the current shop. Not stored; used only for the API request.
- Cashback offer responses from Tipli, Plná Peněženka, and Hamty — displayed in the pill and popup. Stored in
chrome.storage.local(your device only) for up to 24 hours. - Account balance responses from Tipli, Plná Peněženka, and Hamty — displayed in the popup. Stored in
chrome.storage.local(your device only) for up to 15 minutes. - Your theme preference (dark/light mode) — stored in
chrome.storage.local(your device only) until you clear extension data or uninstall.
All items in chrome.storage.local are stored on your local device only. They are never synchronised to Google's servers (we do not use chrome.storage.sync), and they are never transmitted to any server controlled by this extension.
3. Data Sent to Third-Party Services
CashbackMax sends data to the following services solely for the purpose of retrieving cashback offers on your behalf. This is equivalent to what happens when you visit those portals directly in your browser.
- Tipli (
tipli.cz) — URL of the current page and your Tipli session cookie (browser-managed) to retrieve cashback rates and coupon codes. - Plná Peněženka (
plnapenezenka.cz,api.plnapenezenka.cz) — a session token obtained from your existing PP login to retrieve the partner shop list and your account balance. - Hamty (
hamty.cz) — URL of the current page for balance scraping; no data for the public partner list.
These requests are made on your behalf, using your existing logged-in sessions on those portals. If you are not logged in to a portal, the extension retrieves the same data that any anonymous visitor would see.
The extension developer has no access to the responses from these services. All responses go directly from the portal's servers to your browser.
Each of these services has its own privacy policy:
- Tipli: tipli.cz/ochrana-osobnich-udaju
- Plná Peněženka: plnapenezenka.cz/ochrana-osobnich-udaju
- Hamty: hamty.cz/ochrana-osobnich-udaju
4. Cookies
CashbackMax uses the credentials: 'include' flag when making fetch requests to cashback portal APIs. This instructs the browser to attach any cookies that already exist for those domains — exactly as a normal browser navigation would.
The extension cannot read, write, modify, or delete cookies. It does not hold the cookies manifest permission. The credentials: 'include' flag only controls whether the browser's built-in cookie jar is consulted for the outgoing request; the extension code never has access to the cookie values themselves.
5. Permissions Explanation
storage— to cache API responses and save your theme preference locally viachrome.storage.localtabs— to read the URL of your active tab so the popup knows which shop to look upactiveTab— to inject the floating pill content script into the current tabclipboardWrite— to copy coupon codes to your clipboard when you click the copy button- Host permissions for
tipli.cz,api.plnapenezenka.cz,www.plnapenezenka.cz,www.hamty.cz— to make cross-origin fetch requests to the cashback portal APIs
No other permissions are requested or used.
6. Children's Privacy
CashbackMax is not directed at children under the age of 13. We do not knowingly collect any information from children.
7. Changes to This Policy
If a future version of CashbackMax introduces changes that affect how data is handled, this document will be updated and the version number and "Last updated" date at the top will change. Significant changes will be noted in the release changelog.
8. Contact
If you have questions about this privacy policy or the extension's data practices, please open an issue in the GitHub repository or contact the developer at ondra@ondra-vlasek.cz.