Privacy
Privacy Policy
1. Who we are
PureFeed ("we", "us", "our") is a Chrome browser extension and accompanying web service operated by Nexlr Pvt Ltd. PureFeed classifies publicly visible social media posts and helps users filter their own feeds based on category and quality scores.
You can contact us at support@purefeed.io.
2. Limited Use disclosure (Chrome Web Store)
PureFeed's use of information received from Google APIs, and any data accessed via Chrome browser APIs, adheres to the Chrome Web Store User Data Policy, including the Limited Use requirements. Specifically:
- We only use the data we collect to provide and improve PureFeed's content classification and filtering features, and to support our paid subscription.
- We do not transfer or sell user data to third parties for advertising, marketing, data brokerage, or any other purpose unrelated to providing PureFeed.
- We do not use user data to train generalized AI/ML models. We do use aggregated, anonymized classification feedback to improve our own classifier — see Section 5.
- We do not allow humans to read your data, except (a) with your explicit consent, (b) to investigate abuse or comply with law, or (c) where the data has been aggregated and anonymized.
3. What we collect
3.1 Public post content
When you visit Reddit, YouTube, or X (Twitter) with the extension installed and enabled, our content script reads the publicly visible title, description/body, creator/channel name, and URL of posts on the page so we can classify them. We then compute a SHA-256 hash of the normalized text.
Where the post text actually goes. When a post is not already in our cache, the following data leaves your device:
- Your browser sends the post's title, description, creator name, and URL over HTTPS to PureFeed's backend on Vercel (United States).
- Our backend forwards just the post text (no IP address, no install ID, no user identifier) to OpenRouter (United States), which routes the request to Google's Gemini Flash model.
- Google's response (category + numeric scores) is returned to our backend, written to the shared classification cache keyed by content hash, and returned to your browser.
Cached classifications are reused for all future requests for the same content from any user — neither OpenRouter nor Google sees the same post twice. Per OpenRouter's and Google's API terms, post text submitted via the paid Gemini API is not used to train their models.
We do not read:
- Anything behind authentication walls (private subreddits, locked accounts, DMs, drafts, etc.)
- Cookies, session tokens, passwords, payment info, or browser history
- Form inputs, your own posts before publishing, or any data outside the supported feed views
3.2 Classification results (shared cache)
Once classified, post text, scores, and categories are stored in our database keyed by the content hash. The same hash from any user returns the cached classification. This shared cache is what makes the extension affordable — popular posts are classified once, not per user.
Classification rows are not associated with individual users; they are content records.
3.3 Account data (only if you create an account)
If you sign up (required for the Pro tier or cloud-synced preferences), we collect:
- Email address
- Authentication identifier (from Supabase Auth or Google OAuth, depending on sign-in method)
- Your filter preferences (which categories to hide, score thresholds, etc.)
- License key and subscription status (relayed from Dodo Payments — we never see your card details)
3.4 Anonymous usage telemetry
We collect aggregate, anonymous daily counts to operate the service: posts classified per extension install per day, cache hit rate, error counts, and adapter health. These are keyed by a randomly generated install ID stored locally on your device. They are not linked to your account or identity.
3.5 Feedback
If you press the thumbs up/down on a classification, we store the vote linked to the classification (not to you).
3.6 Support correspondence
If you email us, we store your email and the contents of your message to respond.
4. What we do NOT collect
- Browsing history outside of Reddit, YouTube, and X feed pages
- Private messages, DMs, drafts, or unpublished content
- Passwords, authentication cookies, payment cards, or banking details
- IP addresses for tracking (server logs may briefly retain them for abuse prevention — see Section 7)
- Location data
- Information from any website other than the three supported platforms
5. How we use your data
| Data | Purpose |
|---|---|
| Public post content | Classify it via Gemini (Google) and return category + scores |
| Content hash + classification | Cache results to avoid re-classifying the same content |
| Email + account data | Authenticate you, sync your preferences, manage your subscription |
| License key + subscription status | Determine whether you have free or Pro features unlocked |
| Anonymous telemetry | Detect platform breakage, monitor cost, calibrate the free-tier usage cap |
| Feedback votes | Improve classification accuracy in aggregate; training data for our own future model |
We do not sell, rent, or share your personal data with third parties for marketing.
6. Third parties we use ("sub-processors")
| Provider | What they receive | Why |
|---|---|---|
| Google (Gemini API) via OpenRouter | The public post text being classified. No user identity. | LLM classification |
| Supabase | Account data, preferences, classification cache, license records | Database, authentication |
| Vercel | HTTP request data for the backend API | Hosting |
| Dodo Payments | Your name, email, billing country, and payment details (entered on Dodo's checkout — we never see your card) | Payment processing, subscription management |
| Sentry | Error reports including stack traces and snippets of the data being processed at the time of error | Bug detection |
| Email provider (Resend or equivalent) | Your email address and message content for transactional and digest emails | Sending email |
7. Server logs and security
Our backend may briefly retain HTTP request logs (including IP address) for up to 30 days for abuse prevention and debugging. Logs are not used to build user profiles and are not shared. We use HTTPS for all network communication.
8. Data retention
- Account data: retained until you delete your account, then purged within 30 days.
- Preferences: same as account.
- Classification cache: retained indefinitely (content hashes, not tied to users).
- Anonymous telemetry: retained for up to 12 months in aggregate form.
- Server logs: up to 30 days.
- Support email: retained for up to 24 months after last contact.
- Subscription records: retained as long as required by tax/accounting law (typically 7 years).
9. Your rights
Depending on where you live (GDPR/UK/CCPA jurisdictions in particular), you have the right to access, correct, delete, export, and object to processing of your personal data, and to withdraw consent. Email support@purefeed.io to exercise any of these rights — we respond within 30 days. You can also delete the extension at any time via chrome://extensions/, which stops all data collection from your device.
10. Children
PureFeed is not directed to children under 13 (or under 16 in the EEA/UK). We do not knowingly collect personal data from children.
11. International transfers
Our servers are hosted on Vercel and Supabase, which may process data in the United States and other regions. Where required by law, we rely on Standard Contractual Clauses or equivalent safeguards for cross-border transfers.
12. Changes to this policy
We may update this policy. For material changes (new sub-processors, new data categories, changed purposes), we'll notify active users via in-extension notice or email at least 14 days before the change takes effect.
13. Governing law
This policy is governed by the laws of India. Any dispute will be resolved in the courts of India.
14. Contact
Nexlr Pvt Ltd
Email: support@purefeed.io
Website: https://purefeed.io