Soleora Privacy Policy

Soleora is a privacy-first, AI-native browser extension. This policy explains what information the service handles, why, where it is stored, third-party sharing, and your rights. The operator complies with Japan's Act on the Protection of Personal Information and other applicable laws.

• Operator: [TBD]
• Address: [TBD]
• Contact: support@soleora.app

Design principle: not collecting data is the best privacy protection. Soleora does not collect your browsing history and keeps the information it does handle to a minimum.

2.1 Stored only on your device (never sent to our servers):

• AI API keys (BYOK) — Anthropic / OpenAI / Google keys you optionally enter (chrome.storage.local)
• AI provider settings, search-engine choice, ad-block on/off

API keys are never sent to our servers; they go directly from your browser to the AI provider you choose.

2.2 Stored in our cloud (sync server):

• Device ID — a random UUID v4, not linked to your name or email address
• Reward-ledger entries — records of ad / recommendation interactions (kind, amount, source, metadata, timestamp), used to tally future revenue sharing

In Phase 0 the device ID is not tied to a name or email. Name/email collection is planned only when revenue sharing begins (Phase 3), with separate consent.

• Browsing history (visited URLs / page content)
• The content of your AI questions and answers — sent directly to your chosen AI provider, never through our servers
• Name, address, phone, or email (in Phase 0)
• Location, biometrics, third-party tracking cookies

To diagnose bugs, Soleora may send anonymous technical information (stack traces, extension version, error context) to an error-monitoring service (Sentry) only when a crash occurs. It is on by default, announced on first run, and can be turned off anytime in settings. We never send page URLs, AI prompts, or API keys — all are masked before sending.

• Provide core features (new tab, AI bar, ad blocking, search)
• Sync the reward ledger and tally future revenue sharing
• Diagnose issues and improve the service
• Comply with applicable law

AI providers (BYOK):Your prompt and your own API key go directly from your browser to the provider you choose (Anthropic, OpenAI, Google). Their handling follows each provider's own policy.

Infrastructure:

• Vercel Inc. — API hosting (Edge Functions)
• Neon Inc. — database (PostgreSQL), Singapore
• Functional Software, Inc. (Sentry) — error monitoring (opt-out), United States (US) region

Cross-border transfer: Reward-ledger data is stored in Singapore. By using the service you consent to this transfer. [TBD: confirm disclosure method under applicable law]

Revenue sharing / ads (Phase 3+): Amazon (gift codes via the Incentives API) and affiliate networks. Not active in Phase 0.

• Device-local data is removed when you uninstall the extension or clear its data
• Cloud device ID / ledger are deleted per [TBD: retention period and request procedure]
• Email [TBD] with your device ID to request disclosure or deletion of your cloud data

You may request disclosure, correction, suspension, or deletion of your personal information as provided by applicable law. Contact us via Section 6.

We use HTTPS, access control, and least-privilege principles. No method of internet transmission or storage is perfectly secure.

The service is not intended for [TBD: target age].

We may revise this policy. Material changes will be announced in the store listing or within the service.

[TBD: operator name] · [TBD: contact email]