Privacy Policy

TL;DR. Pluck doesn't send your scrapes, your AI key, or your saved jobs to any Pluck server. Everything lives in your browser. The only data we receive is your email at purchase time, so we can email you a license.

What Pluck stores, and where

• Saved jobs, settings, and run results are persisted in chrome.storage.local — local to your browser. They never leave your machine.
• Your API keys (Anthropic, Google Gemini, OpenAI) are stored only in chrome.storage.local. They are used directly by your browser to call the provider's API. Pluck has no server in that path.
• Your Pluck Pro license is a signed JWT. We verify it offline using a public key bundled in the extension. There is no "phone home" — the extension does not contact our server to check your license.

What Pluck sends to third parties

When you run a pattern-inference or scrape, the following happens:

• If you use Chrome built-in AI: nothing leaves your device. Inference runs locally on Gemini Nano.
• If you use Anthropic, Gemini, or OpenAI (BYOK): the relevant page HTML snippet and your example picks go directly from your browser to that provider's API. Their privacy terms apply.
• If you configure a webhook: your scraped rows go directly to your webhook URL with an HMAC signature header. Nowhere else.

What our marketing site collects

The landing site at pluck.app uses Vercel for hosting. Vercel logs standard HTTP request metadata (IP, user-agent, referrer). We don't install third-party analytics, tracking pixels, or session recorders.

The /api/infer endpoint exists for the "try without installing" demo button. It is a mock — it returns deterministic fake data and does not call any LLM. Demo requests are rate-limited and not retained beyond standard request logs.

What happens at purchase

When you buy Pluck Pro via Polar.sh, Polar collects your email and payment details under their privacy policy. Polar then sends a signed webhook to our server with your email; we mint your license, and email it to you via Resend. We do not retain your email or license server-side beyond what the webhook handler needs to do its job.

Chrome Web Store permissions explained

• activeTab and scripting: the picker overlay needs to inject UI into the page you're looking at when you click "Start picker".
• storage: saved jobs, settings, and your API keys live here.
• alarms: the scheduling feature uses Chrome alarms to fire re-runs on an interval.
• tabs: re-running a saved job opens a hidden tab to extract data, then closes it.
• host_permissions: <all_urls>: the picker has to work on any site you choose to use it on, so we request broad host access. Pluck only touches a tab when you explicitly start a picker or run a job.

Data retention and deletion

To delete everything Pluck knows about you locally: uninstall the extension. Chrome wipes chrome.storage.local on uninstall.

To delete the email + license record on our side: email ernest2011kostevich@gmail.com from the address you bought with. We process within 30 days.

Contact

Questions, concerns, or data-deletion requests: ernest2011kostevich@gmail.com.