What we collect — the entire schema, in plain English.

Most privacy policies are unreadable. Ours is a table. Last updated 15 May 2026.

Per submission

One row is written when a user reaches an install or uninstall page and submits the form. Here is the entire schema, field by field.

extension_id

The 32-character Chrome Web Store ID identifying which extension this is for.

page_type

Either install or uninstall.

install_id

A random 128-bit ID generated by the SDK on first run and stored in chrome.storage.local. Resets if the user uninstalls and reinstalls. Used to correlate an install with a later uninstall without identifying the user.

ext_version

The version of the extension at submission time (e.g. 1.4.2).

locale

Browser UI language as reported by chrome.i18n.getUILanguage() (e.g. en-US).

reason_key

Which reason chip the user clicked (e.g. too_buggy). NULL if they clicked Skip.

freeform_text

What the user typed in the optional text box. NULLed 90 days after submission.

extra_answers_json

Answers to any developer-defined microsurvey questions, stored as JSON.

email

Only stored if the user explicitly opted in by filling the optional email field. NULLed 90 days after submission.

ip_hash

HMAC-SHA256 of the user's IP with a server-side secret. One-way — we cannot recover the IP from it. Used only to count and rate-limit; never linked to identity.

user_agent

Browser user-agent string, truncated to 255 characters.

created_at

UTC timestamp.

Opt out forever

Don't want to be surveyed by any extension using ExtensionFeedback?

Opt out forever

That sets a cookie on this domain. We then drop every submission from your browser, for every extension on the platform, forever. The cookie's value is a random 128-bit ID — we don't tie it to anything.

Retention

Free-form text and email addresses are auto-NULLed in the database 90 days after submission. The row stays so analytics keep working, but the personal-ish content is gone. Developers can request full account deletion (and cascading row removal) any time from /dashboard/account.

What we don't do

• No third-party analytics (no GA, Plausible, Segment, Mixpanel).
• No tracking pixels.
• No remote code loaded by the SDK; the SDK file is the entire story.
• No fingerprinting (canvas, font, audio, WebGL, anything).
• No selling, sharing, or licensing of submission data.
• No email is ever sent. Recovery uses a code you save at signup.
• No persistent cross-site tracking cookies.

Contact

Account-holders can request full data export and account deletion from /dashboard/account. A formal contact endpoint will land alongside the public repo.