EC Diag Chrome Extension Privacy Policy

Effective date: July 11, 2026

Back

Who we are

EC Diag is provided by OnTimeStack. For privacy questions or data requests, contact: diego.moraes@ontimestack.com.

What EC Diag does

EC Diag is a Chrome extension for e-commerce journey diagnostics. When a user activates the extension on a website, EC Diag captures and analyzes e-commerce journey signals to diagnose tracking quality, attribution evidence, funnel progress, e-commerce events, payload quality, network evidence, and AI-powered diagnostic reports for active store sessions.

Data we collect

Depending on how the extension is used and how a store is implemented, EC Diag may collect or process the following data:

EC Diag is not designed to collect health information, payment card data, passwords, authentication secrets, personal communications, or precise location data. If such data appears accidentally in website payloads or logs, EC Diag attempts to sanitize, redact, or minimize it.

  • Account/login data, including the email address used to sign in and authentication or session status.
  • Store/session metadata, including active tab URL, page URLs, relevant page titles, timestamps, session identifiers, and extension operational state.
  • E-commerce journey data, including detected e-commerce events, funnel stages, attribution signals, platform/tool indicators, payload quality indicators, diagnostics, and related evidence.
  • Network diagnostic data, including relevant browser network request metadata and sanitized HAR/network logs when the user exports or imports HAR files.
  • Website content-derived technical signals, limited to page or context signals needed to identify e-commerce journey state, tracking technologies, events, attribution, and diagnostic evidence.
  • User activity related to the diagnostic session, including clicks, page transitions, tab changes, micro-interactions, and captured events that help explain the e-commerce journey.
  • Feedback/support data, including problem descriptions submitted by the user and sanitized support attachments or logs.
  • AI report input/output, including sanitized EC Diag diagnostic logs sent to the backend to generate an AI-powered report, plus the generated report.

Sanitization and Data Minimization

EC Diag is designed to minimize sensitive data collection. Where supported, diagnostic logs, support attachments, HAR/network evidence, and AI-report inputs are sanitized before they are sent to the backend or exported.

Sanitization may include masking or removing obvious personal identifiers, such as emails, phone numbers, tokens, secrets, authorization headers, cookies, payment-like values, and other sensitive fields. EC Diag also attempts to reduce raw payloads to diagnostic evidence relevant to e-commerce journey analysis, attribution, tracking quality, funnel progress, payload quality, and troubleshooting.

For AI-powered reports, EC Diag is designed to use summarized EC Diag diagnostic logs where possible instead of raw HAR files.

Because websites and network payloads vary widely, sanitization cannot be guaranteed to remove every sensitive value in every case. Users should not submit passwords, payment details, customer personal data, or other sensitive information in support messages, imported files, or diagnostic sessions unless they are authorized to do so.

How we use data

EC Diag uses data only to:

  • Authenticate users.
  • Provide diagnostic capture and analysis.
  • Generate funnel, attribution, event, payload-quality, and tracking-gap diagnostics.
  • Generate user-requested AI reports.
  • Support import/export of logs and HAR files.
  • Handle support and problem reports.
  • Improve reliability, security, and abuse prevention.

AI and service providers

EC Diag uses backend services hosted on Supabase and may use OpenRouter, OpenAI GPT-4o, or equivalent model providers to generate AI-powered reports requested by the user.

AI report generation uses diagnostic logs, not raw HAR files where avoidable, and is used only for the extension’s diagnostic purpose. Service providers process data on behalf of OnTimeStack and are not permitted to use it for unrelated purposes.

Data sharing

OnTimeStack does not sell user data. Data is not transferred to third parties except in the following cases:

  • Service providers needed to operate EC Diag.
  • Legal, security, or compliance reasons if required.
  • When the user explicitly exports, downloads, or shares files.

Data storage and retention

Some data is stored locally in the browser for extension functionality. Backend data may be stored in Supabase for login, sessions, reports, feedback, attachments, and operational records. Feedback attachments are stored in a private Supabase Storage bucket.

Data is retained only as long as needed for product functionality, support, legal or security obligations, or until applicable deletion policies apply. Exact retention periods may vary while product operations and deletion policies are finalized.

User controls

Users can:

  • Sign out of the extension.
  • Clear local extension data where supported.
  • Choose whether to start or stop capture.
  • Choose whether to import or export logs or HAR files.
  • Choose whether to generate an AI report.
  • Contact OnTimeStack to request access, correction, or deletion of personal data.

Security and minimization

EC Diag is designed to be observation-only and not modify checkout or store behavior. Access to backend services is controlled.

No system can guarantee perfect security.

Children

EC Diag is not intended for children or for collecting children’s data.

International users

Data may be processed in countries where OnTimeStack or its service providers operate.

Changes to this policy

This policy may be updated from time to time. When it changes, the effective date will be updated.

Contact

For privacy questions or data requests, contact: diego.moraes@ontimestack.com.

OnTimeStack

© 2026 OnTimeStack. All rights reserved.

Privacy Policy
Designed by Sarah Ninsi