Privacy Policy
Last updated: 28 April 2026
CipherBC Email Tracker (“the extension”) is an internal tool built for the CipherBC outreach team. This policy describes what data the extension collects, why, and how it is stored.
Who this is for
The extension is distributed unlisted on the Chrome Web Store and is intended only for authenticated members of the CipherBC team. It is not designed for, or marketed to, the general public.
What we collect
When you use the extension to send an email from Gmail, we collect the following from that compose window:
- The sender’s Gmail address and CipherBC account identifier
- The recipient, CC, and BCC addresses
- The subject line
- The body of the email (HTML and plain text), with inline embedded images stripped, capped at 100 KB
- A list of clickable links present in the email at send time
- Engagement events that occur after the email is sent: opens (recorded by a 1×1 tracking pixel), clicks (recorded by link redirects), and replies (detected by reading the user’s Gmail SENT folder for new messages in the same conversation)
We do not read or store any email the user receives that is unrelated to a tracked outbound send. We do not collect financial information, health information, or browsing history outside of mail.google.com.
Why we collect it
The single purpose of the extension is to give the CipherBC team visibility into their own outreach: which emails landed, were opened, were clicked, and were replied to. The captured body is used internally to analyse what kinds of emails get the best responses. None of this data is used to profile recipients beyond recording that they engaged with a specific tracked email.
Where it lives
Tracked-email data is stored in our private Supabase database (hosted in the United States). Each row is access-controlled so that only the user who sent the email, and CipherBC administrators within the same organisation, can read it. The extension caches the user’s authenticated session and the list of connected Gmail addresses locally in chrome.storage.local so that tracking decisions can be made without a network round-trip during send.
What we do not do
- We do not sell user data to third parties.
- We do not share user data with anyone outside CipherBC, except as required by law.
- We do not use the data for advertising, profiling unrelated to outreach engagement, or determining creditworthiness.
- We do not load remote code at runtime.
Retention
Tracked-email data is retained for as long as the team finds it useful for outreach analysis. A user who leaves the team has their access revoked; their historical data may continue to be visible to administrators of the CipherBC organisation in line with normal business records.
Contact
Questions about this policy or requests to delete data can be directed to raja@cipherbc.com.