Privacy Policy for weetwiz

WeetWiz Privacy Policy

Last updated: June 18, 2026 · Hosted at weetwiz.com/privacy_policy_v2

This Privacy Notice for Juraj Badal ("I," "me," or "my"), describes how and why I might access, collect, store, use, and share your personal information when you use WeetWiz. WeetWiz is a passive security audit browser extension. It intercepts HTTP response headers on every page load and sends them to the WeetWiz API for analysis. It does not read page content, form data, or stored browser cookies.

Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. If you do not agree with these policies and practices, please do not use the Services.

Table of Contents

  1. What information do we collect?

  2. How do we process your information?

  3. What legal bases do we rely on?

  4. When and with whom do we share your information?

  5. Cookies and tracking technologies

  6. How long do we keep your information?

  7. How do we keep your information safe?

  8. Do we collect information from minors?

  9. What are your privacy rights?

  10. Controls for Do-Not-Track features

  11. United States residents — specific rights

  12. Do we make updates to this notice?

  13. How can you contact us?

  14. How can you review, update, or delete your data?

  15. Technical appendix — data fields & permissions

  16. Cookie Policy

1.What information do we collect?

Personal information you provide When registering, you provide your email address via the in-extension onboarding flow. It is sent to https://weetwiz-api.weetwiz.com/api/checkout to initiate a Stripe checkout session. Your email is used to create your WeetWiz account, deliver your API key, and send account-related communications. No marketing emails are sent without explicit consent.

Information collected automatically On every main-frame browser navigation, the extension automatically sends a POST request to https://weetwiz-api.weetwiz.com/api/score containing:

  • Full URL of the page visited
  • Protocol (https: or http:)
  • All HTTP response headers returned by the server
  • Values of Set-Cookie response headers only (not cookies stored in your browser)
  • Server IP address resolved by Chrome for the request
  • Your API key (as a request header for authentication)

Note: The extension does not read page HTML, JavaScript, CSS, rendered content, form inputs, or cookies already stored in your browser.

Payment data If you choose to make a purchase, payment data (card number, security code) is handled and stored entirely by Stripe. I do not receive or store your payment instrument details. See Stripe's privacy policy: stripe.com/en-sk/privacy. Information not collected

  • Page HTML, JavaScript, CSS, or any rendered content
  • Form inputs or user-typed data
  • Stored browser cookies
  • Browsing history (each scan is independent)
  • Location data
  • Information from third parties — none collected

2.How do we process your information?

I process your information to provide, improve, and administer WeetWiz. Specifically:

  • Security scoring — URL, headers, cookies (response), and server IP are sent to the WeetWiz API to compute a security score for the visited site and return results to your extension.
  • Account management — your email is used to create your account, issue your API key, and communicate account-related information.
  • Payment processing — your email is shared with Stripe to initiate a checkout session.
  • Transactional email — your email is shared with Resend solely to deliver your API key token and account notifications. I do not use your information for advertising, profiling, or any purpose beyond what is listed above.

3.What legal bases do we rely on?

I only process your personal information when I have a valid legal reason to do so under applicable law.

  • Consent — where you have given me permission to use your information for a specific purpose.
  • Contract performance — where processing is necessary to fulfill a contract with you (providing the WeetWiz service you have subscribed to).
  • Legitimate interests — where processing is in my legitimate interests and not overridden by your rights (e.g., ensuring security and fraud prevention).
  • Legal obligation — where I must comply with applicable law.

If you are located in the EU or UK, this section applies to you under the GDPR and UK GDPR. If you are located in Canada, this section applies to you under PIPEDA.

4.When and with whom do we share your information?

I share information only with the following third-party services, strictly for the stated purposes: Service |Purpose| ( Data shared) [Privacy policy]

  • WeetWiz API runs on Cloudflare Workers |Security scoring|, (URL, HTTP response headers, Set-Cookie response headers, server IP, API key), [cloudflare.com]
  • Stripe |Payment processing| (Email address, payment details (handled entirely by Stripe)) [stripe.com]
  • Resend resend.com |Transactional email delivery (API key tokens)| (Email address) [resend.com]

Business transfers I may share or transfer your information in connection with a merger, sale, financing, or acquisition. You will be notified via the email address associated with your account.

No advertising or analytics I do not permit third parties to use tracking technologies on WeetWiz for advertising or analytics purposes. No advertisements are shown. No user profiling for marketing purposes is performed.

5.Cookies and tracking technologies

WeetWiz is a browser extension, not a website. The extension itself does not set tracking cookies in your browser.

The WeetWiz website (weetwiz.com) may use cookies strictly necessary for its operation (e.g., session management). No advertising, analytics, or third-party tracking cookies are used on the website.

You can configure your browser to block or remove cookies. This will not affect extension functionality.

6.How long do we keep your information?

I keep personal information only for as long as necessary for the purposes described in this notice or as required by law.

  • Security scan data (URL, headers, server IP) — transmitted to the WeetWiz --- API to compute a score and not stored persistently after the score is returned.
  • Email address — retained while your account is active. Deleted upon account deletion request.
  • API key — retained until account deletion. Revoked immediately upon deletion request.
  • Local scan results (chrome.storage.session) — cleared automatically when the browser is closed.
  • Local preferences (chrome.storage.local) — retained until the extension is uninstalled.

7.How do we keep your information safe?

I have implemented appropriate technical and organizational security measures to protect your personal information. All data transmitted between the extension and the WeetWiz API is sent over HTTPS. The API is authenticated via API key. However, no electronic transmission over the Internet can be guaranteed 100% secure. Transmission of personal information to and from the Services is at your own risk. You should only access the Services within a secure environment.

8.Do we collect information from minors?

I do not knowingly collect data from or market to children under 18 years of age. By using the Services you represent that you are at least 18 years old. If I learn that personal information from users under 18 has been collected, the account will be deactivated and the data deleted promptly. If you become aware of any such data being collected, please contact me at [email protected].

9.What are your privacy rights?

EEA, UK, Switzerland, and Canada In these regions, under applicable data protection laws (GDPR, UK GDPR, PIPEDA), you have the right to:

  • Request access to and a copy of your personal information
  • Request rectification or erasure of your personal information
  • Restrict or object to the processing of your personal information
  • Request data portability
  • Not be subject to automated decision-making with significant effects
  • Withdraw consent at any time (where processing is based on consent)

To exercise these rights, email me at [email protected]. I will respond within 30 days.

If located in Switzerland: you may contact the Federal Data Protection and Information Commissioner.

Account deletion You may request deletion of your account and all associated data (email, API key) by emailing [email protected]. Upon deletion the API key is revoked and the email address removed from all systems within 30 days. Local extension data can be removed at any time by uninstalling the extension.

10.Controls for Do-Not-Track features

Most browsers include a Do-Not-Track ("DNT") feature. WeetWiz does not track users across third-party websites for advertising purposes, so DNT signals have no material effect on its behavior. The security scan performed on each page navigation is a functional feature of the extension, not tracking.

11.United States residents — specific privacy rights

If you are a resident of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia, you may have additional rights under applicable state privacy laws (including CCPA/CPRA).

Categories of personal information collected (past 12 months)

Category |Examples| [Collected]

  • Identifiers |Email address, unique account identifier (API key)| [Yes]

  • Commercial information |Subscription status| [Yes (via Stripe)]

  • Internet / network activity |URLs visited, HTTP response headers, server IP| [Yes — for security scoring only]

  • Geolocation data |Precise physical location| [No]

  • Biometric information Fingerprints, voice, face No

  • Inferences / profiling Profiles drawn about a consumer No

No sale or sharing of personal information

I have not disclosed, sold, or shared any personal information to third parties for a business or commercial purpose in the preceding twelve (12) months. I will not sell or share personal information belonging to users in the future. Your rights

  • Right to know whether your personal data is being processed
  • Right to access your personal data
  • Right to correct inaccuracies in your personal data
  • Right to request deletion of your personal data
  • Right to obtain a copy of personal data you previously shared
  • Right to non-discrimination for exercising your rights
  • Right to opt out of the sale or sharing of personal data (not applicable — no sale or sharing occurs)

How to exercise your rights To exercise any of the above rights, email [email protected]. I will respond within the timeframe required by applicable law (generally 45 days, extendable by another 45 days with notice).

12.Do we make updates to this notice?

I reserve the right to update this Privacy Notice at any time. Changes will be reflected by updating the "Last updated" date at the top of this page. For material changes, I will notify registered users by email. Continued use of WeetWiz after changes constitutes acceptance of the revised policy.

13.How can you contact us about this notice?

If you have questions or comments about this notice, you may email: Juraj Badal

[email protected]

14.How can you review, update, or delete your data?

Based on the applicable laws of your country or state of residence, you may have the right to request access to the personal information I collect from you, details about how it has been processed, correction of inaccuracies, or deletion of your personal information. You may also have the right to withdraw your consent. To submit a request, email [email protected]. Requests are processed within 30 days.

15.Technical appendix

This section lists the data fields, local storage keys, and browser permissions used by WeetWiz. Details are provided for transparency.

16.Cookie Policy

WeetWiz is a browser extension, not a website with advertising or analytics. This section clarifies how cookies are handled across all parts of the WeetWiz service.

Extension — no cookies set

The WeetWiz browser extension does not set, read, or modify cookies in your browser. It does not use tracking pixels, web beacons, or any equivalent technology.

What "cookies" means in WeetWiz scans

When the extension audits a website, the cookies field sent to the WeetWiz API contains only the Set-Cookie response headers returned by that website's server — not the values of cookies stored in your browser. This data is used exclusively to check cookie security flags (HttpOnly, Secure, SameSite) and is not retained after the security score is returned.

weetwiz.com website

The WeetWiz website (weetwiz.com) may use cookies strictly necessary for its operation (e.g., session management). No advertising cookies, analytics cookies, or third-party tracking cookies are set on the website.

Your controls

You can configure your browser to block or delete cookies at any time. Doing so will not affect the security audit functionality of the extension. Most browsers offer cookie controls under Settings → Privacy.

© 2026 Juraj Badal · WeetWiz · [email protected]