Privacy Policy — Lucid Spotlight Extension

1. Introduction

Lucid Spotlight is a browser extension developed by Lucid Privacy to help identify and understand privacy-related technologies (trackers, consent management platforms, and analytics tools) on websites you visit.

This privacy policy explains what data we collect, how we use it, and your rights regarding your information.

2. Data We Collect

2.1 Authentication Data

• Email address and password (when you create an account or log in)
• Authentication tokens (stored securely in Chrome's local storage)
• Account information (user ID, name, role)

Why we collect this: To provide authenticated access to our tracker database API and sync your settings across devices.

2.2 Page Scanning Data (Processed Locally)

When you scan a webpage, the extension analyzes:

• Page URL and domain
• Script sources (JavaScript files loaded on the page)
• Cookies (name, domain, value)
• Local storage items (keys and values)
• Session storage items (keys and values)
• Network requests (URLs and request types, when network monitoring is enabled)
• DOM elements (when using picker tools)

Why we collect this: To detect privacy technologies and identify tracking patterns. This data is processed locally in your browser unless you explicitly submit findings.

2.3 Voluntary Submissions

When you voluntarily submit data through the extension:

• CMP selectors (DOM selectors for consent management platform buttons)
• Tracker signatures (patterns for detecting new trackers)
• Detection feedback (reports of incorrect detections, including the page URL, matched patterns, and your notes)
• Resource hints (information to help our scanner find privacy tools)
• AI signature suggestions (unknown tracker data sent to our API for analysis, including tracker domain, URL, and type)
• Page context (URL, domain, when you tested)
• Extension version

Why we collect this: To improve our tracker database and help the privacy research community identify new tracking technologies.

2.4 Automatic Data

• Extension version number
• Sync status (last sync time, signature counts)
• Error logs (when extension encounters errors)

We also collect anonymized, sanitized error messages to diagnose bugs — no URLs, browsing data, or personal information is included.

Why we collect this: To provide support, debug issues, and improve the extension.

2.5 Anonymous Usage Telemetry (Default: On)

We collect anonymous usage telemetry to improve Lucid Spotlight. This includes: event names (e.g. “scan completed”), extension version, browser platform, browser locale, detection counts, and sanitized error messages. We also generate a random installation identifier (UUID) stored locally in your browser to count unique active users — this ID is not derived from or linked to any personal information. All telemetry is sent to our own server (telemetry.lucidprivacy.io). No URLs, browsing data, or personally identifiable information is included. You can disable telemetry entirely in the extension settings.

What anonymous telemetry collects

• Event name — one of a fixed set: extension_opened, scan_started, scan_completed, report_exported, unknown_trackers_scanned
• Extension version
• Browser platform (Chrome, Edge, or Brave)
• Browser locale (e.g. “en-US”)
• Detection counts (number of trackers, CMPs, or other technologies found per scan)
• Sanitized error messages (anonymized, with no URLs, browsing data, or personal information)
• Installation ID — a random UUID generated and stored locally in your browser, used only to count unique active installations. This ID is not derived from or linked to any personal information

What anonymous telemetry NEVER collects

• User identity, email, or any personally identifiable information
• URLs, domains, or any browsing data
• Tracker names, scan results, or page content
• IP addresses (our backend does not log source IPs)

How it works

Each ping is a fire-and-forget HTTPS POST. There is no batching, no queuing, and no session tracking. The installation ID is a random UUID that cannot be linked to your identity or browsing behavior.

How to opt out

Open the extension, go to Settings > Privacy & Analytics, and toggle off "Usage analytics." This disables both anonymous telemetry and Mixpanel analytics (Section 2.6) immediately. Your preference is stored locally and persists across sessions.

Infrastructure

• Endpoint: https://telemetry.lucidprivacy.io (our own backend)
• Transport: HTTPS
• No third-party processors — data is received and stored by Lucid Privacy directly

2.6 Authenticated Usage Analytics (Optional)

We recognize the irony of a privacy tool collecting analytics — so we want to be unusually transparent about what we do, why we do it, and the specific protections we've built to ensure analytics never undermines the privacy mission of this product.

Why a privacy tool uses analytics

Lucid Spotlight is an authenticated SaaS product — you log in with your account to access our tracker database and tools. Like any software product, we need to understand which features are valuable, where users get stuck, and how to prioritize development. Without analytics, we're building blind.

That said, we hold ourselves to a higher standard. We don't use an off-the-shelf analytics SDK with default settings. We've built a custom analytics layer with privacy protections that go well beyond industry norms.

What we collect

Analytics events track what you do in the extension — not what you do on the web. Specifically:

• Feature usage events — which extension features you use (e.g., page scans, picker tool, signature creation), not what you use them on
• Aggregate scan statistics — how many trackers were found per scan and the category breakdown (e.g., "3 analytics, 2 advertising"), not which trackers or which websites
• Settings changes — which settings you toggle on or off
• Error counts — the API endpoint and HTTP status code when errors occur, not the request or response content
• Session events — when the extension is opened, and login/logout events
• Sync statistics — how many signatures and products were synced and how long the sync took
• User profile — your name, email, and role, as provided during account registration

What we NEVER collect through analytics

This is enforced in code, not just policy:

• URLs, domains, or any indication of which websites you visit
• Page content, scripts, cookie values, or local storage data
• Tracker names, company names, or detection results
• Selector strings, DOM content, or submission details
• Any data that could identify your browsing behavior

How we enforce this technically

We don't rely on developers remembering to exclude sensitive data. Our analytics module enforces privacy through two mechanisms built into the code:

1. Property name allowlist. Every event property must be on an explicit allowlist of known-safe names (e.g., tracker_count, duration_ms, feature, enabled). If a developer accidentally adds a property like page_url or cookie_value, it is silently dropped — it never reaches the analytics service. In development, a console warning alerts the developer to the blocked property.
2. Value pattern scanning. Even for allowed property names, all string values are scanned for patterns that resemble URLs, email addresses, or domain names. If a value matches any of these patterns, it is dropped. This is a defense-in-depth measure — even if a safe-sounding property name somehow contained a URL, the value would be caught and blocked.

These protections are applied to every analytics event. They are not configurable and cannot be bypassed.

Note on user profile data: Your name, email, and role are intentionally included in your analytics profile because you are an authenticated user of our product. This is standard for SaaS applications and allows us to provide support, understand usage by role, and match analytics with our other platforms. This profile data is set once at login and is not subject to the event property sanitization described above — it is sent deliberately.

How to opt out

Open the extension, go to Settings > Privacy & Analytics, and toggle off "Usage analytics." Analytics are disabled immediately — no further events are queued or sent, and any pending events are discarded. Your preference is stored locally and persists across sessions.

When analytics are disabled, the extension functions identically. No features are degraded or restricted.

Analytics infrastructure

• Processor: Mixpanel, Inc. — a third-party analytics service
• Data residency: European Union (EU data center)
• Transport: All analytics data is sent over HTTPS
• Batching: Events are batched locally and sent in groups (up to 50 events every 10 seconds) to minimize network requests
• No SDK: We do not use Mixpanel's browser SDK. We send data directly to Mixpanel's HTTP API, giving us full control over exactly what is transmitted

3. How We Use Your Data

3.1 Core Functionality

• Authenticate you with our tracker database API
• Detect privacy technologies on websites you visit
• Sync tracker signatures to your local browser
• Display detection results in the extension interface

3.2 Product Improvement (Analytics & Telemetry)

When analytics and telemetry are enabled, we use usage data to:

• Identify which features are most valuable to users
• Understand where users encounter friction or confusion
• Prioritize development and bug fixes
• Measure the impact of new features and improvements
• Provide role-based support when needed

We do not use analytics or telemetry data to:

• Build browsing profiles
• Target advertising
• Sell or share individual-level data with third parties
• Make decisions about individual user accounts

3.3 Research & Improvement

• Analyze submitted tracker signatures to identify new privacy technologies
• Improve detection accuracy based on user feedback
• Build comprehensive database of consent management platforms
• Contribute to privacy research and transparency

3.4 We DO NOT

• Sell your data to third parties
• Use your data for advertising
• Track your browsing history
• Share individual user data publicly
• Access your data without your explicit submission

4. Data Storage & Security

4.1 Local Storage (In Your Browser)

• Authentication tokens: Stored in Chrome's local storage
• Tracker signatures: Stored in IndexedDB for offline detection
• Settings & preferences: Stored in Chrome's local storage
• Analytics & telemetry preference: Stored in Chrome's local storage (default: enabled)
• Cache: Temporary detection results (cleared on page navigation)

4.2 Server Storage (Our API)

• Location: trackers.lucidprivacy.io (HTTPS only)
• Submissions: Stored in our PostgreSQL database
• Account data: Encrypted at rest
• Retention: Account data retained while account is active; submissions retained indefinitely for research

4.3 Telemetry Storage (Our Backend)

• Location: telemetry.lucidprivacy.io (our own infrastructure)
• Data stored: Only the anonymous event data described in Section 2.5 — no user identifiers
• Retention: Aggregate telemetry data is retained indefinitely; it contains no personal data

4.4 Analytics Storage (Mixpanel)

• Location: Mixpanel EU data center
• Data sent: Only the event data described in Section 2.6 — never browsing data
• Retention: Subject to Mixpanel's data retention policies; see Mixpanel's Privacy Policy
• Deletion: If you request account deletion, we will also request deletion of your analytics data from Mixpanel

4.5 Security Measures

• All API communication uses HTTPS encryption
• All analytics and telemetry data transmitted over HTTPS
• Authentication uses JWT tokens with expiration
• Passwords are hashed and never stored in plaintext
• No sensitive data logged to browser console in production
• Analytics property sanitization enforced at the code level
• Regular security audits of codebase

5. Data Sharing

5.1 Internal Use

Data is accessible only to authorized Lucid Privacy employees and contractors for:

• Maintaining the tracker database
• Providing technical support
• Conducting privacy research
• Analyzing product usage patterns (from analytics and telemetry data)

5.2 Third-Party Processors

Mixpanel, Inc. — We use Mixpanel to process authenticated usage analytics when enabled by the user (Section 2.6). Mixpanel receives only the event data described in that section. No browsing data, page content, tracker information, or website URLs are ever shared with Mixpanel.

Mixpanel processes this data in their EU data center. See Mixpanel's Privacy Policy for details on how they handle data.

Anonymous telemetry (Section 2.5) is sent directly to our own infrastructure and does not involve any third-party processor.

We do not otherwise share, sell, or rent your personal information to third parties.

5.3 Aggregated Data

We may publish aggregated, anonymized statistics (e.g., "50 new trackers discovered this month" or "scan usage grew 30% this quarter") without identifying individual users.

5.4 Legal Requirements

We may disclose data if required by law, subpoena, or to protect our legal rights.

6. Chrome Extension Permissions

Lucid Spotlight requests the following Chrome permissions:

Permission	Why We Need It
activeTab	To scan the current webpage for trackers
tabs	To get page URL and manage extension behavior per tab
storage	To store settings, signatures, and authentication tokens locally
scripting	To inject content scripts for DOM analysis
alarms	To periodically sync tracker signatures in the background
webRequest	To monitor network requests for tracker detection (opt-in feature)
cookies	To scan cookies for tracking patterns
sidePanel	To display results in Chrome's side panel
<all_urls>	To scan any website you visit for trackers (host permission)
https://trackers.lucidprivacy.io/*	To communicate with our tracker database API (host permission)

Note: The <all_urls> permission is necessary because trackers can appear on any website. We only scan pages when you explicitly open the extension on that page.

Analytics & telemetry note: Usage analytics and anonymous telemetry do not require any additional browser permissions. Data is sent using standard HTTPS requests and does not involve any page content, browsing data, or cross-site information.

7. Your Rights & Choices

7.1 Data Access

You can request a copy of your data by emailing hello@lucidprivacy.io. This includes any analytics data associated with your account. Anonymous telemetry data cannot be retrieved because it contains no user identifiers.

7.2 Data Deletion

• Account deletion: Email hello@lucidprivacy.io to request account deletion. We will also request deletion of your associated analytics data from Mixpanel.
• Local data deletion: Uninstall the extension or clear Chrome extension data
• Submission deletion: Contact us to request removal of specific submissions
• Analytics data deletion: Contact us and we will request deletion from Mixpanel
• Telemetry data: Anonymous telemetry cannot be attributed to you and therefore cannot be individually deleted

7.3 Opt-Out Options

• Usage analytics & telemetry: Can be disabled in extension settings (Settings > Privacy & Analytics). Takes effect immediately — no further data is sent and pending events are discarded.
• Unknown tracker scanning: Can be disabled in extension settings
• Network monitoring: Can be disabled in extension settings
• Submissions: Always voluntary; you choose what to submit

7.4 Data Portability

You can export your submissions by contacting hello@lucidprivacy.io.

8. Children's Privacy

Lucid Spotlight is not intended for children under 13. We do not knowingly collect data from children. If you believe a child has provided us with personal information, contact hello@lucidprivacy.io.

9. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted at this URL with an updated "Last Updated" date. Significant changes will be communicated via email or extension notification.

Version History:

• v1.3.1 (April 6, 2026): Added error reporting disclosure to Section 2.4, expanded anonymous telemetry disclosure with browser locale, detection counts, sanitized error messages, and installation UUID (Section 2.5)
• v1.3 (March 31, 2026): Added anonymous telemetry disclosure (Section 2.5), renumbered authenticated analytics to Section 2.6, corrected storage type from sync to local (Section 2.1, 4.1), added AI signature suggestions to voluntary submissions (Section 2.3), added telemetry storage section (Section 4.3), migrated privacy policy URL to spotlight.lucidprivacy.io/privacy
• v1.2 (March 3, 2026): Added detailed analytics disclosure with technical protection details, analytics storage section, updated data sharing details, analytics opt-out
• v1.0 (January 14, 2026): Initial policy

10. International Users

Lucid Spotlight is operated from the United States. Authenticated usage analytics data is processed in the European Union via Mixpanel's EU data center. Anonymous telemetry is processed on our own infrastructure. All other data processing occurs in the United States. By using the extension, you consent to the transfer and processing of your data as described in this policy.

11. Contact Us

For questions, concerns, or requests regarding this privacy policy:

• Email: hello@lucidprivacy.io
• Website: https://lucidprivacy.io

12. Compliance

This privacy policy complies with:

• Chrome Web Store Developer Program Policies
• General Data Protection Regulation (GDPR)
• California Consumer Privacy Act (CCPA) where applicable

Legal Basis for Processing (GDPR)

Processing Activity	Legal Basis
Authentication & account management	Contract — necessary to provide the service you signed up for
Page scanning & tracker detection	Contract — core functionality of the extension
Voluntary submissions (selectors, signatures, feedback)	Consent — you choose when and what to submit
Anonymous telemetry	Legitimate interest — understanding aggregate product usage with minimal data (no PII, no browsing data, easy opt-out in Settings > Privacy & Analytics)
Authenticated usage analytics	Legitimate interest — understanding product usage to improve the service, balanced against privacy protections (data minimization, no browsing data, easy opt-out in Settings > Privacy & Analytics)
Error logging & sync status	Legitimate interest — necessary to maintain and debug the service, balanced against minimal data involved

By installing and using Lucid Spotlight, you acknowledge that you have read and understood this privacy policy.