Privacy Policy
What We Collect
When you use ErrorDecoder, we collect:
- Email address — Required to create your account and manage your subscription
- Error text you decode — The error message or stack trace you send for AI analysis, including a preview stored in your decode history
- Usage data — How many decodes you've used today, for rate limiting and billing
- Payment information — Processed by Stripe. We do not store or have direct access to your card details. Stripe receives your email and internal user ID as metadata.
Automatic Browser-Side Monitoring
When installed, the extension automatically monitors the following on pages you visit. This data is stored locally in your browser's session storage and is never sent to our servers unless you explicitly click "Decode":
- Console errors and warnings — Intercepted via the browser console
- Network failures — HTTP 4xx, 5xx, CORS errors, and connection failures (URL and status code only — request/response bodies are never read)
- Page URL and domain — Where the error occurred, used for context
Tech stack detection: The extension detects frameworks and libraries by checking for known DOM markers, script URLs, and page globals. This happens entirely in your browser and may include reading existing page cookies solely for framework detection (e.g., Laravel session detection). No tracking cookies are set.
Element inspection: When you use the inspector, the selected element's HTML tag, attributes, computed styles, and CSS rules are captured. If you ask the AI about the element, this data is sent to our API.
Source map resolution: When decoding errors with stack traces, the extension resolves minified filenames to original source files using source maps. Resolved file names and surrounding source code lines may be included in the data sent to our API for AI analysis.
What We Don't Collect
ErrorDecoder does not collect:
- Your browsing history (pages are only referenced when errors occur on them)
- Page content beyond error messages, element inspection data, and tech detection markers described above
- Cookies for tracking or advertising (we currently use no third-party trackers or analytics)
- Device identifiers or user fingerprinting data
How We Use Your Data
Error text analysis: When you decode an error, we send it to Claude AI (Anthropic) for analysis to generate the explanation. Decode history is saved to your account so you can review past decodes. Response caching for common errors may occur without personal identifiers to provide faster responses.
Email: Used for account management, password resets, product updates, and occasional marketing communications about ErrorDecoder. You can unsubscribe from marketing emails at any time. We will never sell your email to third parties.
Usage data: Aggregated to understand how the product is used and to detect abuse.
We do not sell your data to anyone.
Third-Party Services
ErrorDecoder uses these third-party services. Their privacy policies apply to data processed by them:
- Supabase — Authentication and database hosting. Privacy policy
- Anthropic — AI processing (Claude). Privacy policy
- Stripe — Payment processing. Privacy policy
- Vercel — Web hosting. Privacy policy
Legal Basis for Processing (GDPR)
We process your data based on: (a) Contractual necessity — to provide the ErrorDecoder service you signed up for; (b) Legitimate interest — for abuse prevention, rate limiting, and service improvement; (c) Consent — for marketing communications, which you may withdraw at any time by unsubscribing.
Where Your Data Is Stored
Account data is stored in Supabase (AWS US regions). API processing occurs on Vercel (US). AI processing is performed by Anthropic (US). Payment processing is handled by Stripe (US). For EU users, this constitutes a transfer of data outside the EEA.
Data Retention
- Account data: Kept until you delete your account. You can delete your account anytime in Settings → Delete Account.
- Decode history: Retained until you delete your account.
- Cached responses: Common error responses are cached to improve speed. These caches contain no personal information.
- Payment records: Retained as required by law (typically 7 years for accounting/tax purposes)
Your Privacy Rights
- Delete your account: Go to Settings → Delete Account. Your data will be removed from our active systems. Payment records retained by Stripe and backups may persist as required by law.
- Export your data: Email patrick@errordecoder.dev to request a download of your data in a machine-readable format.
- GDPR (EU users): You have the right to access, rectify, or request erasure of your data. Email us to exercise these rights. We will respond within 30 days.
- CCPA (California residents): Categories of personal information collected: identifiers (email), commercial information (subscription status), internet activity (error text submitted for decoding, usage counts). We do not sell your personal information as defined by the CCPA. You may request deletion or a copy of your data by emailing us.
Chrome Extension Permissions
ErrorDecoder requests the following browser permissions and uses them only as described:
- webRequest + host_permissions (<all_urls>) — Used to detect failed network requests (4xx, 5xx, CORS errors) on the current page. We monitor HTTP status codes only — we do not read request bodies, headers, cookies, or response content.
- storage — Stores your API key, user preferences, and captured errors locally in your browser. This data stays on your device.
- activeTab — Used to inject the debugging sidebar into the current page when you activate the extension.
- contextMenus — Adds the "Decode this error" option to your right-click menu.
Security
All data transmitted between the extension and our servers uses HTTPS encryption. Passwords are hashed by Supabase before storage (bcrypt). API keys are randomly generated 32-byte hex strings. We never transmit data over unencrypted connections.
If you suspect a security issue, please email patrick@errordecoder.dev immediately.
Changes to This Policy
We may update this privacy policy occasionally. If we make material changes, we'll notify you via email. Continued use of ErrorDecoder means you accept the updated policy.
Contact
Questions about your privacy or this policy? Email us at patrick@errordecoder.dev