Privacy Policy

This Privacy Policy explains how Webmend collects, uses, stores, and shares information when you use the Webmend Chrome extension and the Webmend web application at webmend.app (collectively, the "Service").

By using the Service, you agree to the practices described in this policy. If you do not agree, please discontinue use of the Service.

2.1 Information You Provide

Email address (optional). If you choose to create an account to earn karma points or access account features, you may provide your email address. This is entirely optional — you can use the core reporting functionality without providing any personal information. Email addresses are stored in our database and displayed in an obfuscated format (e.g., j***@example.com) on webmend.app.

2.2 Information Collected Through the Extension

When you submit a report using the Webmend Chrome extension, we collect:

• Report content — the text description of the issue you submit
• Page URL — the URL of the web page where the issue was identified
• Screenshots and annotations — any screenshots or markup you attach to a report
• Browser and viewport information — your browser type, version, and screen/viewport dimensions, to help site owners reproduce issues

2.3 Information Collected Automatically

When you use the Service, our infrastructure may automatically log standard server information such as IP addresses, request timestamps, and HTTP response codes. This is standard operational data used for security, debugging, and abuse prevention.

The Chrome extension uses PostHog (posthog.com) to collect anonymous product telemetry — such as the number of screenshots taken. This data contains no personal information and cannot be used to identify you. All automatic tracking features (session recording, heatmaps, autocapture) are disabled. Telemetry data is processed in the European Union. You can learn more in PostHog's Privacy Policy.

2.4 Authentication Data

Authentication is handled in-house using better-auth. We store your email address and, where you sign in with a password, a salted cryptographic hash of that password — never the password itself in plaintext. Strictly necessary cookies and tokens are set to manage your session.

2.5 Payment Data

Payments are processed by Freemius (freemius.com). We do not collect or store your payment card details — all billing information is handled entirely by Freemius. For more information, see Freemius' Privacy Policy.

We use the information we collect to:

• Operate, maintain, and improve the Service
• Display submitted reports to website owners and to the public
• Attribute reports to contributors and calculate karma points (if you provide an email address)
• Send transactional emails — such as notifications report submissions, account confirmations, and password resets
• Send product updates and announcements, only if you have opted in to marketing communications
• Investigate abuse, enforce our Terms of Service, and maintain security
• Comply with applicable legal obligations

We do not use your data for advertising, profiling, or sell it to any third party.

Reports submitted through the Service may be public or private depending on the plan of the website owner:

• Free plan: Reports may be visible to the public on webmend.app
• Paid plan: Reports can be hidden by the website owner

When submitting a report, you should assume that your report content and the associated page URL may be publicly visible unless you have confirmed the site owner has a paid plan with private reports enabled.

Your data is stored in Convex (convex.dev), a secure cloud database. All data is encrypted in transit using TLS. We take reasonable technical and organizational measures to protect your information against unauthorized access, alteration, or destruction.

We retain your personal data for as long as your account remains active or as needed to provide the Service. If you delete your account, we will delete or anonymize your personal data within a reasonable timeframe, except where we are required to retain it for legal or security purposes.

You may request deletion of your data at any time by contacting us at contact@webmend.app.

We use the following third-party services that may process your data:

We do not share your data with any other third parties except as required by law.

The Service uses only strictly necessary cookies to manage your authentication session. These cookies are set by our own better-auth session management and are essential for the login and logout functionality to operate. They are not used for tracking or advertising purposes. Because these cookies are strictly necessary, no consent is required for them under applicable law. PostHog uses localStorage (not cookies) in the Chrome extension to persist anonymous telemetry state.

Depending on your location, you may have the following rights regarding your personal data:

For users in the European Union / EEA (GDPR):

• Right to access the personal data we hold about you
• Right to rectify inaccurate or incomplete data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent at any time (where processing is based on consent)

For users in the United Kingdom:

The UK GDPR applies equivalent rights as above.

For users in other jurisdictions:

We aim to respect your privacy rights regardless of location. Contact us at contact@webmend.app to make any data-related request.

To exercise any of these rights, email us at contact@webmend.app. We will respond within 30 days.

If you are located in the EU/EEA, we process your personal data under the following legal bases:

• Consent — for optional email collection, karma features, and marketing communications
• Contractual necessity — to provide the Service you have signed up for
• Legitimate interests — for security, abuse prevention, and service improvement, where these are not overridden by your interests or rights

If you have opted in to marketing emails, you may unsubscribe at any time by clicking the unsubscribe link in any marketing email we send, or by contacting us at contact@webmend.app. We will remove you from marketing lists promptly.

Opting out of marketing emails will not affect transactional communications related to your account or reports.

The Service is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected such data, please contact us at contact@webmend.app and we will delete it promptly.

We may update this Privacy Policy from time to time. When we make material changes, we will update the effective date at the top of this page and, where appropriate, notify you by email or via the Service. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

The use of information received from Google APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements.

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

Email: contact@webmend.app
Website: https://webmend.app