Last updated: May 24, 2026

Privacy Policy

This Privacy Policy applies to the Slaze browser extension (Chrome, Firefox), the Slaze API, and the Slaze marketing website and user dashboard.

At Slaze, our mission is to provide community-powered content quality ratings to clear the cloud and help you focus on what matters. We are committed to a “Privacy First” approach: no third-party ad tracking, no sale of personal data, and no use of your browsing activity for advertising, resale, or unrelated profiling. This policy outlines exactly what data we collect, how it fuels our verdict engine, and how we keep it secure.

1.Information We Collect

To provide our community rating service, we collect data in two primary tiers: anonymous usage and authenticated usage.

A. Automatically Collected Information (Anonymous Tier)

When you install the Slaze extension without signing in, we collect the following to allow baseline API access:

  • Anonymous Device Tokens: We generate a unique, 64-character anonymous device token locally on your machine. This proves you have a genuine extension install and allows you to view ratings.
  • IP Addresses & Network Data:We collect your IP address strictly for security and rate-limiting (e.g., limiting token creation to 3 per IP per day). We process IP addresses via Cloudflare’s CF-Connecting-IP header. Our in-memory rate limiter automatically clears inactive IP addresses after 5 minutes.
  • System Logs: Our servers generate structured JSON logs that record the request ID, HTTP method, path, status, duration, IP address, and errors to monitor API health.

B. Information You Provide (Authenticated Tier)

To cast votes and increase your usage quotas, you must link your device to a user identity.

  • Account Information: We use Clerk to handle authentication. When you sign in, we receive and store your Clerk User ID, email address, first name, last name, and avatar URL.
  • Payment Information: If you purchase a Boost or Pass, payments are processed by Razorpay. We do not store your credit card details; we only store the Razorpay payment ID, order ID, and subscription status to manage your quota.

C. Voting & Reputation Data

When you use the Slaze extension to rate a post on Reddit or X (Twitter), we collect data to power our deterministic Bayesian verdict engine:

  • Vote Payload: We collect the platform, the post ID, the categories you selected (e.g., Genuine, AI Slop, Bait), and the context of your vote (whether you voted from a feed or the detailed post page).
  • Dwell Time: We measure the milliseconds between opening the vote menu and submitting your vote. This helps us filter out rushed or bot-like voting behavior.
  • Post Metadata: We capture the upvote bucket and post-age bucket of the content you are rating. We do not collect the body text, images, or personal information of the post author.
  • User Reputation:To ensure the integrity of the ratings, we maintain a reputation ledger for your account. This tracks your total votes, an “agreement ratio” (how often your vote aligns with the community consensus), your edit flutter (how often you change your vote), and a “monoculture score” (if you disproportionately vote on negative categories).

2.Permissions & Site Access

To provide its core rating and badge-rendering features, the Slaze extension requests access to the following sites and browser capabilities. This access is used exclusively for the stated purposes below and is never used for advertising, resale, cross-site tracking, or unrelated profiling.

Supported Sites

The extension runs content scripts on reddit.com, x.com, and twitter.com. On these pages, Slaze may:

  • Render community verdict badges next to posts so you can see quality ratings at a glance.
  • Inject the voting interface so you can submit your own ratings for posts you encounter.
  • Read the post ID and basic metadata(upvote count bucket, post age bucket) from the page’s DOM to identify which content you are rating. We do not scrape your feed, read your private messages, or collect browsing history beyond the specific posts you choose to rate.

Browser Permissions

  • storage:Used to save your anonymous device token, usage quotas, and extension preferences locally in your browser’s sandboxed storage. This data never leaves your device except as described in Section 1.
  • identity:Used solely to launch the authentication flow when you choose to sign in via the extension. This opens a secure browser window to our sign-in page; we do not access your browser’s logged-in accounts on other services.
  • Host permissions (api.slaze.it): Required to send vote data to our API and fetch community verdicts. All requests are cryptographically signed (see Section 5).

Single-purpose disclosure:The extension’s sole purpose is to provide community-powered content quality ratings. Every permission we request and every site we access supports only that purpose. We do not use any granted access for advertising, user profiling, data brokerage, or any unrelated functionality.

3.How We Use Your Information

We use the data we collect exclusively to operate, secure, and improve the Slaze platform:

  • Computing Verdicts:Your voting data, dwell time, and reputation score are fed into our TW-DCS-RGB verdict engine to assign a “trust weight” to your vote and generate community consensus labels.
  • Preventing Abuse:We use IP rate limits, HMAC-SHA256 request signing, and velocity tracking (detecting if you cast >5 votes in 60 seconds) to prevent botnets, scraping, and coordinated voting brigades.
  • Managing Quotas: We track your daily checks and monthly votes to enforce the limits of your free or paid plan.
  • Remote Configuration: When Reddit or X update their website layouts, we may send declarative configuration updates (CSS selectors and UI placement rules) to your extension so it continues rendering badges and voting UI correctly. These updates are static JSON payloads only — they contain no executable code, are served over HTTPS, and are verified before application. No remote code is ever executed in your browser.

4.How We Share Your Information

Slaze does not sell your personal data. We only share data with essential third-party service providers required to run our infrastructure:

  • Clerk: Used for identity verification, login UI, and session JWTs. Clerk processes your sign-in methods (like Google OAuth or email OTP).
  • Razorpay: Used for securely processing one-time top-ups and recurring subscription payments.
  • Cloudflare: Used as our Content Delivery Network (CDN) and Web Application Firewall (WAF) to cache ratings at the edge and protect our servers.
  • Vercel: Hosts our marketing website and provides basic, aggregated website analytics (Vercel Analytics and Speed Insights).
  • GitHub API: We fetch data from GitHub strictly to display repository star counts on our website.

Note: Individual votes are aggregated into public post verdicts. While the public can query the final verdict of a post via our API, your individual voting history is kept private and linked only to your hashed token.

5.Data Security and Storage

We prioritize security through technical design:

  • Cryptographic Hashing: We never store your device tokens in plaintext. They are hashed using SHA-256 before being saved to our PostgreSQL database. If our database were compromised, attackers would only see unusable hashes.
  • Request Signing: All API requests from the extension are cryptographically signed using HMAC-SHA256 and include a 5-minute timestamp window to protect against replay attacks and credential theft.
  • Local Storage:Your device token and usage quotas are safely stored locally on your device in your browser’s sandboxed chrome.storage.local.
  • Zero-JSON Wire Protocol: To maximize speed and minimize interception risks, voting data is transmitted via a highly compact binary and URL-path protocol rather than bloated JSON payloads.

6.Data Retention

We retain different categories of data for different periods, based on operational necessity and security requirements:

  • IP Addresses (in-memory rate limiter): Automatically cleared after 5 minutes of inactivity. Not written to disk.
  • Server Request Logs: Retained for up to 30 days in structured JSON format for debugging and abuse investigation, then permanently deleted.
  • Anonymous Device Token Hashes: Retained for as long as the token remains active. If a token shows no activity for 12 consecutive months, it is considered abandoned and its hash and associated usage counters are permanently deleted.
  • Account Information (Clerk User ID, email, name, avatar): Retained for the lifetime of your account. If you unlink your account (sign out via the extension), the link between your token hash and Clerk identity is removed immediately. Full account deletion requests are processed within 30 days.
  • Vote History & Reputation Data: Retained for the lifetime of your account to maintain the integrity of the reputation ledger and verdict engine. Individual votes are pseudonymized (linked only to a token hash, not to your email or name).
  • Payment Records: Razorpay payment IDs, order IDs, and subscription status are retained for the duration required by applicable tax and accounting regulations (typically 7 years). Credit card numbers are never stored by Slaze.

Requesting deletion: You can request deletion of your account and associated data by emailing privacy@slaze.it.com. We will process your request within 30 days. Uninstalling the extension immediately deletes your local device token and cached data from your machine.

7.Your Choices and Account Management

  • Browsing Anonymously: You can use the extension without creating an account to view community badges (up to 50 checks per day) without linking any personal identity.
  • Unlinking & Sign-Out:When you sign out via the extension, we “unlink” your account. This removes your clerk_user_id from your active token and downgrades it to anonymous status. Note: For security and quota-abuse prevention, we preserve your anonymous token hash and its usage counters (daily/monthly limits) even after you sign out. See Section 6 for full retention details.
  • Data Deletion: Uninstalling the Slaze browser extension immediately deletes your anonymous device token and cached data from your local machine. To request deletion of server-side account data, contact privacy@slaze.it.com.

8.Contact Us

If you have questions about this Privacy Policy or how Slaze handles your data, you can reach us through any of the following channels:

Disclaimer: This privacy policy is constructed directly from the technical and architectural documentation of the Slaze system. While it accurately reflects the data handling, security practices, and third-party integrations, standard legal boilerplate (such as specific GDPR, CCPA, or COPPA clauses) is not included. You should have legal counsel review and append standard compliance clauses before commercial deployment.