/ Privacy Policy

Privacy

Privacy Policy

Version 2.0 · Effective June 19, 2026

1. Who we are

Cart Freeze is a Chrome browser extension developed and operated by:

Camilo Castillo Suescun
Cl. 89 #29 86, Pereira, Risaralda 660008, Colombia
Email: proyectoscolsas@gmail.com

The developer is committed to complying with applicable data protection regulations, including the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and Colombia's data protection law (Ley Estatutaria 1581 de 2012 and Decree 1377 de 2013).

2. What this policy covers

This policy describes how Cart Freeze handles information when you install and use the extension. It covers:

3. Data that stays on your device (never transmitted)

Cart Freeze must access certain information to function. This data never leaves your browser and is stored only in your local browser storage:

DataWhy it is accessedWhere it is stored
Current page URLDetect checkout and cart pagesNot stored; read in memory only
Website domain of visited shopping sitesTrack which sites you have paused on in a sessionchrome.storage.local (your device only)
Button and form interactionsIntercept purchase actions to show the pause modalNot stored; handled in memory only
Your extension settingsApply your preferences (frequency, wait time, steps, etc.)chrome.storage.sync (your Google account, encrypted)
Pause counts and outcomes per siteShow your personal stats in the popupchrome.storage.local (your device only)
First install dateCalculate days since install for the stats displaychrome.storage.local (your device only)
You can delete all local data at any time using the "Reset Stats" button in the extension settings, or by uninstalling the extension.

4. Optional anonymous analytics (opt-in only)

Analytics are disabled by default. You must explicitly enable them by toggling "Help improve Cart Freeze" in the extension settings. You can turn them off at any time.

When enabled, Cart Freeze sends the following anonymous data after each purchase interception:

FieldWhat it containsWhat it does NOT contain
Event typeinterception, purchase_allowed, purchase_stoppedWhat you were buying
Domainamazon.com (normalized, no subdomains)Full URL, page title, or page content
Button categorybuy_now, checkout, express, or add_to_cartThe element label or page context
Detection methodWhether the pause was triggered by a button click or checkout page URLYour navigation path
Reflection choiceOption selected in the reflection step (need, wait, think), if shownAny free-text input
Settings snapshotNumber of steps, wait duration, frequency mode, whether you use a custom message (yes/no)The content of your custom message
Extension versione.g., 1.1.12Nothing else about your software
Browser languagee.g., en, esYour country, region, or IP address
Tracking protection stateWhether Tracking Protection was on or offWhich sites you visited
Rotating install IDA random 32-character hex string that rotates every 30 daysYour identity, device ID, or any persistent identifier
Rounded timestampThe event hour only (e.g., 2026-06-19T14:00:00Z)The minute or second of the event

What we never collect or store

5. How we use analytics data

Analytics data is used exclusively to improve the Cart Freeze extension:

We do not:

6. Legal basis for processing (GDPR)

If you are in the European Economic Area (EEA), we process data under the following legal bases:

Processing activityLegal basis
Accessing page URLs in memory to detect checkout pagesArt. 6(1)(b) GDPR - necessary to perform the service you requested
Storing stats and settings locally on your deviceArt. 6(1)(b) GDPR - necessary to perform the service you requested
Sending anonymous analytics eventsArt. 6(1)(a) GDPR - your explicit consent via the opt-in toggle

You may withdraw consent for analytics at any time by toggling off the analytics setting. Withdrawal does not affect the lawfulness of processing before the withdrawal.

7. Third-party service providers

When analytics is enabled, event data is stored in a database hosted by:

Supabase, Inc.
970 Toa Payoh North, #07-04, Singapore 318992
Privacy: supabase.com/privacy

Supabase acts as a data processor on our behalf. They process data only according to our instructions and under a Data Processing Agreement compliant with GDPR. No other third-party services receive your data. The extension does not use advertising SDKs, social login, or third-party analytics platforms.

8. International data transfers

Our analytics server and database are operated outside your country of residence. If you are in the EEA, transfers to non-EEA countries are made using appropriate safeguards:

If you would like a copy of the applicable safeguards, contact us at proyectoscolsas@gmail.com.

9. Data retention

DataRetention period
Local stats and settingsUntil you reset them in the extension or uninstall
Analytics eventsRetained indefinitely in aggregate. The rotating install ID means events older than 30 days cannot be linked to more recent events, even by us.

We do not retain any data that would allow us to identify an individual user across sessions.

10. Your rights

GDPR rights (EEA residents)

CCPA rights (California residents)

Colombian rights (Ley 1581 de 2012)

Colombian residents have the right to know, update, rectify, and request deletion of their personal data. Contact us at proyectoscolsas@gmail.com to exercise these rights.

11. How to exercise your rights

Email: proyectoscolsas@gmail.com

We will respond within 30 days. For verified GDPR erasure requests, we will delete all data we can identify and confirm in writing.

12. Tracking Protection feature

Cart Freeze includes an optional Tracking Protection feature that blocks third-party tracking scripts (Facebook Pixel, Google Ads, TikTok Pixel, etc.) from loading on shopping sites. This feature:

13. Chrome Web Store data disclosure

Cart Freeze has disclosed the following to the Chrome Web Store:

Web history - Cart Freeze reads the current page URL in memory to detect checkout or cart pages. URLs are not stored, transmitted, or logged.

User activity - Cart Freeze intercepts button clicks and form submissions to show the pause modal. These interactions are not stored or transmitted; only anonymized aggregate outcomes are included in optional analytics.

We certify that your data is not sold to third parties, not used for purposes unrelated to Cart Freeze's core functionality, and not used to determine creditworthiness or for lending purposes.

14. Children's privacy

Cart Freeze is not directed at children under 13 (or under 16 in the EEA). We do not knowingly collect data from children. If you believe a child has enabled analytics and you are their guardian, contact proyectoscolsas@gmail.com and we will delete any identifiable data.

15. Security

We implement reasonable technical and organizational measures to protect analytics data, including:

16. Changes to this policy

We will post updates to this document if we change what data is collected or how it is used. For material changes (new data types, new purposes, or new third-party sharing), we will:

  1. Update the "Effective date" at the top of this document
  2. Increment the version number
  3. Require the analytics opt-in toggle to be re-enabled by the user

Non-material changes (corrections, clarifications, new contact details) may be made without re-consent.

17. Contact

Data controller:
Camilo Castillo Suescun
Cl. 89 #29 86, Pereira, Risaralda 660008, Colombia
Email: proyectoscolsas@gmail.com

For GDPR inquiries from EEA residents, we aim to respond within 30 days and, where required, within the 1-month deadline imposed by Art. 12 GDPR.