Last updated: June 12, 2026
This Privacy Policy explains how ChatMango browser extension ("we," "our," or "the extension") collects, uses, stores, and protects your information when you use our service.
When you create an account, we collect your email address and a password (stored securely via Supabase Auth). Your email is used for login, account management, and is also sent to Google Analytics for usage tracking.
With your permission, we access your Facebook Pages you manage, including page ID, name, profile picture, and page access tokens. We also access conversation metadata (recipient IDs, names, profile pictures, thread IDs, timestamps) to enable broadcast messaging. Message content and file attachments you send through broadcasts are stored as campaign history.
With your permission, we access your Instagram profile (user ID, username, full name, profile picture, follower count). We also access follower lists, post likers, post commenters, and inbox thread metadata for targeting and sending broadcasts. Instagram session tokens are extracted client-side and used only in your browser to communicate with Instagram's internal API — they are never sent to our servers.
We store recipient information (user IDs, usernames, display names, profile picture URLs, thread metadata) both locally in your browser and on our servers (Supabase) to enable broadcast targeting and deduplication.
We use Google Analytics 4 and Sentry. GA4 receives your Supabase user ID and email with each event. Sentry receives your user ID, email, user role, error details, and full session replays (page content is not masked). This helps us improve the product and fix bugs.
We store recipient caches, broadcast state, authentication cache, and tooltips state locally in your browser's chrome.storage.local and localStorage. These caches expire automatically (typically after 1 hour).
We use the collected information solely to provide and improve the broadcast service:
Your data (profile, tokens, broadcast history, recipient lists, page connections) is stored in Supabase, our database provider. Supabase acts as our data processor.
We send your Supabase user ID and email to Google Analytics for usage analysis. You can opt out via the extension settings.
We send error reports and session replays to Sentry for debugging. This includes your user ID, email, and page content. You can opt out via the extension settings.
The extension communicates directly with Facebook's and Instagram's APIs from your browser using your existing session. No third party accesses your social media accounts.
We do not sell, rent, or trade your personal information to any third party. Your data is used exclusively for the extension's functionality.
We retain your data for as long as your account is active. Broadcast campaign history and recipient logs are retained permanently for your campaign records. Local browser caches expire automatically. You can request deletion of your data by contacting us.
We use industry-standard security measures: all data transmitted between the extension and our servers is encrypted via HTTPS. Passwords are securely hashed and stored by Supabase Auth. Access tokens are encrypted at rest in our database.
This extension only requests the permissions necessary for its core functionality. We do not collect data from unrelated websites. We do not inject ads. We do not modify web pages beyond the declared content script matches. All data collection is disclosed in this policy and in the Chrome Web Store listing.
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page. Your continued use of the extension after changes constitutes acceptance.
If you have questions about this Privacy Policy or your data, contact us at: