Privacy Policy

Effective 2026-05-13

Operator

Kooroo is operated by Britt Givens, doing business as Axle Operations Systems, a sole proprietorship registered in British Columbia, Canada (BC registration no. FM1098996). In this policy, “we,” “us,” and “our” refer to that operator. Contact: brittgivens321@gmail.com.

Plain-English summary

• Your card list lives on your device. We never see it long-term.
• We do not collect your name, email, address, or payment info.
• We never see, store, or transmit credit card numbers, CVVs, or expiration dates. The extension cannot read them.
• To return a recommendation we send the current page URL, title, a short text snippet, and your card list to our server, which forwards them to a third-party LLM provider.
• That data is processed in-memory to produce a single response and is not persisted or used for training.

What we collect

Kooroo is a browser extension that recommends which credit card from your wallet to use for a purchase. To do that it processes the following data:

• Locally on your device (never leaves your browser unless you trigger a recommendation):
  • The list of credit cards you have added to the extension (by name only — never card numbers).
  • Your preferences (e.g. overlay on/off).
  • A list of domains where you have dismissed the overlay.
• Sent to our backend when you request a recommendation:
  • The URL and title of the current tab.
  • A short snippet (≤ 2 KB) of visible text from the page.
  • Your card list (by catalog ID).
  • Your IP address, transiently, as part of any HTTPS request.

What we do NOT collect

• Your name, email, address, phone number, or any other personally identifying information.
• Credit card numbers, CVVs, expiration dates, or any payment credentials.
• Form-field values, passwords, or any text you type into the page.
• Browsing history beyond the single tab you triggered a recommendation on.
• Behavioral analytics, ad identifiers, fingerprints, or cross-site tracking signals.

How your data is used

The data sent to our backend is used solely to produce a single card recommendation. We forward it to a third-party large-language-model provider (currently one or more of Groq, Google Gemini, or Anthropic, depending on configuration) which processes it transiently to generate the response.

We do not sell your data. We do not share it with advertisers. We do not use it to build user profiles. We do not use it to train any model.

Retention

The recommendation backend does not persist request bodies. We may keep request-level operational logs (timestamp, response time, error status) for up to 30 days for reliability and abuse prevention. These logs do not contain page content or card lists.

Aggregated, anonymized merchant-category mappings may be cached server-side for up to 30 days to reduce LLM costs and latency. These caches are not linked to any user.

Your controls

• Open the extension options to view, add, or remove cards at any time.
• Uninstall the extension to delete all locally stored data immediately.
• Toggle off the in-page overlay in the options page.
• Email us (see below) to request deletion of any operational logs that could possibly relate to you.

Third parties

• Vercel hosts the backend. Their privacy policy: https://vercel.com/legal/privacy-policy
• LLM providers (one of Groq, Google, Anthropic depending on routing) process the recommendation prompt. Their respective policies apply to that hop. None of them receive any persistent identifier from us.

Children

Kooroo is not directed at children under 13 and we do not knowingly collect data from them.

Changes

We may update this policy. Material changes will be reflected by a new effective date at the top of this page. If we add new categories of data collection, we will surface that in the extension itself.

Contact

Questions or deletion requests: brittgivens321@gmail.com