Privacy Policy — WizLayer

WizLayer ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our browser extension and web service (collectively, the "Service"). The Service is currently provided completely free of charge.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

Email address
Password (stored securely using industry-standard hashing)
Account creation and last login timestamps

1.2 Extension Usage Data

When you use the browser extension, we collect:

Extension Tokens: Authentication tokens you generate to connect the extension to your account (stored as hashed values for security)
Field Mappings: Domain names and field selectors (CSS selectors, XPath, or element attributes) for CMS fields you map on websites
Generation History: Records of content generation requests, including topic, tone, length, language preferences, and timestamp
Generated Content: The AI-generated text content created through our Service

1.3 Technical Information

We automatically collect certain technical information:

Browser type and version
Operating system
Extension version
API request logs (for debugging and security purposes)
Error logs and crash reports

1.4 Information We Do NOT Collect

We explicitly do NOT collect:

The actual content you type or edit on third-party websites
Complete webpage content from sites you visit
Browsing history beyond domain names where you save field mappings
Personal information from forms you fill on third-party websites
Cookies from third-party websites
Login credentials for third-party websites

2. How We Use Your Information

We use the collected information for the following purposes:

Service Provision: To provide, maintain, and improve the WizLayer Service
Authentication: To verify your identity and secure your account
AI Content Generation: To process your requests and generate content using AI models
Field Mapping Storage: To save and retrieve your custom field mappings across browsing sessions
Service Optimization: To analyze usage patterns and improve our Service
Security: To detect, prevent, and address technical issues, fraud, and security threats
Communication: To send you service-related announcements and respond to your inquiries
Legal Compliance: To comply with applicable laws and regulations

3. Browser Extension Permissions

Our browser extension requires the following permissions. Here's why we need each one:

storage

Stores your extension token and field mappings locally in your browser for quick access.

activeTab

Accesses the current tab to detect CMS fields and fill content when you click the extension icon.

sidePanel

Opens the extension interface in Chrome's side panel for better user experience.

tabs

Allows the extension to work across multiple tabs and detect when you navigate to different pages.

scripting

Injects content scripts to interact with webpage elements for field detection and content filling.

alarms

Schedules periodic tasks like token refresh and cache cleanup.

Host Permissions (<all_urls>)

Allows the extension to work on any website, as we support CMS and content management systems across all domains. This permission does NOT mean we track your browsing or collect data from all websites—it only enables functionality when you actively use the extension.

4. Third-Party Services

4.1 OpenAI API

When you use the AI content generation feature, your content prompts (topic, tone, length, language) are sent to OpenAI's API to generate text. This processing happens on our secure servers—your API keys or prompts are never exposed to the browser extension. OpenAI's use of data is governed by their Privacy Policy. We use OpenAI's API in a way that opts out of using your data for model training.

4.2 Supabase

We use Supabase for authentication services and database hosting. Supabase processes your email and account information according to their Privacy Policy. All data is stored in secure, encrypted databases.

4.3 No Third-Party Analytics or Advertising

We do NOT use third-party analytics services (like Google Analytics) or advertising networks. We do not share your data with advertisers or data brokers.

5. Data Sharing and Disclosure

We do NOT sell, rent, or trade your personal information. We may share your information only in the following limited circumstances:

Service Providers: With trusted third-party service providers (like OpenAI and Supabase) who assist in operating our Service, under strict confidentiality agreements
Legal Requirements: When required by law, court order, or government regulation
Safety and Security: To protect the rights, property, or safety of WizLayer, our users, or the public
Business Transfers: In connection with a merger, acquisition, or sale of assets (you will be notified via email)
With Your Consent: When you explicitly authorize us to share specific information

6. Data Security

We implement industry-standard security measures to protect your data:

All data transmissions are encrypted using HTTPS/TLS
Passwords are hashed using bcrypt before storage
Extension tokens are hashed using SHA-256 before database storage
API endpoints implement rate limiting to prevent abuse
Input validation on all user-submitted data
Regular security audits and updates
Restricted database access with role-based permissions
Shadow DOM isolation for extension UI to prevent CSS conflicts and XSS attacks

However, no method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy:

Account Data: Retained until you delete your account
Field Mappings: Retained until you manually delete them or delete your account
Generation History: Retained for 90 days, then automatically deleted
API Logs: Retained for 30 days for debugging and security purposes
Deleted Accounts: Permanently removed within 30 days of deletion request

8. Your Rights and Choices

You have the following rights regarding your data:

Access: Request a copy of the personal data we hold about you
Correction: Update or correct inaccurate information in your account settings
Deletion: Delete your account and associated data at any time from the dashboard
Export: Export your field mappings and generation history
Opt-Out: Stop using the Service at any time by uninstalling the extension and deleting your account
Object: Object to processing of your data for specific purposes

To exercise these rights, contact us at privacy@wizlayer.ink or manage your data directly through your account dashboard.

9. Children's Privacy

WizLayer is not intended for use by individuals under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately at privacy@wizlayer.ink, and we will delete it promptly.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws different from your jurisdiction. By using our Service, you consent to the transfer of your information to our facilities and service providers' facilities globally. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of significant changes by:

Posting the updated Privacy Policy on this page with a new "Last Updated" date
Sending an email notification to your registered email address
Displaying a notice in the extension or web dashboard

Your continued use of the Service after such changes constitutes acceptance of the updated Privacy Policy. We encourage you to review this page periodically.

12. GDPR Compliance (European Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

Right to data portability
Right to restriction of processing
Right to object to automated decision-making
Right to lodge a complaint with a supervisory authority

Legal basis for processing:

Contract Performance: Processing necessary to provide the Service you requested
Consent: You have given explicit consent for specific processing activities
Legitimate Interests: Processing necessary for our legitimate interests (security, fraud prevention, service improvement) that do not override your rights

13. CCPA Compliance (California Users)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to know what personal information we collect, use, disclose, and sell
Right to request deletion of your personal information
Right to opt-out of the sale of personal information (note: we do NOT sell your data)
Right to non-discrimination for exercising your CCPA rights

To exercise these rights, contact us at privacy@wizlayer.ink.

14. Do Not Track Signals

Our Service does not track users over time and across third-party websites. We do not respond to "Do Not Track" (DNT) browser signals because we do not engage in the tracking that DNT is designed to prevent.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@wizlayer.ink

Support: support@wizlayer.ink

Website: https://wizlayer.ink

We will respond to your inquiry within 30 days.

By using WizLayer, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our Service.