BS Inspector
Add to Chrome

Privacy Policy

Last updated: April 18, 2026

This Privacy Policy explains how Sawary Trading LLC (“we”, “us”, “our”), the operator of BS Inspector (the “Service”, including our website at bsinspector.com and our browser extension published on the Chrome Web Store), collects, uses, shares, and protects your personal data. It also describes the rights available to you under applicable data protection law, including the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act as amended by the CPRA (CCPA/CPRA), and other comparable frameworks.

By installing our browser extension or using our website, you acknowledge the practices described in this Policy. If you do not agree, please do not install or use the Service.

1. Data controller

The data controller responsible for processing your personal data is:

  • Sawary Trading LLC, a Wyoming Limited Liability Company, United States
  • Contact for privacy matters: hello@bsinspector.io

2. What we collect

2.1 Information you provide

  • Account data. If you create an account, we collect your email address and authentication credentials (handled via Firebase Authentication).
  • Payment data. If you subscribe to a paid plan or purchase top-up credits, payment is processed by Stripe, Inc. We never see or store your full card number; we receive only a Stripe customer ID, masked last-four digits, card brand, expiry, and billing country for tax purposes.
  • Support communications. If you email us, we retain your message and contact information to respond and to keep a record of the request.

2.2 Information collected automatically when you use the extension

  • Product URLs you explicitly scan. When you click the BS Inspector badge on a product page, the URL of that page is sent to our servers for analysis. We do not passively track your browsing or collect URLs you did not scan.
  • Analysis results. The BS score, reasoning, and aggregated source data for a scanned product may be cached on our servers (anonymized, keyed by the product URL, not by you) to speed up repeat lookups by other users. Results are not tied to your identity once generated.
  • Credit usage metrics. We record which account consumed a credit and when, for billing and quota enforcement.
  • Technical diagnostics. When the extension or website errors, we may log a minimal error record (event type, timestamp, user ID if signed in, coarse device info such as browser version) to diagnose and fix problems.

2.3 Information we do NOT collect

  • We do not track your full browsing history.
  • We do not read page content from sites you have not explicitly scanned.
  • We do not collect keystrokes, form inputs, passwords, or clipboard data.
  • We do not sell your personal data to third parties.
  • We do not serve behavioural advertising or share data with ad networks.

3. How we use your data

  • To provide the Service: run AI analysis on product URLs you scan and return results.
  • To manage your account, credits, subscriptions, and payments.
  • To respond to your support questions and communicate service announcements.
  • To improve reliability, performance, and accuracy of our analysis.
  • To comply with our legal obligations (tax, accounting, fraud prevention).
  • To protect the security and integrity of the Service (abuse, rate-limit evasion, fraud).

4. Legal bases (GDPR / UK GDPR)

We rely on the following legal bases when processing your personal data:

  • Performance of a contract — to provide the Service, fulfil paid plans, and manage credits (Art. 6(1)(b) GDPR).
  • Legitimate interests — to secure the Service against abuse, improve product quality, and maintain anonymous caches of analysis results (Art. 6(1)(f) GDPR).
  • Legal obligation — to retain billing records and respond to lawful requests (Art. 6(1)(c) GDPR).
  • Consent — where applicable (e.g., explicit marketing communications). You can withdraw consent at any time.

5. Sharing and subprocessors

We share personal data only with vetted subprocessors who help us operate the Service, bound by data processing agreements and appropriate safeguards (including Standard Contractual Clauses for transfers outside the EEA/UK):

  • Google LLC (Firebase Authentication, Cloud Firestore, Cloud Functions, Cloud Run) — account authentication, database, and compute backend. Data processed in Google Cloud regions.
  • Google LLC (Gemini API) — large language model used to analyze product page context. We transmit the public product URL and scraped public review text. We do not send your personal account identifiers to the model.
  • Stripe, Inc. — payment processing, subscription billing, tax handling.
  • Resend — transactional email delivery (account verification, receipts, password resets, service announcements).
  • Vercel, Inc. — marketing website hosting and static asset delivery.
  • Chrome Web Store (Google LLC) — extension distribution and update delivery.

We may also disclose information when required by law, in response to a valid legal request, to enforce our Terms, or to protect the rights, property, or safety of our users or others.

6. International data transfers

Sawary Trading LLC is based in the United States and our subprocessors may process data in the United States and other countries. Where personal data of EEA, UK, or Swiss residents is transferred outside those regions, we rely on Standard Contractual Clauses, adequacy decisions where applicable, and supplementary technical measures (encryption in transit, least-privilege access controls).

7. Data retention

  • Account data: retained while your account is active; deleted within 30 days of account deletion request.
  • Payment records: retained for 7 years to comply with US tax and accounting obligations.
  • Analysis cache (product URL → result): retained for up to 30 days to serve repeat requests; then purged or refreshed.
  • Error diagnostics: retained for 90 days.
  • Email support records: retained for up to 24 months.

8. Your rights

8.1 Rights under GDPR / UK GDPR

If you are in the EEA, UK, or Switzerland, you have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion (“right to be forgotten”) subject to our legal obligations.
  • Object to or restrict certain processing.
  • Port your data to another provider in a machine-readable format.
  • Withdraw consent (where processing is based on consent).
  • Lodge a complaint with your local data protection authority.

8.2 Rights under CCPA / CPRA

If you are a California resident, you have the right to:

  • Know what categories of personal information we collect and why.
  • Request access to the specific pieces of personal information we hold.
  • Request deletion of your personal information, subject to exceptions.
  • Request correction of inaccurate personal information.
  • Opt out of “sale” or “sharing” of personal information — we do not sell or share personal information for cross-context behavioural advertising.
  • Limit use of sensitive personal information — we do not collect sensitive personal information within the meaning of the CPRA.
  • Non-discrimination for exercising any of these rights.

8.3 How to exercise rights

To exercise any of these rights, email hello@bsinspector.io from the email associated with your account. We respond within 30 days (GDPR) or 45 days (CCPA), with one 45-day extension where necessary.

9. Security

We apply industry-standard technical and organizational measures to protect personal data, including TLS encryption in transit, encryption at rest for primary data stores, strict access controls, audit logging, and regular security reviews. No system is perfectly secure, however, and we cannot guarantee absolute security. If we learn of a data breach affecting your personal data, we will notify you without undue delay and within the timeframes required by applicable law.

10. Children’s data

The Service is not directed to children under 16. We do not knowingly collect personal data from children under 16. If you believe we have collected such data, contact us and we will delete it.

11. Changes to this Policy

We may update this Policy to reflect changes in our practices or legal requirements. We will post the updated Policy on this page with a revised “Last updated” date, and for material changes we will notify account holders by email at least 14 days before the change takes effect.

12. Contact

Contact: hello@bsinspector.io
Operator: Sawary Trading LLC, a Wyoming Limited Liability Company (USA)

Privacy Policy — BS Inspector