Legal
Last updated: 9 July 2026
Amorem, 50 Rue Saint André des Arts, 75006 Paris, France, operates extension.report and is the controller for account, website and billing data. For telemetry that a customer sends from its extension or app, the customer determines the purpose and Amorem generally acts as its processor.
Questions, rights requests and Data Processing Agreement requests can be sent to hello@extension.report.
The SDK does not use cookies and does not collect browsing history by default. IP addresses may be used transiently for rate limiting and coarse country lookup, but raw analytics IP addresses are not persisted.
We process data to provide and secure the service, authenticate users, ingest and display customer analytics, enforce plan limits, deliver requested emails, process payments, support customers, prevent abuse and improve activation and reliability. The legal bases are performance of the service contract, our legitimate interests in security and product operation, compliance with legal obligations, and consent where the law requires it.
Data may be processed by infrastructure and operational providers used to run the service, including Stripe for billing, UseSend for transactional email, Infisical for secrets, database/cache/hosting providers and optional cookieless Plausible analytics. We share only what the provider needs. Where data leaves the EEA, we rely on an adequacy decision, Standard Contractual Clauses or another lawful safeguard.
We use essential authentication cookies and local storage for preferences such as theme, onboarding state and an anonymous journey identifier. We do not use advertising cookies. If optional analytics changes to require consent, we will request it before activation and update this notice.
Depending on your location, you may request access, correction, deletion, restriction, portability or objection, withdraw consent, and complain to your data-protection authority (in France, the CNIL). Email preferences and one-click unsubscribe links are available in every recurring email. Customers remain responsible for responding to rights requests concerning the telemetry they control; we assist them under the DPA.
We use access controls, signed webhooks, encryption in transit, secret management, tenant authorization, redacted operational snapshots and audit logs. No system is risk-free. Material policy changes will be dated here and, when appropriate, announced in-product or by email.
This notice should be reviewed with qualified counsel for the exact customer mix, subprocessors and international-transfer setup before public launch.