gnbedge — Privacy Policy

Last updated: 2026-05-26

This privacy policy describes how the gnbedge Chrome extension ("the Extension") collects, uses, stores, and transmits user data.

1. Who we are

The Extension is operated by the gnbedge team. Contact: devayandewri@gmail.com.

2. What data the Extension accesses

• Account credentials. The email/mobile and password you enter on the Extension's sign-in screen, used solely to authenticate you against the gnbedge backend.
• gnbedge authentication token (JWT). Returned by the backend after sign-in and stored locally so the Extension can make authenticated API calls on your behalf.
• Fleet telematics session token. When you click "Connect Fleet Portal", the Extension reads the session token your browser already holds for the fleet telematics provider you are logged into. This is only read while you are on that provider's site, only after you click Connect.
• Operational data. Task counts, last sync time, fleet identifier, and connection status.

3. What we do NOT collect

• We do not collect browsing history.
• We do not access content from any website other than the fleet telematics portal (declared in host_permissions).
• We do not collect health, financial, location, or personal communications data.
• We do not use any analytics, advertising, or tracking SDKs.

4. Where data is stored and transmitted

• All locally stored data lives in chrome.storage.local on your device.
• Authentication tokens and task data are transmitted over HTTPS exclusively to the gnbedge backend at https://api.app.gnbedge.in.
• The fleet telematics session token is sent only to the gnbedge backend, which uses it server-side to fetch fuel-consumption data on your authorized behalf.
• No data is transmitted to any third party.

5. Web app onboarding detection

The Extension's manifest declares externally_connectable for two origins owned by the gnbedge team: https://app.gnbedge.in/* (production) and https://main-frontend-wine.vercel.app/* (development). These origins can send a single { type: "PING" } message to the Extension during the user onboarding flow so the web app can detect whether the Extension is installed and guide the user accordingly. The Extension responds only with { ok: true, version } and does not expose authenticated state, tokens, or any other user data through this channel.

6. How long data is retained

Locally stored tokens are deleted when you sign out, click "Clear Data" in the popup, or uninstall the Extension. Server-side retention is governed by the gnbedge backend's data policy and is limited to what is needed to operate the service.

7. Data sharing and sale

We do not sell, rent, or share your data with third parties. We do not use your data for any purpose other than operating the Extension's stated functionality. We do not use your data to determine creditworthiness or for lending purposes.

8. Security

All network traffic uses HTTPS. Tokens are stored in chrome.storage.local, which is sandboxed per extension by Chrome. Account passwords are not stored locally — only the post-login JWT is retained.

9. Your rights

You can disconnect at any time from the Extension popup ("Sign Out" or "Clear Data"). Uninstalling the Extension removes all locally stored data. To request deletion of server-side data, email devayandewri@gmail.com.

10. Changes to this policy

If this policy changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify users through the Extension.

11. Contact

Questions or requests: devayandewri@gmail.com.