Privacy Policy
Last updated: May 17, 2026
Reliquery is a Chrome browser extension that helps brand owners, marketers, and product teams analyze webpages for brand alignment, competitive positioning, and design iteration. This policy describes what data Reliquery collects, how it is used, and your rights regarding that data.
1. Who we are
Reliquery is a product of Paladinmusic Enterprises, LLC, built to help brands protect, learn from, and improve their digital presence. Contact: support@reliquery.app
2. What data we collect
2.1 Page content (Audit & Scout)
When you click "Analyze This Page," Reliquery extracts text content, headings, meta tags, image alt text, and CTAs from the active browser tab. This content is sent to the Reliquery backend for analysis and discarded after the response. Reliquery does not persist page content server-side.
Reliquery never requests page-access permission in the background or at install time. You choose when and how to grant it via Chrome's native permission dialog:
- One-time grant (recommended for power users): Click "Permit Reliquery to analyze web pages" in the extension's setup panel. Chrome asks once whether to allow Reliquery on all sites. Once granted, no further prompts.
- Per-site grant (default): If you skip the one-time grant, Chrome asks for permission the first time you analyze each new site. Each grant persists per origin.
All grants — broad or per-site — can be revoked at any time from
chrome://extensions → Reliquery → Site access, or from the "Disable" button in
the extension's settings panel.
2.2 Brand Reliquary documents
If you connect a Brand Reliquary (a GitHub repository or local folder of brand documents), the contents of those documents are read at analysis time and included in the request to the Reliquery backend. Brand documents are processed in memory and discarded after analysis. Reliquery does not store, log, or train on your brand documents.
2.3 Configuration (stored on your device)
The following settings are stored in your own browser via Chrome's storage API. They are not transmitted to Reliquery servers from storage:
- Brand Reliquary repository URL, branch, and path (in
chrome.storage.local) - Home Base URL (in
chrome.storage.local) - Anthropic API key for Forge mode (in
chrome.storage.local) - GitHub access token for private Reliquary repositories (in
chrome.storage.session, cleared when you close the browser)
2.4 How credentials are transmitted during use
When you actively use a feature that requires one of your stored credentials, that credential is transmitted to the relevant service over HTTPS to authenticate the request:
- Anthropic API key (Forge mode): Each Forge request is sent from the extension
to the Reliquery backend, which forwards the request to Anthropic's API with your key included
in the
Authorizationheader. Reliquery's backend acts as a pass-through proxy and does not retain the key, the screenshot, or the DOM payload after the response is returned. - GitHub personal access token (Brand Reliquary GitHub mode): When the extension
fetches files from your connected repository, your token is included in the
Authorizationheader of outbound requests toapi.github.comandraw.githubusercontent.com. The token is also sent to the Reliquery backend so the backend can fetch brand documents on your behalf during an analysis; Reliquery does not log or persist the token server-side.
All Forge inference activity is billed to and visible in your own Anthropic account. Revoking either credential at its source (Anthropic or GitHub) immediately disables the corresponding feature.
2.5 Anonymous usage telemetry
Reliquery collects anonymized event data to monitor product health: which mode was used, success/failure status, request latency, and error categories. This data does not include page content, brand documents, URLs, or any personally identifying information.
2.6 Account and authentication
Reliquery requires an account to use the extension. When you sign in, you provide your email address, which is stored by our authentication provider (Supabase) in their hosted database. Your email is used solely to authenticate you and is not used for marketing, newsletters, or shared with third parties for advertising purposes.
Reliquery uses a passwordless sign-in flow: you receive a one-time verification code via email each time you sign in. No passwords are stored or transmitted.
Your account is associated with a unique user ID (UUID). Internal records such as usage counts and subscription status reference this UUID, not your email address.
2.7 Technical request metadata
To prevent fraud and abuse, respond to payment disputes, and debug operational issues, Reliquery records the following metadata for each authenticated request to billable endpoints (Audit, Scout, Forge, billing):
- IP address
- User-Agent string (browser and version)
- Timestamp
- Endpoint accessed
- Response status code
This data is retained for 180 days and is used solely for fraud detection, chargeback dispute evidence, and operational debugging. It is never used for advertising, profiling, or shared with third parties. The legal basis is our legitimate interest in protecting the service from abuse and complying with payment processor requirements. You can request deletion of this metadata at any time by emailing support@reliquery.app.
3. What we do not collect
- Browsing history
- Page content from tabs you have not explicitly analyzed
- Personal information beyond your email address (no name, address, or phone number)
- Financial information (payments are handled entirely by Stripe; see §4)
- Passwords (Reliquery uses passwordless sign-in only)
- Cookies or tracking identifiers across sites
4. Third parties
Reliquery sends data to the following third parties to deliver its features:
- Anthropic — Page content and brand document text are sent to Anthropic's Claude API for analysis. Anthropic privacy policy
- GitHub — When you use GitHub Reliquary mode, Reliquery reads the files you specify from your connected repository. GitHub privacy policy
- Supabase — Reliquery uses Supabase for authentication and database hosting. Your email address and account data are stored in Supabase's infrastructure (AWS, US regions). Supabase privacy policy
- Stripe — Reliquery uses Stripe to process subscription payments. When you upgrade to a paid plan, you interact directly with Stripe's checkout page. Reliquery does not receive, store, or have access to your payment card details; Stripe handles all payment data. Your Stripe customer ID is stored server-side to manage your subscription status. Stripe privacy policy
- Cloud hosting (Vercel / Cloudflare) — Reliquery's backend is hosted on Vercel; the marketing site and landing pages are hosted on Cloudflare Pages. Like all hosted services, these platforms maintain short-term operational request logs (typically 1–7 days, retained by the platform for security and debugging) which include IP addresses and User-Agent strings. Reliquery's own application-level logging is described in §2.7. Vercel privacy policy · Cloudflare privacy policy
Reliquery does not sell, rent, or share your data with advertisers, data brokers, or any other third parties.
5. Permissions and why we need them
| Permission | Purpose |
|---|---|
| activeTab | Read the page you click "Analyze This Page" on |
| tabs | Read the URL of the active tab so the side panel knows which site you're about to analyze. This permission grants metadata access only (URL, title, favicon) — it does not allow reading or modifying page content. The "Read your browsing history" warning Chrome shows at install describes this metadata access; Reliquery does not store, log, or transmit your browsing history |
| scripting | Inject the content extraction script into the active tab |
| storage | Save your Brand Reliquary settings, Home Base URL, and Forge API key locally |
| sidePanel | Display the Reliquery interface as a side panel |
| debugger | Capture full-page screenshots and apply CSS during Forge mode |
| host_permissions | Allow the extension to send requests to the Reliquery backend and to Supabase for authentication |
| optional_host_permissions | Declares the maximum scope Reliquery can ever request, but grants no access at install. Each site you analyze is requested individually via Chrome's per-origin permission dialog when you click "Analyze This Page" |
6. Your rights
- Access: All settings and stored data are visible to you in
chrome://extensions→ Reliquery → Storage. - Deletion (local): Uninstalling Reliquery removes all locally stored data from your browser.
- Deletion (account): To delete your Reliquery account and all associated server-side data (email, usage records, subscription status), email support@reliquery.app with the subject line "Delete my account" from the email address associated with your account. We will process deletion requests within 30 days.
- Withdrawal: You can disable Forge by deleting your API key in the extension settings, and disconnect a Brand Reliquary at any time.
- Contact: Email support@reliquery.app for any privacy questions.
7. Children
Reliquery is not directed at children under 13 and does not knowingly collect data from children.
8. Changes to this policy
If we materially change how Reliquery handles data, we will update this page and revise the "Last updated" date. Continued use of the extension after a change constitutes acceptance of the revised policy.
9. Contact
Paladinmusic Enterprises, LLC
Email: support@reliquery.app
Product: Reliquery Chrome Extension