Privacy Policy

Effective: May 13, 2026

1. The short story

Your advertising data stays in your browser. We don't have a copy of your campaigns, keywords, or spend on our servers. When you opt in to anonymous telemetry, we get error reports and aggregate usage counts — never your data. AI Guide runs on Chrome's built-in AI directly in your browser — your questions and the AI's answers stay on your device. That's the whole story.

2. Who we are

Mini Parakeet LLC (doing business as Fazr, "we" or "us") operates bddr.ai. Questions: privacy@bddr.ai.

3. What we collect

The extension, by design, keeps your advertising data local. Here's what can leave your browser, and only in the cases we describe:

  • Anonymous telemetry — only if you opt in during setup or in Settings. Includes: selector health, feature usage counts, anonymized spend ranges (e.g. "5k–10k," never exact figures), subscription tier, Amazon region, extension version, error reports with stack traces. Never: campaign names, keywords, target-level spend or sales, your Amazon account ID, or any personally identifiable information. Identified by a random install ID (not your identity). Retained 90 days.
  • Billing information — name, email, billing address, and payment method, collected by LemonSqueezy (our payment processor and merchant of record) when you subscribe to a paid tier. We don't receive your full card number. We see the order record and email address.
  • Contact information — if you email us for support, legal, or privacy inquiries, we receive your message and reply-to address.
  • AI Guide inputs — bddr.ai version 5.0 and later runs AI Guide entirely on your device using Chrome's built-in AI. The content of your questions, the model's answers, and the entity data the model sees never leave your computer. If you have anonymous telemetry enabled, diagnostic counts (invocation counts, latency buckets, success/failure flags, error kinds) cover AI Guide usage — but never the content of prompts or answers. Older extension versions (prior to 5.0) used a different path that sent anonymized numeric metrics and health tiers to our backend and Anthropic; see Section 6 for detail.
  • Remote configuration fetches — the extension periodically fetches remote config from our backend. We receive only the request itself (HTTP headers, including a random install ID if you have telemetry enabled); we don't receive your settings or data.

Onboarding and product-use events (Plan 1, opt-in)

If you opt in to anonymous telemetry during setup (or later, in Settings), bddr.ai sends a small set of onboarding and product-use events to help us measure and improve the funnel:

  • Install events (when bddr.ai was first installed — fresh installs only)
  • Welcome-page interactions (whether you opened the post-install welcome page; whether you clicked through to Amazon Advertising)
  • Popup CTA clicks (clicks on the "Open Amazon Advertising" prompt when you're not on Amazon)
  • Onboarding step completion (which wizard steps you completed, skipped, or backed out of)
  • Tour step completion (which spotlight tour steps you finished or dismissed)
  • First grid scan and first user-initiated action timing (one event per install per category)
  • Page-readiness fix interactions (when you clicked the "Fix" button to restore missing grid columns)
  • Empty-state interactions (which CTA you clicked when you had no campaigns)
  • "2 of 3 campaigns" pre-warning impressions (whether the soft-limit notice appeared)
  • Upgrade-modal impressions and CTA clicks (which feature triggered the prompt; whether you subscribed, dismissed, or clicked "Maybe later")
  • LemonSqueezy checkout opens (separate from completed purchases)
  • License tier changes (free → pro, expirations, downgrades)

Each event carries a random install ID (UUID, regenerated on reinstall), a per-install epoch ID (regenerated on fresh installs only — preserved across extension updates so a single install reads as one cohort), and the extension version. Some events additionally carry tier-related fields — for example, tier-change events record the old and new tier, upgrade-modal events record your current tier, and checkout-open events record the tier you're subscribing to. No keywords, campaign names, account names, or exact spend figures are sent. Events queued before you opt in carry a queuedBeforeConsent: true flag and are flushed only after explicit opt-in; if you opt out, queued events are deleted from your local browser storage without being sent.

Raw event records are retained on our backend for 90 days, after which they are deleted. Anonymous aggregates (counts and rates per cohort, no per-install identifiers) are retained indefinitely for product analysis.

4. Where your data lives

In your browser. The extension stores most of what it needs in chrome.storage.local, chrome.storage.sync, and IndexedDB (for analytics observations). This includes your settings, audit log, entity edit history, keyword dedup index, API connection tokens (if you connect to Amazon), and analytics observations. This data never leaves your device.

On-device AI model. AI Guide (v5.0 and later) runs against Chrome's built-in Gemini Nano model. The model is downloaded, stored, and executed by Chrome on your computer; we don't deploy, host, or maintain it. Prompt content, model outputs, and the entity data the model sees stay in your browser.

Our backend. We run a small backend on Cloudflare Workers and KV at api.bddr.ai. It handles: anonymous telemetry (bucketed hourly, 90-day retention), remote configuration (feature flags, minimum version checks, selector overrides), OAuth token refresh proxy for the Amazon Advertising API (we never persist your tokens), and, for extension versions prior to 5.0, AI Guide request proxy (legacy path — see Section 6).

Third parties. See Section 7 for the full list of sub-processors and what they do.

5. How we use information

  • To run the Service. Billing, license validation, OAuth token refresh, remote config delivery, and (for extension versions prior to 5.0) AI Guide responses via the legacy proxy path.
  • To keep it working. Anonymous telemetry detects when Amazon changes its page structure so we can push fixes quickly. Error reports help us diagnose crashes.
  • To improve it. Aggregate usage counts (e.g., "how many Pro users run Quick Optimize per week") tell us what's useful.
  • To support you. When you email us, we read and respond.
  • To meet legal obligations. Tax records, subpoenas, fraud prevention.

We do not sell personal information. We do not share personal information for cross-context behavioral advertising. We don't use your data to train AI models.

Rules governing how you may use the Service (and grounds for suspension or termination) live in our Acceptable Use Policy.

6. AI Guide — how it works

AI Guide is the optional AI-powered assistance inside bddr.ai. It only runs when you invoke it — it's never automatic. As of bddr.ai version 5.0, AI Guide runs entirely on your device. Older extension versions that haven't auto-updated still use a backend proxy path; that path is described under "AI Guide — older versions" below and is scheduled to be retired after the auto-update window closes.

Where it runs

AI Guide runs on Chrome's built-in Gemini Nano model, accessed through the browser's LanguageModel Prompt API. The model lives in your browser; the entire request — prompt construction, model inference, and response — happens locally. No third-party AI provider is involved.

What stays on your device

Everything that matters: the prompt the extension assembles for the model, the entity data referenced in that prompt (metrics, names, and any structural context), and the model's response text. None of it is transmitted to bddr.ai's backend or to any third party.

What may leave your device

If you have anonymous telemetry enabled, the extension emits diagnostic events covering AI Guide use: invocation counts, latency buckets, success/failure flags, and error kinds (for example, "model unavailable," "session timeout"). These events do not include the content of your prompt, the model's answer, or any entity data shown to the model. If telemetry is off, no AI Guide signal of any kind leaves your browser.

Requirements

Chrome's built-in AI requires a recent Chrome release, a supported GPU, sufficient free disk space to hold the model, and an experimental flag (the prerequisites and current setup steps are listed under bddr.ai Settings). If your browser doesn't meet the requirements, AI Guide is unavailable on that device — the extension does not fall back to a cloud service.

Turning it off

Don't use the feature. AI Guide is Pro-tier-and-above and is invoked only by your explicit action (clicking a question or typing into the AI Guide panel). There's no separate setting to disable — if you don't use it, no model inference is performed.

AI Guide — proxy-ID note

Even though prompts and responses never leave your computer, the extension still routes entity references through a proxy-ID map before composing the prompt — campaign, ad-group, and target names are replaced with short tokens (for example T-a3f2, C-b1e9, AG-d4c8), and the response is rehydrated to real names before being shown to you. The mapping lives only in your browser's memory. We keep this step as defense-in-depth: it bounds the on-device token budget and limits what would be exposed if a future model-routing change ever altered where the prompt was executed.

AI Guide — older versions

bddr.ai versions prior to 5.0 used a different AI Guide path that called a backend service rather than an on-device model. This path remains operational only for clients that haven't yet auto-updated and is scheduled for removal in a follow-up release. The legacy flow is described below.

What was sent. Numeric metrics for the entities in context (ACoS, spend, clicks, orders, sales, impressions, bids), health-tier labels (like "bleeder" or "hero"), and structural context like page type. Entity names, keywords, ASINs, campaign names, ad-group names, and account IDs were not sent.

How it was anonymized. Before anything left your browser, entity names were replaced with short proxy IDs (for example T-a3f2, C-b1e9, AG-d4c8). The mapping between real names and proxy IDs lived only in your browser's memory, never left it, and was thrown away when the response came back. The response text returned containing proxy IDs and was rehydrated client-side before being shown to you. Neither our backend nor Anthropic ever saw a real entity name.

The request path. Your browser → api.bddr.ai (our Cloudflare Worker) → Anthropic's Claude API → our Worker → back to your browser.

Anthropic's role. Anthropic processed the request under their Commercial Terms. Anthropic does not train their models on commercial inputs or outputs by default.

Security. Legacy AI Guide requests were HMAC-signed (SHA-256) with a secret derived from your install ID and validated on our backend. The license was checked before the request was forwarded. We rate-limit per IP and cap daily usage per install (Free: 0, Pro: 25, Power: 50, Agency: 100 requests/day). Responses were cached client-side in your browser (keyed by question ID) to avoid repeated requests for the same question; nothing about the cache left your device.

Retention. We did not, and do not, persist AI Guide request payloads or responses on our backend. Cloudflare Workers Logs may retain transient request metadata (IP, HTTP status, timestamp) per Cloudflare's standard log retention; we don't access these for any purpose other than diagnosing outages. The per-install daily-usage counter and per-IP rate-limit counter are short-lived entries (48 hours and 60 seconds respectively) needed to enforce caps and rate limits.

7. Sub-processors

bddr.ai uses the following third-party services. Paid customers may subscribe to change notifications by emailing privacy@bddr.ai with subject "Sub-processor notifications."

Sub-processor Purpose Data types Region
Cloudflare, Inc. Backend compute and storage (Workers, KV). Hosts our API, telemetry, remote config, OAuth refresh proxy, and — for extension versions prior to 5.0 — the legacy AI Guide request proxy. Anonymous telemetry payloads, install IDs, HMAC metadata, OAuth tokens in transit only (not persisted). Global edge
Anthropic, PBC AI Guide request processing (Claude API) — legacy AI Guide path, bddr.ai versions prior to 5.0 only. The current AI Guide runs on-device using Chrome's built-in model and does not involve Anthropic. Anonymized numeric metrics, proxy-ID'd entity data, question IDs. No real entity names, no account identifiers. United States
Lemon Squeezy, LLC Merchant of record for paid subscriptions — payment processing, license validation, tax handling, invoicing. Name, email, billing address, payment details (card processed by LemonSqueezy's PCI providers), license keys. Global
Amazon.com, Inc. OAuth and Advertising API, only when you connect your Amazon Advertising account. OAuth tokens (stored locally on your device; refreshed via our proxy), Advertising API request/response data for changes you make through bddr.ai. Global

8. Cookies and similar technologies

The bddr.ai marketing site uses only essential session cookies needed for page functionality. We don't use advertising cookies, tracking pixels, or cross-site trackers. The extension itself doesn't set any cookies.

You can block or delete cookies through your browser's privacy settings. Blocking essential cookies may make parts of the site not work.

9. Legal bases (EU/UK users)

If you're in the EU or UK, the legal bases we rely on for processing your personal data (under GDPR Art. 6) are:

  • Contract performance (Art. 6(1)(b)) — for billing, license validation, providing the Service to paid subscribers.
  • Consent (Art. 6(1)(a)) — for anonymous telemetry (opt-in), AI Guide use (you choose to invoke it).
  • Legitimate interests (Art. 6(1)(f)) — for security, fraud prevention, debugging, and product improvement. The balance weighs in favor of these processing activities because they're minimal, anonymized where possible, and aligned with your reasonable expectations.
  • Legal obligation (Art. 6(1)(c)) — tax record-keeping, response to legal process.

10. Your rights

Depending on where you live, you have rights over your personal information. We honor these globally where practical.

Everyone

  • Access. Ask what personal data we have about you.
  • Correction. Ask us to fix inaccurate data.
  • Deletion. Ask us to delete your personal data. Most of your data is in your browser and you delete it by clearing storage or uninstalling the extension.

EU/UK residents (under GDPR/UK GDPR)

  • Portability — receive your data in a portable format.
  • Restriction — ask us to pause processing.
  • Objection — object to processing based on legitimate interests.
  • Withdraw consent — where we rely on consent (telemetry, AI Guide use), you can withdraw it without affecting the lawfulness of prior processing.
  • Lodge a complaint — with your local data protection supervisory authority (e.g., ICO in the UK, CNIL in France, BfDI in Germany).

California residents (under CCPA/CPRA)

  • Right to know the categories and specific pieces of personal information collected, the sources, the purposes of collection, and third parties we share with.
  • Right to delete personal information we've collected about you.
  • Right to correct inaccurate personal information.
  • Right to opt out of sale or sharing — we don't sell personal information and we don't share for cross-context behavioral advertising, so there's nothing to opt out of, but we honor the signal.
  • Right to limit use of sensitive personal information — we don't collect sensitive personal information as defined by CPRA.
  • Right to non-discrimination — we won't retaliate against you for exercising these rights.

How to exercise your rights

Email privacy@bddr.ai with the request. We verify your identity by confirming you control the email on file for your account. We respond within 30 days (may extend to 90 days for complex requests, we'll tell you if that happens). You can designate an authorized agent to make a request on your behalf.

11. Retention

How long we keep what:

  • Anonymous telemetry — 90 days, then pruned.
  • AI Guide content — none retained, because none is sent. AI Guide in bddr.ai v5.0 and later runs on your device, so prompts and answers are not transmitted to us or to any third party. Older extension versions (prior to 5.0) use the legacy path described in Section 6; on that path, we don't persist request or response payloads, and transient Cloudflare Workers Logs metadata follows Cloudflare's retention policy.
  • Billing records — retained as long as required for tax, legal, and financial record-keeping (typically 7 years in the U.S.). Managed by LemonSqueezy under their retention policies.
  • Support emails — retained for the life of the customer account and up to 2 years after, unless legally required longer.
  • Browser-local data — your control; not our retention.

12. Security

We take reasonable steps to protect the limited data we hold:

  • HTTPS for all transit to our backend and third parties.
  • HMAC-signed AI Guide requests.
  • Least-privilege access to our Cloudflare KV stores. Secrets managed via Wrangler.
  • Local-first architecture that limits the data available to breach on our side.
  • Regular dependency updates through Dependabot.

No system is perfectly secure. If you discover a vulnerability, please report it to security@bddr.ai. See our Security page for our coordinated-disclosure process.

13. International data transfers

AI Guide in bddr.ai v5.0 and later runs on your device and produces no cross-border data transfer. For extension versions prior to 5.0 that still use the legacy proxy path, Anthropic processes those AI Guide requests in the United States. Cloudflare Workers run at the global edge. LemonSqueezy operates globally. Where your data is processed outside your home jurisdiction, we rely on the contractual safeguards our sub-processors maintain. EU customers who need formal Standard Contractual Clauses executed may request them by emailing legal@bddr.ai. Our Data Processing Addendum is the usual vehicle for this.

14. Children

bddr.ai is a professional advertising tool built for adult sellers and businesses. It's not intended for and not directed at children under 16. We don't knowingly collect information from children under 16. If you believe a child has provided information, contact privacy@bddr.ai.

15. Changes to this Policy

We may update this Policy. Non-material changes (typos, clarifications, new sub-processor entries that don't change data types or purposes) take effect when published.

Material changes (new data collection, new sub-processors that change data flows, new purposes) take effect 30 days after we publish them. For paid users, we'll email you with a summary of what changed.

16. Contact and supervisory authority

Privacy questions, requests, or complaints: privacy@bddr.ai.

Data controller: Mini Parakeet LLC, Oklahoma, USA. EU/UK users may lodge a complaint with their local supervisory authority.

Revision history

  • May 15, 2026 — Removed Architect (Account Structure Strategy) data-flow paragraph; the feature was retired before launch.
  • May 13, 2026 — AI Guide moved on-device (bddr.ai v5.0). Section 6 rewritten to describe Chrome's built-in Gemini Nano path; the legacy Anthropic-via-Cloudflare-Worker flow is preserved transitionally for extension versions that haven't auto-updated and will be removed in a follow-up release. Sections 1, 3, 4, 5, 7, 11, and 13 updated to match.
  • April 14, 2026 — Initial version.