Privacy Policy — Browser Extension

The Curator browser extension (the “Extension”) forwards tax-document PDFs you explicitly download from a short list of investor portals to your Curator account at curatorrecord.com. It does not read the contents of any page, it does not handle your portal passwords, and it cannot access any site outside its allowlist. The full, up-to-date list of allowlisted portals is published in the Extension’s manifest and at curatorrecord.com/extensions; Curator may add or remove portals over time, and every change ships as a new Extension version subject to this same policy.

When you click Send in the Extension popup after downloading a tax document, the Extension transmits the following to Curator over HTTPS:

• The bytes of the PDF file you just downloaded from an allowlisted investor portal.
• The filename the portal assigned to that download (for audit display on the Curator review queue).
• A SHA-256 hash of the file content (used to detect duplicates so the same PDF is never uploaded twice).
• The Curator investing-entity you picked from the dropdown before clicking Send, so the document lands under the correct entity’s ledger.
• The pairing credential stored in the Extension’s local storage, sent as a Bearer token. The server uses it to verify that this specific Extension install is authorized and to associate the upload with your Curator account.

• Your portal passwords or login credentials. The Extension never sees them. It never asks for them, and the manifest does not request access to cookies, passwords, or any credential storage.
• The contents of any web page.The Extension has no content scripts and does not read the DOM of any page. It only reacts to completed browser downloads and re-fetches the PDF using the portal’s own download URL.
• Your browsing history or activity on any other site. The Extension’s manifest scopes network access to curatorrecord.com plus the current allowlisted investor portals; it cannot observe or transmit anything from any other website.
• Your identity or personal information beyond what the pairing credential implicitly represents. No email, name, or IP geolocation is gathered by the Extension itself.

All uploads go over HTTPS (TLS 1.2 or higher) to Curator’s extension upload endpoint at curatorrecord.com. The Extension attaches the pairing credential as a standard HTTP Authorization Bearer header. Uploads that fail the server’s rate limit (30 per hour per pairing), fail a PDF magic-byte check, or fail a membership check against the selected investing entity are rejected before any data is written.

Uploaded PDFs are stored by Curator in a private, encrypted Supabase Storage bucket and are accessible only to members of the investing entity you selected at upload time, enforced by database row-level security on both the document metadata and the backing Storage objects. A row is inserted in the Curator database with the filename, content hash, a reference to the pairing credential used, and the selected investing-entity ID.

Documents are retained for as long as your Curator account is active, or until you explicitly archive or delete them inside Curator. Deleting your Curator account purges all associated extension-uploaded documents.

The Extension itself sends data only to Curator. Once a PDF is inside Curator, downstream processing (for field extraction) is performed by Curator’s AI pipeline, which routes requests through the Vercel AI Gateway to Anthropic Claude. This is disclosed in the main Curator privacy policy; the Extension itself does not contact any AI provider.

• Downloads.To detect when you’ve finished downloading a PDF from an allowlisted portal, so the popup can offer to forward it. The Extension does not modify or intercept downloads; it only observes completed ones.
• Storage. To persist the pairing credential, scoped to this Extension install, across browser restarts.
• Alarms. To manage short-lived timers for the post-download confirmation flow. Required because Chrome service workers may be evicted between a download event and your confirmation click.
• Host permissions.Scoped to a short list of investor-portal domains plus curatorrecord.com. These permit the Extension’s background worker to re-fetch the just-completed PDF using your existing portal cookie and to transmit it to Curator. The Extension does NOT request broad host access (no all-sites permission).

The Extension does not request access to tabs, page DOM, cookies, browsing history, keyboard events, or network interception. You can verify every permission the Extension holds by opening your browser’s extensions page and inspecting the Curator entry.

• Revoke the Extension at any time.Sign in to Curator and open Settings → Browser extension, then click Revoke on the pairing. Within about a minute the Extension’s next upload attempt will be rejected with an authentication error.
• Uninstall the Extension.Open your browser’s extensions page and remove Curator. No further data is transmitted.
• Delete uploaded documents.Archive or delete any document from inside Curator’s review queue or ledger. Deleted documents are purged from Storage on schedule.
• Delete your Curator account. Contact the email below to request full deletion; all extension-uploaded documents are removed with the account.

Curator is not directed at children under 13. The Extension is intended for adult investors managing tax documents.

If this policy materially changes, the effective date above will update and a notice will be posted on the Curator extensions page. Continued use of the Extension after the effective date constitutes acceptance of the new policy.

Questions, access requests, or deletion requests: privacy@curatorrecord.com.