Privacy
Last updated 30 June 2026.
Whatsmugging is a Chrome extension and accompanying website. This page describes what data we collect, why, and how to remove it. Plain language only.
What we collect
- Drawings. When you doodle a mug slice in the extension, the stroke data (coordinates only — no canvas image) is stored in our Supabase database so the global collection on whatsmugging.com/browse can show it. No account is required to draw; submissions are anonymous by default.
- Account (optional). If you sign in to claim your crayons, Supabase Auth stores your email and a hashed password. We do not sell, share, or analyse this data.
- Preorders. If you submit a preorder on /shop, your name, email, and shipping address are stored so we can ship the mug. We email you about your order; we do not add you to any marketing list.
- Server logs. The website and API run on our own server. Like every webserver, it logs request paths and IPs short-term for abuse prevention. These logs are not joined to any other data.
What we don't collect
- The text of your LLM prompts or responses. The extension only watches for the "LLM is thinking" signal — it never reads the conversation.
- Browsing history outside the listed LLM domains (chat.openai.com, chatgpt.com, gemini.google.com, chat.deepseek.com, claude.ai).
- Analytics or third-party trackers. We use none.
- Payment data. Preorders are confirmed and invoiced manually; we never see card numbers.
Permissions, explained
- storage — remember your sign-in and your in-progress doodle locally.
- host permissions on LLM domains — inject the doodle overlay into those pages.
- host permission on supabase.co — talk to our database from the extension.
Deletion
Email [email protected] from the address tied to your account (or, for anonymous drawings, reference the mug number from /browse) and we will delete the record within 7 days.
Changes
If we change anything material, the "Last updated" date at the top will change and we will post a notice on /browse for 30 days.