Skip to content
PingFinger
FeaturesHow it worksPricing

Resources

Changelogvs other toolsSpintax labFAQ
Log inGet the extension

Privacy

What we do — and don't do — with your data.

Written in plain English so you don't need a lawyer to understand it. Each section has a one-line summary you can scan.

Last updatedJune 9, 2026

In plain English

Three things to know if you don't read the rest:

  • Your DMs are yours. The content you send never touches our servers.
  • Your leads stay local. Browser storage by default; only synced if you opt in.
  • We don't sell anything. Not your email, not your usage, not anything.

What we collect

TL;DR

Your email, name, and a hashed password. That's the entire account record.

When you sign up, we store your email, your name, and a hashed password. That's the entire account record on our side.

The extension runs locally in your browser. Your message templates, your lead lists, and your activity log live in browser storage on your machine. We do not read them, and they do not leave your device unless you explicitly turn on cloud sync.

If you turn on cloud sync, your templates and lead metadata are encrypted in transit and stored against your account in our Supabase database. They are never shared with other users, sold, or used for training models.

What we never collect

TL;DR

DM contents, the Reddit/X accounts you use, your browsing history outside our panel.

The content of your DMs — sent or received.

The Reddit or X accounts you use the extension with.

Browsing history outside the PingFinger panel.

Anything from your machine that the extension does not need to function.

How we use what we have

TL;DR

To send you billing receipts and very occasional product updates. Nothing else.

Your account email is used for billing receipts and the occasional product update. We will never sell it, share it, or hand it to advertisers.

Server-side daily DM counters exist solely to enforce plan caps fairly. The counter resets at midnight UTC.

We track anonymous, aggregated usage signals (page views, button clicks) on the marketing site only — so we know which features people actually use. No personally-identifying data leaves your browser.

Payments

TL;DR

Stripe handles your card. We never see or store the number.

Payments are processed by Stripe. We never see or store your full card number, expiry, or CVC. Stripe's privacy policy governs how they handle payment data — read it on stripe.com.

We store the Stripe customer ID, your subscription status, and your billing email. That's it.

Your data, your rights

TL;DR

Email us to export everything or delete your account — turned around within 7 days.

Email [email protected] any time to:

Export every byte we have on you.

Delete your account permanently (irreversible — we destroy backups in 30 days).

Correct anything that's wrong on your account.

Opt out of any non-essential email.

We turn around requests within 7 days. GDPR + CCPA compliant; if you're in a jurisdiction with stricter rules, email us and we'll honor those instead.

Cookies

TL;DR

Session cookie for login, that's it. No tracking, no third-party.

One session cookie so you stay logged in. No third-party tracking cookies. No advertising pixels. The cookie banner most sites need? We don't.

The extension itself uses chrome.storage.local for all its state. That's a browser-level store, not a cookie, and we cannot read it from our servers.

Changes to this policy

TL;DR

Anything meaningful, we email you 14 days before it takes effect.

If we change this policy in a meaningful way, we will email every account holder with at least 14 days notice before the change takes effect. The full diff between versions stays available so you can see what changed.

Minor typo fixes or formatting updates don't trigger a notice — but the “last updated” date at the top of this page always reflects the latest edit.