Privacy Policy

This Privacy Policy describes how the Booking paste helper Chrome extension ("the Extension") and its companion API ("the Backend") handle user data. The Backend is operated by Shaked Lisha ("we", "us") and is hosted on Google Cloud Run.

What the Extension does

The Extension lets you paste booking-confirmation text or upload a booking PDF. The text or PDF is sent to the Backend, which uses the Google Gemini API to identify the booking type (flight, hotel, car, transfer, or passport) and extract structured fields, then returns the result so the Extension can pre-fill a booking form.

Data we receive

When you trigger an extraction the Backend receives:

• The booking text you pasted, or the PDF you selected.
• The flight leg hint ("auto", "outbound", or "return") if any.
• Standard request metadata Cloud Run records automatically: timestamp, IP address, User-Agent, response status, and response time.

We do not request or receive your Google contacts, calendar, Drive files, or any Google-account scope beyond openid email.

What we do with the data

• The booking text or PDF is forwarded to the Google Gemini API for structured extraction. Google's own terms apply — see ai.google.dev/gemini-api/terms.
• The extracted result is returned to your browser and is not stored on our servers.
• We do not store booking text, PDF contents, or extracted fields after the request completes.
• Cloud Run access logs (timestamp, IP, User-Agent, status code) are retained automatically by Google for up to 30 days for security and abuse prevention.
• If quotas are enabled, we keep a per-user daily counter of how many extractions you have run. Counters reset every 24 hours and are identified only by an opaque Google user identifier. No booking content is associated with the counter.

Data we do not collect

• We do not sell or share your data with advertisers or third parties for marketing purposes.
• We do not use your booking content to train any AI model.
• We do not access pages you visit unless they match the limited list of hosts declared in the extension's manifest (your booking system and the developer demo page).

Third-party services

• Google Gemini API — used for booking-text understanding.
• Google Cloud Run / Cloud Logging — hosting and operational logs.
• Google Sign-In (OAuth 2.0 / OIDC) — used (when enabled) to verify which signed-in user is making each request, so per-user quotas can be enforced.

Your choices

• Uninstalling the Extension removes all extension-managed settings from your browser.
• Revoking the OAuth grant from myaccount.google.com/permissions immediately stops the Backend from verifying your identity.
• You may request deletion of Cloud Run logs that contain your IP address by emailing us at the address below.

Children's privacy

The Extension is not directed at children under 13 and we do not knowingly collect personal data from anyone under 13.

Changes to this policy

We will update the "Last updated" date at the top of this page when we make material changes. Significant changes will also be announced in the Chrome Web Store listing.

Contact

Questions about this policy? Email us at shakedlisha@gmail.com.