Hailpilot Seller Assistant — Browser Extension Privacy Policy
Last updated: 20 May 2026
This policy applies to the Hailpilot Seller Assistant Chrome extension. For the privacy policy covering the Hailpilot dashboard and main platform, see hailpilot.com/privacy.
1. What this extension does
The Hailpilot Seller Assistant is a browser extension that reads pages from Shopee Seller Centre and Lazada Seller Centre while you are logged into those platforms, and synchronises specific data — registered marketing campaigns and ads-keyword performance — to your Hailpilot account at hailpilot.com.
The extension acts only when you explicitly click “Scan this page” in the extension popup, or trigger an action from the Hailpilot Companion side panel. It does not perform background polling, automatic scanning, or any action without an explicit user gesture.
2. What data the extension collects
The extension collects ONLY the following:
- The contents of the Shopee or Lazada Seller Centre page you are actively viewing at the moment you click “Scan this page”. Specifically: campaign titles, campaign dates, nomination counts, ads keyword performance metrics (impressions, clicks, conversions, GMV, ACOS).
- The Hailpilot Extension API key you supply, stored in
chrome.storage.localon your device. The key is generated by you from your Hailpilot dashboard. - The URL of the page that was scanned, sent along with the scrape payload for audit purposes.
- If you choose to enable the Companion side panel, summary case counts and urgent-case lists fetched from your own Hailpilot account (this is your own data viewed in a different surface).
The extension DOES NOT collect:
- Cookies, login sessions, or authentication tokens belonging to Shopee, Lazada, or any other site.
- Browsing history outside the explicitly-scanned page.
- Personal identifying information about you beyond your Hailpilot merchant account.
- Buyer personally-identifying information — the extension scrapes campaign metadata only.
- Data from any page you have not explicitly scanned.
3. Where data is sent
Data scraped from Seller Centre pages is sent ONLY to https://api.hailpilot.com (your own Hailpilot account), using a Bearer authentication scheme. You control the API key and can revoke it from the Hailpilot dashboard at any time.
The extension does not send data to any other third party. The extension does not contain analytics SDKs, advertising trackers, or remote code loaders.
All requests use credentials: omit and redirect: error — your cookies are never sent and the request never follows a redirect outside the configured Hailpilot API base.
4. Data retention
Data sent to Hailpilot is retained according to the Hailpilot main privacy policy at hailpilot.com/privacy. The extension itself stores only the API key, the API base URL, and the timestamp of the last sync — all of these can be cleared by clicking “Unpair” in the extension popup.
5. Your rights
You can:
- Revoke the API key at any time from the Hailpilot dashboard (Settings → Browser Extension), invalidating the extension's ability to send any further data.
- Click “Unpair” in the extension popup to remove the key from local storage.
- Uninstall the extension at any time.
- Request deletion of data already synchronised to Hailpilot per the Hailpilot main privacy policy.
6. Open source and verifiable
The extension's source code is fully visible — no obfuscation, no minification, no remote code loading, no dynamic imports. The package on the Chrome Web Store is what is running in your browser. All inbound network payloads are schema-validated before they leave the merchant's machine (any unknown field is dropped); all outbound network requests are restricted to an allowlist of three URLs: api.hailpilot.com, api-staging.hailpilot.com, and localhost:8000 for development.
7. Contact
Privacy questions: privacy@hailpilot.com
Extension support: business@hailpilot.com