Viac
    Registrácia
    Domov / # Privacy Policy - "drevko Support" Chrome extension

    # Privacy Policy - "drevko Support" Chrome extension

    # Privacy Policy — "drevko Support" Chrome extension

    _Last updated: 2026-06-26_

    The **drevko Support** browser extension is an internal tool for DREVKO s.r.o. customer-
    support staff. It helps an agent draft a reply to a customer e-mail inside the Roundcube
    webmail. **A human always reviews and sends every reply — the extension never sends e-mail.**

    ## What the extension accesses
    On the Roundcube webmail page (`https://webmail.myshoptet.com`) the extension reads the
    **identifiers of the currently open message**: the mailbox/account e-mail address, the
    folder, the IMAP UID and the Message-ID. It also stores, **only inside the browser**:
    - the agent's **API token** (in the extension's service worker / `chrome.storage.local`);
    - a small **local cache** of the drafts/translations it has shown, to avoid re-charging.

    The extension does **not** read or transmit message bodies from the browser. The message
    content is fetched **server-side** by drevko's own backend (read-only IMAP) — not by the
    extension.

    ## What is sent, and where
    The extension sends **only** the message identifiers above (plus an optional style hint)
    to drevko's own backend at **`https://support-api.drevko.eu`** over HTTPS, authenticated by
    the agent's token. The backend re-fetches the message, **redacts personal data**, asks the
    AI model for a draft/translation, and returns it. No data is sent anywhere else.

    ## What it does NOT do
    - ❌ Never sends, deletes, moves or flags e-mail.
    - ❌ No third-party services, no analytics, no tracking, no advertising.
    - ❌ Does not sell or share data; does not build user profiles.
    - ❌ No remote code execution.

    ## Processing, sub-processors, retention
    All processing happens on drevko's **EU backend**. The AI sub-processor (OpenAI) receives
    **only redacted, minimal context** server-side, under a Data Processing Agreement. Drafts
    and audit records are kept on the backend per drevko's retention policy; see the project's
    Data Protection Impact Assessment (`docs/DPIA.md`). The browser-side cache is removed when
    the extension is removed, or by clearing the extension's storage.

    ## Data categories (Chrome Web Store disclosure)
    - **Authentication information** — the agent's API token (app functionality only).
    - **Website content** — the open-message identifiers used to request a draft (app
    functionality only).

    These are used **solely** to provide the extension's single purpose. They are **not** sold,
    **not** used for purposes unrelated to the extension, and **not** used for creditworthiness
    or lending.

    ## Contact
    DREVKO s.r.o. - info@drevko.sk