Privacy Policy — How We Protect Your Data

This Privacy Policy explains how onHover collects, uses, and protects your information when you use our extension and website.

Privacy is not an afterthought for us. onHover runs primarily as a browser extension, which means most of its operations happen locally in your browser. We have deliberately designed the extension to minimize data transmission — your inspection sessions, screenshots, color picks, and design work stay on your device and are never sent to our servers.

Account data: name, email address, and password (hashed) when you register.

License data: a device fingerprint used to enforce one license per device.

Payment data: processed by Paddle. We receive transaction metadata (plan, amount, status) but do not store card details.

Usage data: basic logs (IP address, timestamps, error reports) to operate and improve the Service.

We use the information we collect to provide and maintain the Service, authenticate your identity when you sign in, validate that your license is active on the correct device, process payments through Paddle, and send transactional emails such as purchase receipts and password reset links.

We also use usage logs to identify and fix bugs, monitor service stability, and prevent unauthorized access. We do not use your information to build advertising profiles or share it with ad networks of any kind. Every data point we collect serves a direct operational purpose.

onHover does not track your browsing history. Inspection, color picking, screenshots, and other extension features run locally in your browser. Page contents you inspect are not transmitted to our servers.

We share data only with service providers necessary to operate the Service (e.g. Paddle for payments, hosting providers, email delivery). We do not sell your personal information.

When you use the "Open in CodePen" feature, the HTML and CSS of the inspected element is submitted to codepen.io to create a pen — this is user-initiated and subject to CodePen's privacy policy.

When you use the SiteStack tool, the domain you are inspecting is queried against rdap.org to retrieve public registration data.

We retain account and license data while your account is active and as needed for legal, tax, and accounting purposes. You can request deletion at any time.

We use industry-standard measures to protect your data, including encryption in transit, hashed passwords, and access controls. No system is completely secure; use the Service at your own risk.

Depending on your jurisdiction, you may have the right to access, correct, export, or delete your personal data. If you are located in the European Economic Area, you also have the right to object to certain processing activities and to lodge a complaint with your local data protection authority.

To exercise any of these rights, email us at [email protected]. We will respond within 30 days. For deletion requests, note that we may retain certain transaction records as required by applicable tax and accounting regulations, but all personal identifiers will be removed.

Our website uses essential cookies and local storage to keep you logged in. We do not use third-party advertising or tracking cookies.

onHover is not directed at children under 13, and we do not knowingly collect data from them.

We may update this policy. Material changes will be communicated via the Service or by email.

Privacy questions? Email [email protected]. We take privacy inquiries seriously and aim to respond within 5 business days. If you have a concern about how your data has been handled, please include as much detail as possible so we can investigate and respond appropriately.