Privacy policy

Last updated: 2026-05-23

Summary

Reading reactions is fully anonymous — no account, no email, no identifier of any kind is required to see counts. To submit your own reaction you sign in once with your email; we send a one-time code, verify it, and immediately discard the email. Only an irreversible salted hash of the lowercased email is persisted as your account identifier. You can delete that record at any time from the extension settings.

For the plain-English reasoning behind this choice — and why a device ID or a "Sign in with Google" button would have made the reaction counts less trustworthy — see Why Better Likes asks for an email.

What we collect

• Your email address — only transiently. When you sign in, your email is sent over TLS to our server, used to deliver a one-time code, and then discarded. It is never written to a database. The only long-lived value derived from it is an irreversible salted hash (sha256(server_salt || lowercase(email))), which becomes your account identifier.
• The reactions you submit and the public target you reacted to (e.g. a Facebook post URL or a GitHub repo). Aggregate counts are kept indefinitely; per-user reaction records are kept long enough to prevent double-voting and are then deleted.
• A short-lived session token stored only in your extension's local storage. Signed by us, valid for 30 days. Lets you react without re-entering a code each time.
• A salted, day-rotated hash of your IP address — used only to rate-limit abuse against the OTP request, report, and read endpoints. The hash is irreversible and rotates every UTC midnight.

What we do not collect

• No real name.
• No persisted email. Your raw email exists in memory only long enough to send the one-time code, then it is discarded. The long-lived value is an irreversible hash.
• No raw IP address.
• No browser fingerprint, hardware identifiers, or device signals of any kind.
• No tracking cookies, analytics pixels, or third-party marketing SDKs.
• No data from pages you visit that you have not explicitly reacted to.
• No password. We deliberately don't operate a password database — the one-time code is the authenticator.

Where data lives

• Your account record and reactions are stored in a managed database, encrypted at rest, located in either the EU or the US depending on the region you were assigned at sign-in.
• Short-lived items — the one-time sign-in code, replay-protection tokens, and per-email lockout markers — live only in ephemeral edge storage that auto-deletes them within minutes. They are never written to the long-term database.
• All traffic between your browser and our servers is encrypted in transit.
• Aggregate per-target counts are kept indefinitely so the extension can keep displaying them. Your per-user reaction record is kept only long enough to prevent double-voting and is then deleted. Deleting your account removes everything immediately and adjusts the aggregate counters accordingly.

Subprocessors

We rely on a small number of third-party providers, each acting as a data processor under GDPR and similar regimes:

• Cloudflare — infrastructure provider for our backend services and this site.
• Neon — managed database provider for the data we persist.
• Resend — transactional email delivery for the one-time sign-in code. Your email passes through their systems exactly once per sign-in and is not retained for any other purpose.

We will update this list before adding a new subprocessor, and the change will be reflected on this page.

International data transfers

Cloudflare and Resend are US-headquartered and may route or process data on US infrastructure. Neon stores the long-lived database in the EU or the US region you were assigned at sign-in. Where personal data originating in the EEA, UK, or Switzerland is transferred outside those regions, the transfer relies on the European Commission's Standard Contractual Clauses (and the UK Addendum / Swiss equivalents where applicable) in our agreements with those providers. The data we transfer is minimal — chiefly the salted-hash account identifier, your reaction records, and, transiently, your email at the moment a sign-in code is sent.

Security

All traffic between your browser and our servers is encrypted in transit with TLS 1.2 or higher. Long-lived account data is encrypted at rest by the managed database provider. Personal identifiers we keep are irreversible salted hashes, not raw values. Sign-in codes and rate-limit markers live only in ephemeral edge storage that auto-expires within minutes. We do not run a password database, so there is no password store to leak. Source code for the extension is open and auditable on GitHub.

That said, no method of transmission over the internet or method of electronic storage is 100% secure. While we use commercially reasonable measures to protect the limited data we hold, we cannot guarantee absolute security. If we become aware of a security incident affecting your personal data, we will notify the relevant supervisory authority within 72 hours where required by law, and notify affected users directly when the incident is likely to result in a high risk to their rights and freedoms.

Marketing communications

We do not send marketing emails, newsletters, product announcements, or promotional content. The only message you will ever receive from Better Likes at the email you sign in with is a one-time sign-in code, sent at the moment you ask for one. There is nothing to opt out of because there is nothing to opt into.

Legal bases for processing (GDPR)

For users in the EEA, UK, and Switzerland, the legal bases under Article 6 GDPR are:

• Performance of a contract (Art. 6(1)(b)) — processing your hashed account identifier, your reactions, and your session token so we can deliver the signed-in features you asked for.
• Legitimate interest (Art. 6(1)(f)) — short-lived, day-rotated salted hashes of IP addresses, OTP delivery, and per-email lockout counters, used to keep the service available and resistant to abuse. We have weighed these interests against your rights and consider the hashed, ephemeral nature of the data proportionate.
• Consent (Art. 6(1)(a)) — implicit in initiating the OTP sign-in flow with your email address, which is used once to deliver the code and is not retained.

Automated decision-making

We do not make decisions about you using solely automated means that produce legal or similarly significant effects. Rate limits and anti-abuse checks are technical safeguards on the API, not profiling.

Your rights

You can permanently delete your account and all data we hold about you from the extension settings ("Delete account"). Deletion is immediate: your user row is removed, your reaction records are removed, and the aggregate counters for every reaction you previously submitted are decremented by one. We do not queue, review, or delay erasure requests.

Because we don't store the raw email — only its salted hash — we can only locate your record when you authenticate with the same email. We cannot enumerate accounts by email, and neither can anyone else who gains read access to our database.

In addition to deletion, you have the rights of access, rectification, restriction, portability, and objection over the limited data we hold. Because we don't retain raw identifiers, an access request typically resolves to a confirmation that the hash of the address you authenticate with is (or is not) on file, along with the reactions associated with it. If you believe we are processing your data unlawfully, you have the right to lodge a complaint with your local data protection supervisory authority. California residents have additional rights under the CCPA, including the right to know, the right to delete, and the right to opt out of sale or sharing — we do not sell or share personal information for cross-context behavioural advertising and never have.

Acceptable use

The rules that apply to signed-in accounts and to API callers — one account per person, no automation, no circumvention of anti-abuse measures, no reactions on illegal targets — live on the acceptable use policy page.

Children

Better Likes is not directed at children under 13. We do not knowingly collect data from children.

Contact

For privacy questions or formal requests under GDPR, the UK GDPR, the CCPA, or similar regimes, open an issue on GitHub with the "privacy" label, or use the extension's Report tab and include the word "privacy" in the message. Both routes reach the maintainer; we do not operate a separate legal-inquiries inbox.

Changes

We may revise this policy from time to time. The "Last updated" date at the top of this page reflects the most recent change. If a change materially affects what we collect, how we use it, or who processes it, we will surface a notice in the extension settings on next launch. Your continued use of the extension after that point counts as acceptance of the revised policy; if you disagree, you can delete your account from the extension settings in one click.

A note on the numbers

Every reaction here is a real vote from a verified person. Read the counts as the voice of the people who showed up — not as a measure of those who didn't.