KDP Quick Scout Add to Chrome

Privacy Policy

Last updated: 2026-05-19

Overview

KDP Quick Scout is a Chrome extension and companion website built for self-publishing authors on Amazon Kindle Direct Publishing. The extension scrapes book data from Amazon product pages you actively visit, lets you track those books over time, and optionally runs AI niche analyses through Google's Gemini API.

This policy explains what we collect, why, where it lives, and what you can do with it. We don't sell, share, or rent your data. We don't track you across sites and we don't use cookies on this website. The website does use cookieless, anonymous first-party analytics — see the Analytics section below. The extension itself collects no analytics.

What we collect

  • Page data scraped from Amazon: ASIN, title, author, format (Kindle / Paperback / Mass Market / Hardcover / Audible), prices per format, currency, Best Sellers Rank, sub- category ranks, review count, average rating. Captured only from book pages you actively browse with the extension installed.
  • Account data: when you sign in, we store the email address and (if you sign in with Google) the name and avatar URL Google provides. No password is stored — Supabase Auth handles authentication and credentials.
  • AI analysis history: when you run an analysis, we store the input context (book metadata, recent snapshot history) and the AI-generated output (verdict, market analysis, competitor archetypes, opportunities, pricing strategy) under your account.
  • Operational metadata: timestamps, soft-delete flags on hidden analyses (kept so that rate limits — analyses per hour and per day — cannot be bypassed by deletion), and minimal sync state (last-synced timestamp per tracked book).
  • What we don't collect: clicks, scroll events, session-replay data, cross-site identifiers, persistent device fingerprints, advertising IDs. The extension has no analytics SDK and sends no telemetry. The marketing website uses cookieless, anonymous page-view counting via Vercel Web Analytics — see the Analytics section below.

How we use what we collect

  • To render the data back to you in the extension overlay (Book tab, My Books, Niche Reports, Browse, Compare).
  • To generate AI niche analyses on request, by sending the relevant book context to Google's Gemini API.
  • To enforce per-user AI rate limits (currently 5 analyses per day, 2 per hour per account).
  • To support cloud sync — keeping your tracked books and analyses available across devices.
  • To send transactional email — currently only the email-confirmation message at signup. We do not send marketing email.

Legal basis (EU / UK users)

Under the EU General Data Protection Regulation and UK GDPR, we process your data on these legal bases:

  • Performance of contract: account creation, sign-in, cloud sync, and AI analysis are services you sign up for — we process the data needed to deliver them.
  • Legitimate interest: retaining your AI analysis history so you can review past reports, and counting soft-deleted analyses against rate limits to prevent quota abuse.
  • Consent: cloud sync is opt-in per book — we don't sync anything without you explicitly toggling sync on.

Where data is stored

  • Locally in your browser: tracked-book history and snapshots live in chrome.storage.local, scoped to the extension. Capacity is limited by Chrome (typically 10 MB). Local data never leaves your device unless you opt in to cloud sync per book.
  • Hosted Postgres database (Supabase): synced books, AI analyses, and account profiles. The production database runs in the EU (Frankfurt, Germany). Access is gated by Postgres row-level security — your authenticated identity can only read or modify your own rows.
  • Edge Functions (Supabase / Deno): the analyze-niche server function runs in the same EU region. It calls Google's Gemini API on your behalf.

Third-party sub-processors

We use these vendors to operate the service:

  • Supabase (database, auth, edge functions, transactional email) — data stored in the EU (Frankfurt).
  • Google Cloud / Gemini API (AI analysis processing) — your input context is sent to Google for the duration of the request. Google's API terms govern that round-trip; per Google AI Studio's stated policy at the time of writing, paid-tier API usage is not used to improve their models.
  • Google OAuth 2.0 (sign-in with Google) — Google authenticates you and returns your email/name/avatar to us via Supabase Auth.
  • Cloudflare (DNS hosting for kdpquickscout.com) — handles DNS resolution; receives request metadata standard to any DNS provider.
  • Vercel (this website's hosting + cookieless analytics) — serves the static HTML/CSS and provides Vercel Web Analytics and Vercel Speed Insights. Analytics processing is anonymous: no cookies, no persistent identifiers, IPs derived to country and discarded. See the Analytics section.

Analytics (website only)

The marketing website at kdpquickscout.com uses Vercel Web Analytics and Vercel Speed Insights to count page views and measure page-load performance. Both are cookieless by design:

  • No cookies, localStorage, sessionStorage, or other browser storage is set.
  • No persistent identifier is assigned to you. Unique-visitor counts use a daily-rotating hash, so the same visitor on consecutive days is counted as a new visitor each day — cross-session tracking is structurally impossible.
  • Your IP address is used only to derive an approximate country (e.g. "US") and is then immediately discarded; the IP itself is not stored.
  • Data is aggregated and reported as anonymous counts: page views, top pages, referrers, country, browser type, device type. No personal information is collected, sold, or shared.
  • The Chrome extension itself sends no analytics data — this collection applies only to visits to the marketing website.

The legal basis under EU / UK GDPR is legitimate interest in understanding traffic patterns to a free product, balanced against the minimal, anonymous, cookieless nature of the collection. Because nothing is stored on your device, no ePrivacy / PECR cookie-consent banner is required.

Cookies

This website sets no cookies. Our analytics (Vercel Web Analytics and Speed Insights) is cookieless — see the Analytics section above. The extension uses chrome.storage.local for local state and the same store for Supabase Auth session tokens; no browser cookies are involved. Because there are no non-essential cookies, no consent banner is required under EU ePrivacy / UK PECR rules.

Data retention

  • Tracked-book snapshots stored locally are retained until you remove the book or uninstall the extension.
  • Cloud-synced data is retained while your account is active.
  • AI analyses you "delete" via the Niche Reports tab are soft-deleted — hidden from you but retained for rate-limit accounting. They are permanently purged 30 days after soft-delete or when you delete your account.
  • If you delete your account, all your synced books, analyses, and profile data are permanently removed within 30 days.

Your rights

Wherever you live, you can:

  • Disable cloud sync per book at any time from the My Books tab.
  • Soft-delete AI analyses individually from the Niche Reports tab.
  • Request a full export of your data (JSON), or full account deletion, by emailing the address below.

If you're in the EU/UK, you additionally have the right to:

  • Access the data we hold about you.
  • Correct inaccurate or incomplete data.
  • Object to processing or restrict processing.
  • Lodge a complaint with your local data protection authority.

If you're a California resident, the CCPA gives you similar rights, including:

  • The right to know what personal information we collect and how we use it (this policy answers that).
  • The right to delete your personal information.
  • The right to opt out of any sale or sharing of personal information — note that we do not sell or share your data, so there is nothing to opt out of.

To exercise any of these rights, email support@kdpquickscout.com. We respond within 30 days.

International data transfers

Our database runs in the EU (Frankfurt). Google's Gemini API is US-based; AI analysis requests therefore involve a transfer to the United States for the duration of the request. We rely on Google's Standard Contractual Clauses for that transfer. Authentication via Google OAuth similarly involves Google infrastructure that may process data in the US. No raw text of your tracked book pages is ever sent to Google; only the AI analysis requests are. Vercel's CDN and analytics infrastructure span multiple regions including the United States; the Standard Contractual Clauses included in Vercel's Data Processing Addendum cover any EU-to-US transfer of the anonymous, cookieless analytics data described above.

Children

KDP Quick Scout is intended for self-publishing authors and is not directed at users under 16. We do not knowingly collect personal information from anyone under 16. If you believe a minor has used the service, contact us and we'll remove the account.

Security

All data in transit is encrypted via TLS. Data at rest in Supabase is encrypted via standard AWS / GCP infrastructure controls. Authenticated database access is enforced by row-level security: even with a stolen API key, access is limited to the authenticated user's own rows. The Chrome extension key is sandbox-isolated by Chrome's extension model.

Changes to this policy

We may update this policy as the product evolves. The "Last updated" date at the top reflects the current version. Material changes (new categories of data collected, new sub-processors, changes to your rights) will be announced via the extension's UI or by email at least 14 days before they take effect.

Contact

Questions, requests, or complaints: support@kdpquickscout.com.