Unmask
Privacy Policy
Last updated: February 19, 2026
Overview
Unmask is a Chrome extension and website that helps you make better hotel booking decisions by analyzing reviews from Booking.com, Expedia, and Hotels.com using AI. We respect your privacy and are committed to protecting your personal data.
What We Collect
Anonymous users (no account)
When you use Unmask without signing in, the extension stores a randomly generated session ID in your browser's local storage. This ID is used solely to enforce the 3 free analysis limit and is never linked to your identity. It is never transmitted to our servers in a way that could identify you.
Hotel analysis results are cached in our database without any personal identifiers attached.
Authenticated users (signed in)
When you create an account and sign in with Google, we collect and store the following on our servers:
- Account data: your email address, display name, and Google profile avatar
- Credit balance: the number of analyses remaining on your account
- Usage history: a record of which hotel analyses you have run (hotel ID and timestamp), used to prevent duplicate credit charges on cached results
- Payment history: credit pack purchases (pack size, amount, date), received from our payment processor after a successful transaction. We do not store card numbers or payment details.
Local device storage
The extension also stores the following locally on your device only, regardless of sign-in status:
- Hotel analysis results you have viewed (for the Dashboard feature)
- Your authentication tokens (access and refresh tokens for your session)
Support contact
If you contact us for support, we may collect your email address and any information you voluntarily provide.
How We Use Your Information
- To provide and operate the service (analyze hotel reviews, track credit balance)
- To process payments and fulfil credit pack purchases
- To prevent abuse of the free tier
- To respond to support requests
- To improve the service based on aggregate, anonymised usage patterns
We do not use your data for advertising and we do not sell it to third parties.
Third-Party Services
Supabase
We use Supabase (Supabase Inc., US) as our cloud database and authentication backend. User account data, credit balances, usage history, and the shared hotel analysis cache are all stored on Supabase infrastructure. Supabase acts as a data processor on our behalf and is contractually bound to protect your data. See supabase.com/privacy.
Google OAuth
Sign-in is handled via Google OAuth. When you choose to sign in, your browser contacts Google's authentication servers. We receive only your email address and public profile information (name, avatar). We do not receive your Google password. See policies.google.com/privacy.
Stripe
Credit pack purchases are processed by Stripe (Stripe Inc., US). When you purchase credits, you are redirected to a Stripe-hosted checkout page. Stripe handles all payment card data. We never see or store your card number, CVV, or billing address — only a confirmation of the completed payment. See stripe.com/privacy.
Anthropic Claude API
Hotel review text is sent to Anthropic's Claude API for AI analysis. This data consists solely of publicly available review text scraped from the hotel page you are viewing. It is not linked to your identity. See anthropic.com/privacy.
Hotel booking sites
The extension reads publicly available review data from Booking.com, Expedia, and Hotels.com pages you visit. We do not access your accounts or any personal booking information on these sites.
Hosting
Our website is hosted on GitHub Pages. GitHub may log standard web traffic data (IP addresses, browser types) according to their own privacy policy.
Data Sharing
We do not sell your personal information. We share data with third parties only as described in the Third-Party Services section above, or if required by law or legal process.
Cookies & Tracking
We use Google Analytics on our website to understand aggregate traffic patterns (pages visited, session duration). This uses cookies set by Google. We do not use cookies for advertising or cross-site tracking. The extension itself does not use cookies.
You can opt out of Google Analytics tracking at any time via tools.google.com/dlpage/gaoptout.
Data Storage and Control
Local extension data
Hotel analyses and authentication tokens stored locally can be cleared at any time by removing the extension or clearing your browser data.
Account data (authenticated users)
You may request deletion of your account and all associated data (email, usage history, credit balance) by emailing hi@unmask.travel. We will process deletion requests within 30 days. Note that deleting your account forfeits any remaining credits without refund.
Data Security
All data in transit is encrypted over HTTPS. Data at rest is stored on Supabase with row-level security policies, meaning each user can only access their own records. We use short-lived access tokens and refresh tokens for authentication sessions.
Your Rights
Depending on your jurisdiction, you may have rights to access, correct, or delete the personal data we hold about you. To exercise any of these rights, contact us at hi@unmask.travel.
- You can view and clear locally stored data at any time through your browser or by removing the extension
- You can request a copy of the personal data we hold about your account
- You can request deletion of your account and all associated data
Children's Privacy
Unmask is not intended for children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal data from children. If you believe we have inadvertently collected information from a child, please contact us immediately.
Changes to This Policy
We may update this privacy policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. Continued use of the service after changes constitutes acceptance of the updated policy.
Contact
If you have questions about this privacy policy, please contact us at:
Email: hi@unmask.travel