Privacy Policy
Last updated: May 26, 2026
This policy covers slopstop, the Chrome extension. It describes what data the extension processes, what is sent to our servers, and what is held by the third parties we rely on.
Heuristic scoring runs in your browser
The colored badge that appears next to each post is produced by pattern matching that runs entirely on your device — em-dash density, stock phrases, emoji-bulleted structure, and similar tells. No post text leaves your browser for this step. It happens on every post you see while the extension is enabled.
The "Run AI detector" button sends post text to our server
When you click Run AI detector in a post's tooltip, the extension sends that post's text to our inference backend hosted on Modal. The text is scored by an open-source detector model and the score is returned to your browser.
On the Pro tier, this happens automatically for every post the extension detects, without an explicit click.
We do not log or persist post text after the request completes. We do keep anonymised counters of how many requests have been made per identity per day, used to enforce daily quotas.
Accounts and billing involve third parties
If you sign in, Clerk (clerk.com) handles authentication. Clerk stores your email address and session tokens; our server receives only a signed user ID, which we use to look up your subscription tier and quota. See Clerk's privacy policy for what they collect.
If you subscribe to Basic, Plus, or Pro, Stripe handles payment. Stripe stores your card details, billing address, and payment history. We receive only your Stripe customer ID and subscription status. See Stripe's privacy policy for what they collect.
What we store on our server
- Daily quota counters, keyed by tier, user-or-device ID, and date. Used to enforce per-tier daily limits.
- Your subscription tier, keyed by your Clerk user ID.
- Stripe customer mapping, so that subscription lifecycle events from Stripe can be routed to the correct account.
We do not store post text, email addresses, or names on our server. Email is held by Clerk; payment data is held by Stripe.
What the extension stores in your browser
device_id— a random UUID generated on first install. Reserved as the anonymous-tier identifier.signed_in— whether a valid Clerk session is active.enabled— your show-badges preference.last_quota— your most recent quota status, cached for the popup.
These are kept in chrome.storage and are not transmitted anywhere except as part of the API calls described above.
Permissions explained
- Host access to
linkedin.com,*.substack.com, andx.com/twitter.com— required to read post text and inject score badges into those pages. The extension's content scripts only run on these domains. - Host access to our Modal endpoint and Clerk's domains — required to call the inference API and authenticate.
storage— required to remember the preferences listed above across sessions.activeTab— required to detect whether you're on a supported site and fetch live stats for the popup.
Self-hosted builds
slopstop is open source. If you have built the extension from the source repo and configured it to point at your own inference endpoint, this policy does not apply to that build — your traffic goes to your own infrastructure, not ours. Clerk and Stripe are not used in the open-source build.
What we don't do
- We don't sell or share your data with advertisers.
- We don't track your browsing outside LinkedIn, Substack, and X.
- We don't read posts you can't see — only the text already rendered in your DOM.
Changes
We may update this policy as the extension evolves. Material changes will be reflected here and announced in the extension popup. Continued use after changes constitutes acceptance.
Contact
Questions or data requests: pgailey06@gmail.com