How we keep your data and account safe.

Account & sign-in

• Sign-in is handled through Google OAuth — we never see your password.
• Sessions are signed and scoped to your account. Sign out from any device clears all sessions.
• You can review and revoke active sessions from Account → Security.

Data in transit and at rest

• All traffic between your browser and our servers runs over HTTPS.
• Data on our servers lives in a managed database with daily backups.
• We do not store payment card numbers — payments are handled by a third-party payment processor.

Permissions the extension requests

The Chrome extension requests only the permissions it needs to read auction listings (Copart and IAAI sites) and persist your data locally. We don’t read other tabs, your browsing history, or any data outside the auction sites you actively visit.

Reporting a vulnerability

If you’ve found a security issue, email auctionmatepro@gmail.com with details. We aim to acknowledge within a week. We don’t run a paid bug bounty yet, but we credit responsible disclosure publicly when permitted.