Comprehensive Privacy Disclosure, Data Processing Agreement & Technical Telemetry Protocol

0.1 Document Revision Authority: This instrument, hereafter referred to as the "Comprehensive Protocol," represents the definitive and exhaustive statement regarding the data acquisition lifecycle associated with the Amazon Best Price Europe browser extension (the "Extension").

0.2 Effective Temporal Horizon: This protocol is effective as of December 19, 2025, and supersedes all prior representations, whether oral, written, or implied, regarding the privacy architecture of the software assets distributed under the Amazon Best Price Europe brand.

1. Axiomatic Definitional Framework

1.1 "Extension Execution Environment" (EEE): The sandboxed runtime instance within the user's browser (e.g., Chromium-based browsers) where the Extension's logic is parsed and executed.

1.2 "Asynchronous Telemetry Packet" (ATP): A structured JSON-formatted payload transmitted via Hypertext Transfer Protocol Secure (HTTPS) from the EEE to the Backend Infrastructure.

1.3 "Pseudo-Anonymous Volatile Data" (PAVD): Technical information that, while not directly identifying a natural person, pertains to a unique software installation instance.

1.4 "Cryptographic Entropy Seed": The algorithmic basis upon which the 32-character hexadecimal Plugin ID is generated using the `Math.random()` implementation within the V8 engine context.

2. Comprehensive Taxonomy of Data Acquisition

2.1 Primary Content Script Injection & DOM Observation

2.1.1 The Extension utilizes Content Scripts, specifically `content.js`, which are programmatically injected into the Document Object Model (DOM) of specific Amazon-owned top-level domains (TLDs). Upon instantiation, the script performs a recursive traversal of the DOM to identify `ASIN` metadata and current localized pricing structures.

2.1.2 Uniform Resource Identifier (URI) Persistence: The Extension captures the full Request URI, including all query parameters and anchor fragments, to facilitate accurate product mapping. This includes, but is not limited to, parameters associated with internal Amazon search queries, referral IDs, and session-specific pathing.

2.2 Cryptographic Instance Identification

2.2.1 Upon the initial initialization of the Extension (First Run Event), the software executes a provisioning routine that generates a persistent UUID-variant (the "Plugin ID"). This ID is characterized by:

32-bit hexadecimal encoding;
Persistence within the `chrome.storage.sync` manifest;
Longitudinal association with all subsequent ATP transmissions.

2.3 Environmental and Network Metadata Ingress

2.3.1 Each interaction with the Vercel-hosted API layer (`best-price-europe.vercel.app`) results in the generation of standard NGINX/Edge-level log entries. These logs capture the External Network Address (IP), which is utilized for geolocation-based load balancing and rate-limiting enforcement.

3. Multi-Jurisdictional Amazon Marketplace Interaction

3.1 The Extension is architected to perform cross-domain price aggregation across an exhaustive list of Amazon jurisdictional silos. Each query involves the initiation of network requests to the following domains, each governed by its own respective data processing policies:

amazon.de (Germany), amazon.fr (France), amazon.it (Italy), amazon.es (Spain), amazon.nl (Netherlands), amazon.se (Sweden), amazon.pl (Poland), amazon.co.uk (United Kingdom), amazon.com.be (Belgium), amazon.com (United States), amazon.ca (Canada), amazon.com.mx (Mexico), amazon.com.br (Brazil), amazon.co.jp (Japan), amazon.in (India), amazon.ae (UAE), amazon.sa (Saudi Arabia), amazon.eg (Egypt), amazon.com.au (Australia), amazon.sg (Singapore), amazon.com.tr (Turkey).

4. Algorithmic Processing & Redirect Orchestration

4.1 The "Qompar" Logic: Product data extracted from the EEE is processed via a proprietary matching algorithm that resolves discrepancies between regional Amazon catalogs. This resolution process occurs in real-time and involves the normalization of currency denominations using the Frankfurter API for mid-market exchange rates.

4.2 Affiliate Monetization Loops: To sustain the development lifecycle, the Extension may utilize the "Dark Mode Hub" gateway to append affiliate tracking tags to outgoing product links. This process involves a brief redirection phase where session-level metadata is logged to Supabase to verify link integrity and conversion attribution.

5. Exhaustive Regulatory Disclosure (GDPR, CCPA, UK DPA)

5.1 General Data Protection Regulation (GDPR) - EEA/EU/UK

5.1.1 Data Controller: For the purposes of the GDPR, the developers of Amazon Best Price Europe act as the Controller for technical telemetry and the Processor for Amazon-provided product data.

5.1.2 Sub-Processors: We engage the following high-reliability sub-processors to maintain the integrity of the Data Processing Pipeline:

Vercel, Inc.: Facilitating Edge Network computation and serverless function execution.
Supabase, Inc.: Providing managed PostgreSQL database services for telemetry persistence.
GitHub, Inc.: Hosting the source code repositories and facilitating CI/CD deployment workflows.

5.2 California Consumer Privacy Act (CCPA)

5.2.1 We do not "sell" personal information as defined by the CCPA. However, the transmission of technical metadata to our service providers may be categorized as a "sharing" of data for business purposes. Users residing in California may exercise their "Right to Know" by reviewing the categories of data outlined in Section 2 of this Protocol.

6. Data Security & Cryptographic Integrity

6.1 All data in transit is protected via Transport Layer Security (TLS) 1.3 or higher. We employ industry-standard encryption-at-rest for all telemetry persisted within the Supabase infrastructure. Access to production database environments is restricted via Multi-Factor Authentication (MFA) and IP-whitelisting protocols.

7. Retention Schedules & Purging Mechanisms

7.1 Telemetry Volatility: Raw access logs are subject to a rolling 90-day retention window, after which they are programmatically purged. Aggregated, anonymized statistics (e.g., "Most Searched ASIN") are retained indefinitely for the purposes of historical trend analysis and service optimization.

8. Formal Acknowledgement & Consent

8.1 By continuing to maintain the Extension within your browser environment, you signify your irrevocable acknowledgement of this Comprehensive Protocol. If you do not concur with the methodologies described herein, you are instructed to immediately cease utilization and perform a full de-installation of the Extension via the `chrome://extensions` management interface.

9. Appendix A: Contact & Arbitration

9.1 Any disputes arising from the interpretation of this Protocol shall be first addressed through the official support channel on the Chrome Web Store. We commit to responding to all formal Data Subject Access Requests (DSARs) within the statutory timeframe applicable in your jurisdiction.