Privacy Policy — Zomato Spend Tracker (Unofficial)
Privacy Policy — Zomato Spend Tracker (Unofficial)
# Privacy Policy — Zomato Spend Tracker (Unofficial)
**Last updated:** June 16, 2026
Zomato Spend Tracker (the "Extension") is an independent, unofficial browser
extension. It is **not affiliated with, endorsed by, or sponsored by Zomato**.
"Zomato" is a trademark of its respective owner.
This policy explains exactly what the Extension does with your data. The short
version: **everything happens locally on your device, and nothing is ever sent
to the developer or any third party.**
## What the Extension does
When you open the Extension on `www.zomato.com` while signed in, it:
1. Reads your existing `zomato.com` session cookies (including the CSRF token)
from your browser to authenticate as you.
2. Calls Zomato's own order-history endpoint
(`https://www.zomato.com/webroutes/user/orders`) using your existing session,
exactly as your browser would when you view your orders.
3. Adds up the order totals and shows you the sum for your chosen date range
(All Time, This Year, or This Month).
## Data the Extension accesses
- **Authentication cookies for zomato.com** — read locally and used only to make
the authenticated request to Zomato on your behalf. They are **not** copied,
stored, or transmitted anywhere by the Extension.
- **Your Zomato order information** — order amounts and dates returned by
Zomato's endpoint. These are processed in your browser to compute a total.
## Data the Extension stores
The Extension stores the following **only on your device**, using the browser's
`chrome.storage` API:
- Your selected date range preference (`chrome.storage.sync`).
- A cached copy of the computed spending total and pagination progress
(`chrome.storage.local`), so results persist between popup opens and survive
the background service worker restarting.
You can clear this at any time by removing the Extension or clearing its storage.
## Data the Extension does NOT do
- It does **not** send your data to the developer.
- It does **not** send your data to any third party or external server.
- It does **not** include any analytics, tracking, advertising, or telemetry.
- It does **not** sell or share your data with anyone.
- The only network requests it makes are to `www.zomato.com` — the same service
you are already signed in to.
## Permissions
- **storage** — to save your date-range preference and cache your computed total
locally on your device.
- **cookies** — to read your existing zomato.com session cookies locally so it
can request your order history as the signed-in user.
- **host access to `*://*.zomato.com/*`** — the Extension works only on Zomato;
it needs access to fetch your order history and detect sign-in status. It
requests no access to any other website.
## Children's privacy
The Extension is a general-purpose utility and is not directed at children. It
collects no personal data on any server.
## Changes to this policy
If this policy changes, the "Last updated" date above will be revised, and the
updated policy will be published at the same URL.
## Contact
For questions or issues, please open an issue at:
<https://github.com/harshnitk17/zomato-spending-calculator/issues>
---
## How to host this policy (required for store submission)
The Chrome Web Store requires a publicly reachable **privacy policy URL**. Easy
options:
- **GitHub Pages:** enable Pages for the repository (Settings → Pages → deploy
from the `main` branch / root). This file will then be served at, e.g.,
`https://harshnitk17.github.io/zomato-spending-calculator/PRIVACY_POLICY`
(GitHub renders Markdown). Paste that URL into the dashboard's "Privacy policy
URL" field.
- **GitHub raw / Gist:** paste the contents into a public Gist and use its URL.
- **Any static host** (Netlify, Vercel, your own site) works too — just make
sure the URL is publicly accessible without login.