Skip to content
Robnu
Legal

Chrome extension agreement

What the Robnu Chrome extension does, why it needs each permission, and what it does not do.

Contact legal

Last updated: 1 May 2026

This page explains, in plain English, what the Robnu Chrome extension does, why it needs each permission it requests, and what it does not do. It applies in addition to the Privacy Policy and the Terms of Service.

Single purpose

The Robnu Chrome extension exists for a single purpose: to securely connect your marketplace seller-central account to your Robnu account so Robnu can manage orders, shipments, returns, and payouts on your behalf. It does this by reading a short-lived session token from the marketplace seller-central page when you are signed in, and sending that token over HTTPS to api.robnu.com.

Permissions and why we need them

  • storage — to remember which Robnu account this browser is connected to and to cache a minimal connection state locally (no marketplace tokens are kept in extension storage).
  • activeTab — to interact with the marketplace seller-central tab only when you click the Robnu icon. We do not read other tabs or your browsing history.
  • scripting — to run a small content script on the marketplace seller-central origin that reads the session token from window.localStorage when you have explicitly initiated a connection. The script runs only on the listed host permissions below.
  • tabs — to detect when you are on the marketplace seller-central origin so the extension icon can show the correct connection state. We do not read tab URLs outside the listed host permissions.
  • Host permissions for seller.ajio.com (and additional marketplaces as we support them) — required to read the session token from the seller-central page when you are signed in. Without this, the extension cannot perform its single purpose.

What the extension does not do

  • It does not read or store your marketplace password.
  • It does not modify the content of marketplace pages.
  • It does not inject ads, tracking pixels, or analytics scripts.
  • It does not track your browsing history.
  • It does not transmit data to any server other than api.robnu.com.
  • It does not access cookies or storage on origins outside its host permissions.

How tokens are handled

Marketplace session tokens captured by the extension are transmitted over HTTPS directly to api.robnu.com, encrypted at rest using a per-seller AWS KMS Data Encryption Key, and never written to disk in plaintext. Tokens carry a short TTL — typically five minutes — and are refreshed via a Postgres advisory-locked refresh routine.

Disconnecting

You can disconnect at any time from the extension popup or from the Robnu web dashboard. On disconnect, all tokens for that connection are cryptographically erased within five minutes. Uninstalling the extension also revokes its access.

Chrome Web Store policy compliance

The extension complies with the Chrome Web Store Developer Program Policies including the Limited Use requirements: data captured by the extension is used only to provide the user-facing features described above; it is not sold, used for advertising, or used to determine creditworthiness. Manifest version 3.

build 547000c1ac5d3ea9cb039864711ed788f9948b69 · 2026-06-12T02:03:58+05:30