Privacy Policy — CheckGuincho Chrome Extension
Política de Privacidade — Extensão CheckGuincho para Chrome
Last updated / Última atualização: 30 de abril de 2026 · Extension version: 2.0.0
PROMINENT DISCLOSURE — DATA COLLECTION NOTICE
This extension reads and transmits the following data when you click the import button:
| Data collected | Purpose | Sent to | Stored by extension? |
|---|
| Service request number (protocol ID) | Import service order into CheckGuincho | Your company's CheckGuincho server | No |
| Vehicle plate number | Import service order; auto-fill plate field | Your company's CheckGuincho server | No |
| Vehicle make, model, type | Import service order | Your company's CheckGuincho server | No |
| Origin & destination addresses (street, city, state, ZIP, GPS coordinates) | Import service order | Your company's CheckGuincho server | No |
| Customer name, phone, CPF/CNPJ | Import service order | Your company's CheckGuincho server | No |
| Service value, insurance/coverage code, notes | Import service order | Your company's CheckGuincho server | No |
| Authentication token (JWT) — entered manually by you | Authenticate API requests | Your company's CheckGuincho server | Yes — chrome.storage.local (device only) |
| API URL — entered manually by you | Identify your CheckGuincho server | Not transmitted | Yes — chrome.storage.local (device only) |
This extension does NOT:
- Collect data in the background
- Send data to any server you did not configure
- Share data with advertisers or analytics services
- Sell your data — ever
- Track your browsing history
- Access any website other than WebPrestador and Veniti
Data flow summary:
- You open a service request on WebPrestador or Veniti
- You click the import button in the extension
- Extension reads the page fields
- Data is sent via HTTPS to YOUR CheckGuincho server
- Extension discards the data from memory immediately
1. Who We Are / Identificação
This Privacy Policy applies to the Chrome extension "CheckGuincho — Importador WebPrestador" published on the Chrome Web Store. The data controller is CheckGuincho, a management platform for towing and vehicle assistance companies, operated by a Brazilian legal entity.
- Privacy contact: suporte@checkguincho.com.br — subject: [Privacy - Chrome Extension]
- Website: https://appcheckguincho.com
- This policy URL: https://appcheckguincho.com/extension-privacy-policy
- Response time: Up to 5 business days
2. Single Purpose / Finalidade Única
This extension has a single, limited purpose: to import service requests (ordens de serviço) from the WebPrestador (app.webprestador.com.br) and Veniti (veniti.com.br) portals directly into the user's CheckGuincho system, eliminating manual data entry. As an auxiliary feature, the extension can auto-fill the vehicle plate field on the WebPrestador portal during vehicle arrival registration.
The extension does not track behavior, show ads, or analyze browsing patterns.
3. Data Collection / Coleta de Dados
All data collection occurs only upon explicit user action (clicking the import button). No data is collected in the background or automatically.
3.1 — Service Request Data (read from portal pages)
This data belongs to third parties (vehicle owners and service requesters) and is read from the WebPrestador or Veniti portal pages. It is personal data as defined by LGPD (Lei nº 13.709/2018).
- Protocol number / service request identifier
- Vehicle plate number (full and prefix)
- Vehicle make, model, and type
- Origin and destination addresses (street, number, neighborhood, city, state, ZIP code)
- GPS coordinates (latitude/longitude), when available on the portal page
- Customer or beneficiary's name, phone number, and document number (CPF/CNPJ)
- Service value, coverage type (insurance/private pay), coverage code
- Notes and observations from the service request
How collected: Read from the HTML of the portal page at the moment of import. Collection occurs only upon explicit user action — never in the background.
3.2 — Authentication Token JWT (entered manually)
- JWT token generated by the CheckGuincho platform upon login
- Base URL of your company's CheckGuincho API
How collected: Voluntarily entered by the operator in the extension's settings screen. Stored in chrome.storage.local on the user's device. Not transmitted to any server other than the CheckGuincho API you configured.
3.3 — Extension Preferences
- Default portal selected (WebPrestador or Veniti)
- Other extension interface preferences
How collected: Set by the user in the extension settings. Stored locally in chrome.storage.local. Never transmitted.
Data the extension does NOT collect:
- Browsing history on any site other than WebPrestador and Veniti
- Passwords or login credentials for partner portals
- Cookies or session tokens from partner portals
- Banking or payment card data
- Personal data of the operator (name, CPF, personal email)
- Geolocation of the operator's device
- Data from any website other than app.webprestador.com.br and veniti.com.br
- Screen captures or recordings
- Usage telemetry, click statistics, or error reporting
- IP address, device identifiers, or browser fingerprints
4. How We Use Your Data / Uso dos Dados
Each category of data is used solely for the purpose for which it was collected:
- Service Request Data: Used exclusively to create the service order in the CheckGuincho system of the operator's company. The data is processed in the browser's memory for a fraction of a second and is discarded from memory immediately after transmission. It is not used for analytics, profiling, advertising, or any other purpose.
- JWT Token and API URL: Used exclusively to authenticate API requests sent to the CheckGuincho server. Read from storage at the moment of each import request and used solely for that purpose.
- Plate Auto-fill (WebPrestador only): The plate number read from one page is injected into a form field on another page of the same portal. This operation is entirely local within browser tabs — no data is sent to any server.
Legal basis (LGPD): Legitimate interest of the company in optimizing operational processes (Art. 7, IX, LGPD) and contract execution with the CheckGuincho platform (Art. 7, V, LGPD).
5. Storage and Retention / Armazenamento e Retenção
| Data | Where stored | Retention period | How to delete |
|---|
| Service request data | Browser memory only (temporary) | Discarded after transmission (seconds) | Automatic — not stored by extension |
| JWT authentication token | chrome.storage.local (device only) | Up to 30 days, logout, or uninstall | Log out in the extension or uninstall it |
| API URL | chrome.storage.local (device only) | Until uninstall | Uninstall the extension |
| Extension preferences | chrome.storage.local (device only) | Until uninstall | Uninstall the extension |
| Service request data (after import) | CheckGuincho server (company database) | Per company's contract with CheckGuincho | Request deletion from the company administrator |
chrome.storage.local is isolated per extension — no other website or installed extension has access to the stored data. To remove all local data: Chrome → Extensions → CheckGuincho → Details → Clear data, or uninstall the extension.
6. Data Sharing / Compartilhamento de Dados
Data accessed by the extension is shared only with the following parties:
✅ CheckGuincho Platform (your company's configured server)
- Data transmitted: Service request data (Section 3.1) + JWT token (as HTTP authorization header)
- Purpose: Create the service order / dispatch in the company's CheckGuincho system
- Protocol: HTTPS / TLS 1.2+ (encrypted in transit)
- Control: The user configures the destination endpoint; the extension does not choose where data goes
🔄 Replit, Inc. (infrastructure sub-processor)
- Role: Cloud hosting provider for the CheckGuincho platform
- Data: Service request data in transit and at rest on servers
- Location: United States, with encryption at rest
- Basis: Service agreement between CheckGuincho and Replit (sub-processing)
🔄 WebPrestador / Veniti portals — read-only and form automation
- Interaction: The extension reads the DOM of portal pages and fills form fields
- Data sent to these servers: No additional data is sent by the extension. The plate auto-fill is a local browser operation with no server communication
The extension does NOT share data with:
- Advertising networks, advertisers, or sponsors
- Behavioral analytics platforms (Google Analytics, Meta Pixel, Amplitude, Mixpanel, etc.)
- Data brokers, aggregators, or data resellers
- Any third party for commercial, marketing, or research purposes
- Other users or other companies on the CheckGuincho platform
CheckGuincho does NOT sell user data. Ever. To anyone.
7. Third-Party Data Subjects / Dados de Terceiros
The service request data processed by this extension includes personal data of third parties — namely, the vehicle owners or service requesters (not the operator using the extension). This data is:
- Already present on the WebPrestador / Veniti portal pages before the extension accesses it
- Processed solely to transfer the service order to the company's own system
- Subject to the company's own data protection obligations under LGPD
- Not used by CheckGuincho for any purpose other than storing the service record for the company
The company using CheckGuincho (the operator's employer) is the data controller for third-party data. CheckGuincho acts as a data processor for such data as defined by Art. 39 of LGPD.
8. Permissions and Justification / Permissões e Justificativa
storage
Stores the JWT token and API URL in chrome.storage.local. Without this permission, the user would need to re-enter the token on every use. Scope is isolated per extension.
host_permissions: *://app.webprestador.com.br/*
Allows the content script to read the DOM of WebPrestador pages and fill in the plate field. Required for the primary import functionality. Restricted exclusively to this domain.
host_permissions: *://veniti.com.br/* and *://*.veniti.com.br/*
Same purpose as above, for the Veniti portal. Restricted to the veniti.com.br domain and its subdomains.
This extension does NOT request: tabs, history, cookies, webRequest, webNavigation, or unrestricted access to all websites (<all_urls>).
9. Security / Segurança dos Dados
- Local processing: Data extraction and payload creation happen entirely in the browser, with no intermediate server.
- Encrypted transmission: All communication with the CheckGuincho API uses HTTPS / TLS 1.2+.
- No extension backend: The extension has no server of its own. The only server contacted is the one configured by the user.
- No background collection: The content script is activated only when the user visits authorized domains and only upon user action.
- Storage isolation:
chrome.storage.local is compartmentalized — other websites and extensions cannot access stored data.
10. User Rights / Direitos do Usuário (LGPD)
- Access: View local data via Chrome DevTools → Application → chrome.storage.local.
- Correction: Update the token or URL in the extension settings at any time.
- Deletion: Remove all local data by logging out or uninstalling the extension. For data on the CheckGuincho server, contact your company administrator.
- Portability: Imported service orders are accessible in your company's CheckGuincho platform.
- Withdrawal: Uninstall the extension at any time, with no justification required.
- Complaint to ANPD: Users may contact Brazil's National Data Protection Authority (gov.br/anpd).
To exercise any right: suporte@checkguincho.com.br — subject: [Privacy - Chrome Extension].
11. Minors / Uso por Menores
This extension is intended exclusively for professional adult operators of towing and vehicle assistance companies. We do not knowingly collect data from persons under 18 years of age. If you believe that data from a minor was inadvertently processed, please contact us for immediate deletion.
12. Changes to This Policy / Alterações
This policy may be updated to reflect changes in the extension, applicable law, or Chrome Web Store requirements. The "Last updated" date will be revised with each change. For significant changes to data handling, users will be notified via an update published on the Chrome Web Store. Continued use after publication of changes implies acceptance of the updated version.
13. Contact / Contato
- Email: suporte@checkguincho.com.br
- Subject: [Privacy - Chrome Extension]
- Response time: Up to 5 business days
- This policy URL: https://appcheckguincho.com/extension-privacy-policy