Chrome Web Store submission copy

Copy each block into the matching field in the Developer Dashboard (Privacy, permissions, test instructions). Set Remote code to No unless you change the extension to load external JS. Privacy policy URL must match production: https://www.tradelo.in/privacy

Tradelo AI has one purpose: to show regime-aware trading analysis, signals, and related overlays on supported stock and crypto chart pages the user chooses to open (such as Groww, TradingView, Chartmini, and Indstocks), using declared host access only to read chart context and fetch market and news data needed for that analysis. It does not replace the broker, execute trades, or change unrelated websites.

activeTab limits access to the user's current tab when they engage the extension (for example via the toolbar), so the extension can respond to the chart they are viewing without broad passive access beyond the hosts already declared in the manifest. This follows Chrome's recommended pattern for user-initiated, least-privilege behavior alongside our explicit content-script hosts.

storage is used only to save user preferences and local state required for the extension to work: UI language, voice settings, trial timing, subscription sync fields (account email and entitlement summary from your web account), cached subscription summary, latest signal summary for the popup, strategy/risk preferences, and optional user-exported analytics datasets. No passwords from the website are stored in the extension.

alarms are used in the service worker to keep scheduled wake-ups (for example a short periodic alarm) so background tasks such as refreshing cached quotes or keeping time-based logic consistent can run reliably under Manifest V3 service worker lifetime limits. Alarms are not used for advertising or unrelated background tracking.

Host permissions match the sites the extension is built for. (1) Supported brokers/chart sites (Groww, TradingView, Chartmini, Indstocks): inject the overlay and read DOM-derived symbol, price, and candle context needed to run the on-page engine. (2) Market and reference data hosts (e.g. Yahoo Finance, Google Finance, NSE/BSE, Binance): fetch quotes, candles, depth, or macro context through the background service worker where the page cannot call them directly. (3) News and RSS endpoints: fetch headlines and feeds for sentiment and event-risk layers. (4) Optional permissions https://*/* and http://*/*: granted only when the user approves, so the extension can call the subscriber's own billing website (e.g. https://www.tradelo.in) to verify subscription status—no code is injected into that site. All extension JavaScript ships inside the package; network responses are data only, not remotely executed extension code.

No. All extension logic is bundled in the package. The extension does not load or eval() remote JavaScript or WebAssembly to run extension features. Fetch/XHR responses from market and news APIs are parsed as data (JSON, RSS, HTML snippets) and are not executed as extension code.

In the Chrome Web Store "Data usage" section, align checkboxes with your actual build. For Tradelo AI typically: check "Personally identifiable information" if users can enter an email in the extension for subscription sync (and you process email on your backend). Check "Authentication information" only if you store tokens or credentials in the extension (this build syncs subscription by email to your billing site without storing website passwords). Check "Website content" because the extension reads chart/page context on supported sites to produce signals. Check "Location" only if you treat IP/server logs as location-related processing (optional; many teams check this when servers log IP). Do not check "Financial and payment information" for card data inside the extension—the extension does not read card numbers; payment happens on the website via your processor. Uncheck categories that do not apply (health, personal communications, etc.). Then certify the three required statements if true for your operation.

https://www.tradelo.in/privacy

1) Install the extension from this package. 2) Open https://www.tradingview.com/chart/ (or https://groww.in) and load any liquid symbol so a chart is visible. 3) Confirm the Tradelo AI side panel appears and updates. 4) Ensure `stocksignal/lib/billing-origin.js` matches https://www.tradelo.in (no trailing slash), then reload the extension. 5) Subscription test account: the developer runs `npm run seed:store-reviewer` on the server (see repo). That creates user reviewer@tradelo.in (or REVIEWER_SEED_EMAIL) with an internal 2-day active subscription—no Razorpay. In the popup Sign in section, use that email and the website password printed by the seed script (same as https://www.tradelo.in/login). 6) Confirm Subscription shows active; use Sync subscription if entitlement did not refresh.