Privacy

Last updated: 2026-04-24

Short version: the extension runs locally in your browser. Nothing about the pages you visit, the recipes you read, or the ingredients you click on is sent anywhere, unless you explicitly tap the “Did you cook this?” feedback button.

What the extension stores on your device

The extension uses Chrome’s local storage (the chrome.storage.local API) to keep a few small pieces of state. This data never leaves your machine.

Your on/off setting and the list of sites you’ve disabled.
A counter of how many recipes you’ve looked at, how many ingredients got highlighted, and how many substitution popovers you’ve opened. Used only in the extension popup so you can see your own stats.
A flag that records which recipe pages you’ve already given feedback on, so we don’t re-show you the feedback button on the same page.
A flag for whether you’ve seen the one-time onboarding tooltip.

Uninstalling the extension removes all of it.

What the extension reads on pages you visit

To find and highlight ingredients, the extension reads the text content of recipe pages in your browser. It looks for recipe markup (JSON-LD, Microdata, or WordPress recipe plugins) and, failing that, scans for cooking vocabulary (units, techniques, common ingredients). All of that analysis happens in your browser. None of it is transmitted.

On pages that don’t look like recipes, the extension exits quickly and does nothing.

What the extension sends externally

Only one thing, and only when you take action. When you open a popover for an ingredient and click the “Did you cook this?” button, a new tab opens a Typeform with two hidden fields prefilled:

The recipe’s URL, stripped of any query string and fragment (so ?utm_source=... kind of stuff is removed).
The name of the ingredient you clicked.

Everything else on that form is up to you. You don’t have to submit it. If you do, your response goes to Typeform, which operates under its own privacy policy.

What the extension does not do

No analytics. We don’t track which pages you visit, which ingredients you click, or how long you stay. There is no telemetry pipeline.
No ads. No affiliate links. No selling data.
No account, no sign-in, no email capture (unless you type one into the feedback form yourself).
No third-party scripts in the extension itself. The only external request is the Typeform tab described above, and only if you click the button.

Permissions explained

activeTab: required to run the content script on the tab you’re currently looking at.
storage: the local-only storage described above.
scripting: required to re-inject the content script into already-open tabs when the extension updates or reloads.
<all_urls> content script match: the extension runs on every web page so it can detect recipes wherever they live. On non-recipe pages it exits quickly. It does not request or receive permission to send network requests from any domain.

Changes to this policy

If this policy changes, the date at the top of this page will move and a note will be posted. Material changes (anything that would send new data somewhere new) will also be announced in the extension’s changelog and in the Chrome Web Store release notes.

Contact

Questions, corrections, or concerns: hi@ifyouhaveit.app.