Transparent by Design

Architecture

Exactly how Contact Scout is built, what data moves where, and why your IT Director might like it. Oh wait, they don't like anything...

Translation for Non-Techies

Data Flow

Every request follows this path. No detours, no side channels, no data at rest.

Browser
User selects text or image on any webpage or web-based email
We only "see" what you tell us to see. Nothing is read until you choose it.
Selection
Extension MV3
Service Worker processes locally, then forwards to API
We only scout the tab you're currently in. We can't see your other tabs, history, or bookmarks.
HTTPS
Vercel API Stateless
Serverless functions validate, rate-limit, and forward to your chosen destination
Your data passes through but is never saved. Like water flowing in a river.
TLS
Gemini AI
Google's AI parses contact fields from text/image
Google's AI figures out which part is a name, phone, email, etc. — then forgets it immediately.
JSON
Google Contacts
Saved via People API with OAuth 2.0 token
The contact lands directly in your Google Contacts.
Outlook Contacts
Saved via Microsoft Graph API with OAuth 2.0 token
The contact lands directly in your Outlook contacts.
Checkout
Quota
Enterprise
Stripe PCI DSS
All payment processing and PII. We never see your credit card information.
Your credit card number goes straight to Stripe. We never see it, store it, or touch it.
Supabase RLS
Billing & quota data only — identified by email address
Only tracks how many times you've "Scouted". No names, no numbers, or contacts are ever stored here.
BYO-LLM Enterprise
Your own AI endpoint — Azure, GCP, or Anthropic
Your company can use its own LLM (i.e. Gemini, ChatGPT) vs. our LLM. It's a security thing.

Security Controls

Every layer is locked down. Here's exactly what protects your data.

Manifest V3 Extension

No persistent background page. Ephemeral service worker with no long-running processes. Minimal permission set.

Nothing is running when you're not using it. It wakes up when you right-click, does its job, then goes back to sleep.

Zero Contact Data at Rest

Contact data is processed in-transit only. Never written to disk, database, or logs on our servers.

After processing your request, there's nothing to see. Your contacts aren't on our servers — ever.

OAuth 2.0 via Chrome Identity API

Google tokens managed by Chrome (scoped to contacts only). Microsoft refresh tokens encrypted at rest in our database (AES-256-GCM, scoped to Contacts.ReadWrite only).

You sign in through the same login screen you already trust. We never see your password.

Encrypted Microsoft Tokens

Unlike Google (where Chrome manages OAuth tokens locally), Microsoft requires server-side refresh tokens. These are encrypted with AES-256-GCM, scoped to Outlook Contacts only, and isolated from Google data via Supabase Row-Level Security. Users can disconnect or trigger emergency revocation at any time.

Your Outlook connection is locked with bank-grade encryption. Google and Microsoft data never mix.

HTTPS Everywhere + Security Headers

All traffic over TLS 1.2+. HSTS, X-Content-Type-Options, X-Frame-Options, and strict Referrer-Policy enforced.

Between Gemini and you, nobody can read what's being sent.

API Key Isolation

Gemini API key stored in Vercel environment variables. Never bundled in the extension or exposed to the client.

Even if someone inspected every file in the extension, they couldn't find our AI key. It never leaves our server.

Server-Side Abuse Prevention

Fail-closed quota enforcement (consumed before the AI call, not after). CORS origin restrictions, per-user rate limiting, and SSRF protections on all endpoints.

If anything goes wrong, the system shuts the door — it doesn't leave it open. And a stranger can't call our server pretending to be you.

Minimal Browser Footprint

Zero tracking SDKs, pixel trackers, or fingerprinting. Scoped to activeTab only — no access to other tabs, history, or bookmarks.

Your other 47 open tabs? We can't see them. Your browsing history? Can't see it. And there's zero tracking to watch what you do.

Email Address Only

The only personal data we store is an email address — for authentication, quotas, and billing. Nothing else.

We can't send you a holiday card, sorry — we'd love to, but we don't have your home or work address.

Row-Level Security (Supabase)

Billing and quota data isolated per user via Postgres RLS policies.

Your records are walled off. Like a closet with 1 shoe box on the floor. There may be other shoe boxes in that closet, but you don't know if they exist.

What We Collect

The complete list. Copy this into your risk assessment.

Data Type Collected? Where Stored
Email address Yes Supabase (auth, quotas, billing)
Contact data you extract No Ephemeral — passes through, never stored
Payment information No Handled entirely by Stripe (PCI DSS Level 1)
Browsing history No Not accessible — activeTab only
Other open tabs No Not accessible — activeTab only
Cookies / session tokens No None created — Chrome manages OAuth tokens
Microsoft refresh token (Outlook users only) Yes Supabase, encrypted with AES-256-GCM, scoped to Contacts.ReadWrite
Analytics / tracking No Zero tracking SDKs in the extension

Questions About Our Architecture?

IT teams can reach us directly for security reviews, compliance documentation, or technical deep-dives.
[email protected]