Scope and product purpose
Sidecar is a Chrome side-panel workbench for repair-shop staff. Its single purpose is to turn supplier cart or product-page content into reviewed line-item drafts and apply operator-approved changes to the Shopmonkey order open in Chrome.
This policy covers the Sidecar Chrome extension and this website. Sidecar currently has no developer-operated application backend, analytics service, or advertising service.
Information Sidecar handles
Connection credentials
Operators may provide Shopmonkey and Google Gemini API keys. Sidecar stores these keys in Chrome-managed local extension storage. A Shopmonkey key is sent only to the selected Shopmonkey API endpoint for authentication. A Gemini key is sent only to Google's Gemini API for model discovery and user-initiated AI parsing. The Sidecar developer does not receive these keys.
Shopmonkey workspace data
When connected, Sidecar may read and locally process the connected API actor, shop location, order, customer, customer contact and address information, vehicle, service, line-item, pricing, and vendor information needed for the open-order workflow. Operator-approved changes are sent directly to Shopmonkey.
Scanned page content and browsing context
When an operator starts a page scan, Sidecar may read bounded visible page text and relevant visible element labels from the active tab. It also handles the page title, full source URL, and hostname so it can keep the draft tied to its source and confirm that the tab has not changed during the scan.
If Gemini is configured and selected, Sidecar sends the bounded page evidence and source hostname to Google's Gemini API for line-item interpretation. The full source URL and Shopmonkey customer, order, vehicle, and draft context are not included in the Gemini prompt.
Local workflow data
Sidecar stores settings, an installation identifier, draft lines, source references, order attachment state, vendor and service assignments, write-recovery records, bounded runtime incidents, and scan diagnostics in Chrome-managed local or session storage. Support details are copied to the clipboard only when the operator chooses a copy action; Sidecar does not automatically send support logs anywhere.
How information is used
- Identify the Shopmonkey order that is open in Chrome.
- Load the order, customer, vehicle, service, line-item, and vendor context needed for the workflow.
- Convert user-selected supplier page content into editable draft lines.
- Preserve drafts, assignments, review state, and safe retry information on the operator's device.
- Apply only operator-reviewed changes to the confirmed Shopmonkey destination.
- Present local diagnostics that the operator may choose to copy for support.
Sidecar does not use handled information for advertising, profiling, creditworthiness, resale, or unrelated product research.
Where information is sent
- Shopmonkey: credentials, reads, and operator-approved writes are sent directly to the configured Shopmonkey API over HTTPS. Shopmonkey's own terms and privacy policy govern its processing.
- Google Gemini: when Gemini is configured and an operator starts an AI scan, the Gemini credential, bounded page evidence, and source hostname are sent directly to Google's Gemini API over HTTPS. Google's applicable API terms and privacy terms govern its processing.
- Chrome: local extension data is stored through Chrome's extension storage facilities on the operator's browser profile.
- User-chosen external links: if an operator opens an external link from Sidecar, the destination receives the normal request information associated with that deliberate navigation.
Sidecar does not sell user data, share it with advertisers or data brokers, or allow the developer to read it. A human may review information only if an operator deliberately provides specific support material, when needed for security or legal compliance, or as otherwise permitted by applicable law.
Storage, retention, and deletion
Sidecar's settings, credentials, drafts, and operational records remain in Chrome-managed extension storage until the operator removes them, disconnects an integration, clears the relevant draft or history, or uninstalls the extension. Session-scoped information is removed by Chrome when the extension session ends.
Removing a Shopmonkey or Gemini key in Sidecar Settings removes that saved credential from extension storage. Uninstalling Sidecar removes its Chrome-managed extension storage according to Chrome's behavior. Information already sent to Shopmonkey or Google is retained under those providers' policies and account controls.
Security
Sidecar uses HTTPS for Shopmonkey and Gemini network traffic, does not load remotely hosted executable code, masks saved credentials in its interface, and keeps policy checks in front of Shopmonkey mutations. Operators should protect their Chrome profile and rotate or remove third-party API keys if a device or profile is compromised.
Chrome Web Store Limited Use
Sidecar's use of information received from Google APIs adheres to the Chrome Web Store User Data Policy, including the Limited Use requirements.
Sidecar limits user-data handling to its disclosed single purpose, transfers data only when necessary to provide that purpose or as legally permitted, does not use data for personalized advertising, and does not permit human access except with specific user consent or for security or legal reasons.
Changes and contact
This policy may be updated when Sidecar's behavior or legal obligations change. The effective date above will be revised when the policy changes. Material changes to data handling will also be disclosed through the extension or its Store listing as required.
For privacy questions or support, use the contact channel identified on Sidecar's Chrome Web Store listing or visit the Sidecar support page.