Privacy Policy

Effective: May 4, 2026 · MarketMaster v6.2.0

The short version

MarketMaster doesn't collect, transmit, or sell your personal data. Settings + watchlist sync across your Chrome profiles via Google's built-in extension sync (the developer never touches it). Credentials and journal stay device-local. The only data that leaves your browser is (a) API requests you make to Kalshi, Polymarket, PredictionHunt, and Google News, and (b) any visit you choose to make to Buy Me a Coffee through the support button.

1. What we collect

Nothing on our servers — because there are no servers. MarketMaster is a client-side Chrome extension. The developer doesn't run a backend, doesn't log your activity, and doesn't receive any analytics or telemetry.

2. What's stored on your device (and what syncs across devices)

MarketMaster uses two Chrome storage areas, deliberately split by sensitivity and size:

Device-local only (chrome.storage.local):

Your API keys (PredictionHunt, optional Kalshi Access Key ID and RSA private key) — stored in plaintext locally, never sent anywhere except to the service they belong to. The Kalshi private key is used in-browser to sign requests to Kalshi's authenticated endpoints; the key itself is never transmitted, and it does not sync to your other Chrome profiles.
Your trading journal — every analysis is auto-logged with a market title and your selected side. Capped at 200 entries.
A rolling history of prices you've viewed, for sparkline charts.
Cached news headlines and cross-platform title matches (weekly / daily refresh).

Synced across your Chrome profiles (chrome.storage.sync, since v6.x):

Your watchlist of subscribed market tickers (the "My Markets" tab).
Your alert threshold and whether alerts are enabled.
Your auto-fill preference and bankroll setting (used to translate Kelly % into a contract count).
Your scanner SHOW filter selection (Arbs only, Movers, etc.).
UI state — collapsed sections, dismissed hints, ToS acceptance.
Your Polymarket wallet address (a public on-chain identifier — no private key).

The developer cannot read either of these stores. chrome.storage.sync is encrypted in transit and at rest by Google as part of your Chrome account; the developer does not run a server in this loop. To stop syncing, sign out of Chrome or disable extension sync in chrome://settings/syncSetup.

Uninstalling the extension deletes the local store on that device and removes the extension's sync entries from your account.

3. What's transmitted to third parties

MarketMaster makes direct HTTPS requests from your browser to these services so you can see live data:

Kalshi public API (api.elections.kalshi.com) — to fetch market prices and details. No authentication required for public data.
Polymarket public API (gamma-api.polymarket.com) — to fetch market prices and details.
PredictionHunt API (www.predictionhunt.com) — only if you provide an API key. Your key is sent as an X-API-Key header so PredictionHunt can authorize the request. The developer never sees it.
Kalshi authenticated endpoints (api.elections.kalshi.com/trade-api/v2) — only if you provide an Access Key ID and private key, and only when you open the Profile tab. Each request includes KALSHI-ACCESS-KEY, an RSA-PSS-SHA256 signature generated locally with your private key, and a timestamp. The private key never leaves your browser.
Google News RSS (news.google.com) — to fetch news headlines for the "Market Context" feature when you click "Get Market Context." Your IP is visible to Google as with any web request.
Buy Me a Coffee (buymeacoffee.com) — only when you click the support button, which opens their page in a new tab.

Each of these third parties has its own privacy policy that governs what they do with what they receive. The developer doesn't control their practices.

4. What MarketMaster does NOT do

Collect personally identifiable information (no name, email, address, or account ID).
Track your browsing on sites other than Kalshi and Polymarket market pages — and even then, only the current URL and page title are read, for analysis.
Send data to developer-run servers (there are none).
Sell, share, or disclose data to third parties for marketing.
Use cookies or third-party trackers.
Touch your Kalshi or Polymarket account balances, positions, or trades — unless you voluntarily provide a Kalshi API key, in which case requests go directly from your browser to Kalshi and never through the developer.
Include any analytics SDK (no Google Analytics, no Mixpanel, no Sentry, nothing).
Place or submit trades. Auto-fill only pre-fills the platform's own input field — you still click Confirm.

5. Chrome permissions, explained

activeTab — to read the URL and title of the market you're viewing, so MarketMaster can analyze it.
storage — to save your settings locally.
tabs — to open market pages in a new tab when you click "Open."
alarms — to schedule the background price check for subscribed markets.
notifications — to show OS-level alerts when a subscribed market crosses your threshold.
host_permissions (Kalshi, Polymarket, PredictionHunt, Google News) — to fetch live market data.

6. Notifications

If you enable alerts, Chrome shows OS-level notifications when subscribed markets move by more than your threshold. Notification content is built entirely on your device from Kalshi's public API. The developer doesn't see which markets you watch or when you receive alerts.

7. Auto-fill

Auto-fill is off by default. If you enable it, MarketMaster writes a recommended contract count into the platform's own trade-size input after analysis finishes. It does not click, submit, or confirm — you do. The data never leaves your browser.

8. Children

MarketMaster isn't directed at children under 18 and isn't intended for anyone under the age of majority. We don't knowingly collect data from minors.

9. California residents (CCPA/CPRA)

The developer doesn't sell or share personal information as defined by California law. There's no data to request, correct, or delete from developer-controlled servers because no such servers exist. To delete locally stored data, uninstall the extension from chrome://extensions.

10. European residents (GDPR)

No personal data is processed by the developer under GDPR because the developer doesn't receive, store, or process any personal data. Data processing happens (a) locally on your device, or (b) at third parties (Kalshi, Polymarket, PredictionHunt, Google) that you interact with directly, under their own policies.

11. Security

All API requests use HTTPS. Locally stored API keys are protected by Chrome's storage security. If your device is compromised, an attacker could read those keys. If your device is lost, stolen, or compromised, rotate your PredictionHunt API key right away.

12. Changes to this policy

The developer may update this policy by publishing a new version inside the extension or on its distribution page. Material changes will be flagged on next open. Continued use after changes means you accept them.

13. Contact

Questions about privacy? Reach the developer through the Buy Me a Coffee page.