Chrome Web Store Compliant

Privacy Policy

1. Scope & Core Philosophy

This Privacy Policy outlines how the NepseGuru MeroShare Sync Chrome browser extension (the "Extension" or "Product") accesses, handles, and protects your information. We strongly believe that your financial credentials and portfolio transaction history belong to you. Therefore, we have engineered this extension using a strict local-first, serverless-access architectural paradigm.

2. Data Access & Usage Description

In order to offer automated portfolio synchronizations and allow family-profile IPO bulk applications, the Extension accesses and processes the following parameters directly on your machine:

  • MeroShare Authentication Credentials: Your Demat (BOID) ID, client bank codes, MeroShare username, and login password. These are utilized solely to login to your CDSC account automatically.
  • Transaction Security PIN & CRN: Accessed only when executing a transaction (such as submitting an IPO application) to complete the verification step.
  • Securities Portfolio Holdings: Current share quantities, acquisition transaction records, and average purchase prices to compute capital gains tax, net returns, and portfolio health indicators.

3. Data Transparency Grid

The grid below outlines exactly how each piece of sensitive data is processed and stored by the extension:

Data Type Purpose Storage Location Transmission Status
Login Credentials Automatic CDSC MeroShare login. Local chrome.storage Never Sent to Servers
Transaction PIN / CRN IPO signature application confirmation. Local chrome.storage Never Sent to Servers
Portfolio Holdings Calculating value, return, and performance metrics. Local chrome.storage Never Sent to Servers

4. Local Sandbox Architecture

We do not operate a remote server database to store your passwords or private financial keys. Everything is processed directly in the extension's local background context:

  1. Local Sandbox Encryption: All credentials and preferences are written into the browser's sandboxed local container (chrome.storage.local). Access is restricted solely to the extension package under Chrome security policies.
  2. Direct Connection: The Extension communicates directly with the official CDSC MeroShare APIs (https://meroshare.cdsc.com.np) from your browser. There is no intermediate proxy or relay server.
  3. Zero Trackers: No third-party analytical scripts (such as Google Analytics or cookies) are bundled within the extension's background or content scripts. We have zero knowledge of who you are or what investments you manage.

5. Third-Party Disclosures & Partners

Because we operate under a zero-knowledge data collection structure, we do not store, possess, or index any of your data. Consequently, we do not share, lease, sell, or disclose your personal or financial information to any commercial advertising networks, credit agencies, or third-party service providers.

6. Security Guidelines & Best Practices

Your MeroShare credentials are secured locally by your operating system and Chrome's browser profile directory permissions. To ensure maximum safety, we recommend the following safety protocols:

  • Ensure you only install extension packages from verified, trusted developers.
  • Always lock your computer screen or log out of your system user profile when leaving your device unattended.
  • Never share your Chrome profile directories or export local storage logs to unrecognized individuals.

7. Chrome Developer Policy Conformance

This policy is actively aligned with the Chrome Web Store Developer Program Policies, specifically addressing the User Data Privacy section. The Product handles data locally to fulfill direct user requests and complies with the Principle of Least Privilege by requesting only the exact background permissions necessary to communicate with CDSC MeroShare hosts.

8. Contact & Appeal Support

If you have any questions, require technical support, or need clarification regarding the local storage mechanism of this extension, please reach out to our team directly at:

📧 Email: sabinsubediofficial@gmail.com