Last Updated: May 12, 2026

Overview

The Katana Extension Library is a Chrome extension that adds productivity tools to the Katana MRP interface. This policy explains what data the extension accesses, how it is used, and what stays on your device.

Data We Access

The extension accesses your Katana account data (sales orders, products, customers, and other records) solely to display and act on that data within the side panel on your behalf. This data is fetched directly from the Katana API in real time and is never stored on any external server.

Data We Store

All user-generated data is stored locally in your browser using Chrome’s storage.local API. This data never leaves your device and is not accessible to us or any third party.

Locally stored data includes:

  • Webhook button configurations: button labels, URLs, and headers you create
  • Email templates: subject lines and body text you save
  • Tool preferences: per-tool settings and enable/disable states

We do not collect, transmit, or store any of this data on external servers.

Authentication

The extension uses OAuth 2.0 to authenticate with your Katana account via Chrome’s identity API. Your Katana credentials (username and password) are never seen or stored by the extension. OAuth tokens are managed by Chrome and used only to make API calls to Katana on your behalf.

Analytics

The extension uses a third-party analytics service to collect aggregate usage data. This helps us understand which tools are used and improve the extension over time.

What analytics does collect:

  • Usage events (e.g. “tool opened”, “webhook fired”, “order imported”)
  • Extension version and Chrome version
  • An installation ID tied to your browser installation

What analytics does not collect:

  • ❌ Personal information (name, email)
  • ❌ Katana data (orders, products, customers, etc.)
  • ❌ Webhook URLs or email template contents

Data Sharing

We do not sell, rent, or share your data with any third party, with the following narrow exceptions:

  • Katana MRP: the extension calls the Katana API on your behalf, using your own credentials
  • Third-party analytics service: receives aggregate usage events as described above

No other data is shared with any other service or organisation.

Data Security

  • All communication between the extension and the Katana API is encrypted over HTTPS
  • OAuth tokens are managed by Chrome’s built-in identity system
  • Locally stored data is sandboxed to the extension and inaccessible to other extensions or websites

Your Rights

Because we do not collect or store personal data on external servers, there is nothing for us to delete or export on your behalf. You can clear all locally stored extension data at any time by removing the extension from Chrome.

Changes to This Policy

If this policy changes materially, we will update the “Last Updated” date above. Continued use of the extension after changes are posted constitutes acceptance of the revised policy.

Contact

Questions about this policy? Email taylor.hagel@katanamrp.com.