Privacy Policy
Last updated: July 1, 2026
This policy explains how Redrip (the Chrome extension and the redrip.app website) handles your data. We've tried to write it in plain language, without unnecessary legal jargon.
— In short
Redrip is a Chrome extension that automates managing your listings on Vinted and Leboncoin. To work, it uses the session cookies your browser already has for those sites. Your Vinted or Leboncoin password is never requested, seen, or stored.
The content of your listings (items, photos, conversations) stays on your device. The only data sent to our servers relates to your Redrip account (email, subscription plan, and usage counters), needed to manage your subscription and quotas. Details below.
— What data is processed
On your device (never sent anywhere)
- Your Vinted items (titles, prices, photos, statuses) — to display them in the dashboard
- Your Vinted conversations — to enable auto-replies
- Your extension settings (relist cadence, message tone, etc.)
- A local copy of your drafts and action history
All of this is stored via Chrome's chrome.storage.local API, on your hard drive. If you uninstall the extension, it all disappears.
Vinted and Leboncoin session cookies
The extension reads the session cookies your browser already has for vinted.fr and leboncoin.fr (the ones that keep you logged in). It uses them to make API requests on your behalf (relist, publish an ad, delete a sold ad). These cookies never leave your browser and are never sent to Redrip.
Leboncoin
If you use publishing to Leboncoin, the extension acts on your Leboncoin account from your browser to: publish an ad from a Vinted item, list your existing ads, and delete an ad when the matching item sells on Vinted (sale synchronization). Your phone number is fetched automatically from your Leboncoin account to fill in the listing form (Leboncoin requires it) and stays hidden publicly on the ad (contact happens via messaging). No Leboncoin identifier is stored by Redrip; the link between a Vinted item and a Leboncoin ad is kept locally (chrome.storage) solely for sale synchronization.
OpenAI API key (optional)
If you enable AI replies, you provide your own OpenAI key. It is stored locally (chrome.storage) and used to call OpenAI's servers directly from your browser. We neither see nor store this key. Messages sent to OpenAI are governed by their privacy policy.
Redrip account & subscription
To create a Redrip account (required for paid plans), we store on our Supabase backend (hosted in the European Union): your email address, your subscription plan (Free, Starter, Advanced, Pro) and anonymized usage counters (number of Vinted relists and Leboncoin publications used in the period) used to enforce your plan's quotas. Authentication uses a redrip_session session cookie on the redrip.app domain. We store no content from your Vinted/Leboncoin items, photos, or conversations on our servers.
Payments
Payments are handled by Stripe. We neither see nor store your card details: they are entered directly with Stripe, governed by its privacy policy. We only keep the Stripe customer/subscription ID and your subscription status.
— What we don't do
- No advertising trackers in the extension (the extension code loads no third-party pixel or analytics)
- No selling of your data to third parties
- No advertising displayed in the extension
- No content from your items, photos, or conversations sent to our servers
— What we collect on the redrip.app website
The website redrip.app (separate from the extension) uses audience-measurement and advertising tools: Google Tag Manager, Meta Pixel and TikTok Pixel, which may set cookies to measure visits and campaign effectiveness. You can decline them via your browser settings or an anti-tracking extension. These tools concern only browsing on the marketing site, never the use of the extension.
— Communications
If you contact us at hello@redrip.app, your email is received via Cloudflare Email Routing then forwarded to our private Gmail inbox. We do not store your address in a database and do not use it to send you marketing messages without your consent.
— Your rights
Under the GDPR, you can at any time:
- Access all data about you: open the extension → Account → Export
- Delete your local data: uninstall the extension (chrome://extensions → Remove). Everything is erased locally
- Delete your Redrip account and associated data (email, subscription, counters): from your Redrip dashboard → Account → Delete my account, or email us at hello@redrip.app
- Request information: email us at hello@redrip.app
— Security
All communications (Vinted, Leboncoin, OpenAI, our Supabase backend) use HTTPS. No unencrypted communication is ever performed. The source code is minified and signed by the Chrome Web Store.
— Vinted & Leboncoin
Redrip is not affiliated with, endorsed by, or sponsored by Vinted UAB or Leboncoin (LBC France). The extension uses the APIs accessible via the browser, with your session. You remain responsible for how you use your Vinted and Leboncoin accounts.
— Changes
This policy may evolve. Significant changes will be announced by email to Pro users and on this page. The "last updated" date at the top indicates the current version.
— Contact
For any question: hello@redrip.app