Skip to content
ShipWorks
Back to home

Browser Extension

Browser Extension Privacy Policy

This document describes what the ShipWorks browser extension reads, stores, and transmits. The extension is a companion tool for signed-in sellers using the ShipWorks web app — it acts on the user's own data, in their own browser, in response to their own clicks.

Last updated: 25 May 2026

1. Single purpose

The extension exists to let signed-in ShipWorks users retrieve their own shipping and pricing data from their own Meesho supplier dashboard (supplier.meesho.com) and surface it inside the ShipWorks web app.

It performs no other function. It does not advertise, track, profile, modify other websites, or interact with any third-party service besides the user's own Meesho dashboard and the user's own ShipWorks account.

2. Data the extension reads

The extension reads only what is necessary to serve the user's explicit action (e.g., clicking "Find cheapest shipping" inside the ShipWorks app):

  • The URL and signed-in status of the user's open supplier.meesho.com tab — probed via the dashboard's own status endpoint — to confirm the Meesho session is active before running a user-initiated query.
  • The numeric pricing, shipping, and commission fields returned by Meesho's own catalog pricing endpoints when the user triggers a query, to display them inside the ShipWorks app.
  • The user's supplier_id, supplier_slug, and the client-package-version string used by Meesho's own web client — so the extension calls the user's own Meesho endpoints the same way the dashboard does.
  • Messages from the ShipWorks web app's pages requesting a specific user-initiated action.

3. Data the extension transmits

The extension transmits data only to:

(a) The user's own Meesho supplier dashboard (supplier.meesho.com), using the user's existing browser session. These are the same API calls the dashboard's own JavaScript makes when the user clicks the corresponding buttons in the dashboard. The extension does not intercept, log, or store the user's Meesho cookies or credentials.

Two flows touch Meesho, both user-initiated:

  • Pricing and shipping queries — read-only calls to the dashboard's own pricing endpoints (getTransferPrice, fetchDuplicatePid, pricing-only image previews). These do not publish, edit, or delete anything in the user's live catalog; they just retrieve the numbers Meesho would show the user in the dashboard.
  • Place image into upload field — when the user clicks "Use" on a saved scan variant from the in-page panel, the extension places the image file into the dashboard's existing upload <input type="file"> element. The image is one the user previously saved to their own ShipWorks account. The extension never auto-submits — the user reviews and clicks Save in the Meesho dashboard themselves.

(b) The user's own ShipWorks web app session (https://*.shipworks.in), using window.postMessage between the extension's content script and the ShipWorks page that initiated the request. The data passed back is limited to the numeric pricing and shipping fields returned by Meesho plus, for admin connect flows, the supplier_id and supplier_slug of the account the user is signed into.

The in-page panel also fetches the user's own previously-saved scan list and individual scan details from https://*.shipworks.in/api/scans using the user's existing ShipWorks session cookie. Only the signed-in user's own scans are accessible.

The extension does not transmit any data to ShipWorks' own backend servers beyond what is described above (the user's own scan list and detail fetches, on their own request), to any analytics service, to any advertising network, or to any third-party endpoint. All network activity stays inside the user's own Meesho session and their own ShipWorks account.

4. Data the extension stores

The extension uses chrome.storage.local to persist a small amount of local-only state on the user's device:

  • A per-install random UUID (32 hex chars, generated on first run via crypto.getRandomValues) — used to derive stable, non-guessable internal identifiers (for example, the DOM id of the panel's shadow host) so they don't collide with arbitrary IDs on the host page.
  • Panel position (left/top in pixels) — the last drag position of the in-page panel, so it reappears where the user left it.
  • Optional saved ShipWorks origin override — only set if the user manually enters a URL in the panel's "change" link, for development or staging testing.

This data lives only on the user's device. It is never transmitted off-device.

5. Data the extension does NOT collect

The extension explicitly does not:

  • Read or transmit the user's Meesho cookies, passwords, OTPs, or session tokens.
  • Read or transmit the user's ShipWorks cookies or session tokens.
  • Track browsing history, mouse movements, keystrokes, or focus events.
  • Inject ads, affiliate links, or promotional content into any page.
  • Modify pages outside the explicit content-script matches in the manifest.
  • Send any data to ShipWorks' servers beyond §3(b) above.
  • Use third-party analytics, telemetry, or crash reporting.
  • Sell, rent, share, or otherwise disclose any user data to anyone.

6. Permissions justification

  • host_permissions: https://supplier.meesho.com/* — required to inject a function into the user's own logged-in supplier dashboard tab to call the dashboard's own pricing endpoints on the user's behalf.
  • host_permissions: https://shipworks.in/* and https://*.shipworks.in/* — required so the content-script bridge can run on ShipWorks' own web app and receive the user's action requests.
  • scripting — used by chrome.scripting.executeScript to invoke the same fetch() call the supplier dashboard itself uses, inside the user's tab.
  • tabs — used to locate the user's open supplier.meesho.com tab so the action runs in the right context. The extension does not enumerate or read tabs outside this purpose.
  • storage — used for the local-only state described in §4 (panel position, install UUID).

7. User control

  • The extension only acts in response to a user-initiated action on the ShipWorks web app or inside the Meesho-dashboard panel UI. It does not perform background scans, scheduled tasks, or any activity the user did not explicitly request.
  • The user can disable or uninstall the extension at any time from chrome://extensions. All locally-stored state is removed on uninstall.

8. Children

The extension is a seller productivity tool and is not directed at children under 13. We do not knowingly collect any data from children.

9. Changes to this policy

If we materially change what data the extension reads, stores, or transmits, we will update this page and the version listed in the extension's manifest. The "Last updated" date at the top of this page reflects the most recent change.

10. Contact

Questions about this policy: email [email protected] or use our contact form.

See also our general Privacy Policy and Terms of Service.