MUGA receives URLs when you click links or right-click to copy a clean link. These URLs are cleaned inside your browser. MUGA never silently sends your data anywhere. Any feature that contacts an external service requires your explicit action and is disclosed here.
MUGA's data lives in two places, deliberately separated:
chrome.storage.local): your acceptance of these terms and the version of the policy you agreed to (onboardingDone, consentVersion, consentDate); per-device decisions you made about behaviours your other devices may have enabled (injectOwnAffiliate, remoteRulesEnabled overrides — see Per-device consent below); usage counters (URLs cleaned, parameters removed, referrals spotted); and short-lived session data (debug logs, per-tab badge counts, recently cleaned URLs).chrome.storage.sync): behavioural preferences you would expect to follow you between devices — language, blacklist, whitelist, custom tracking parameters, the affiliate toggles' default values, the remote-rule-updates default value. Sync happens through your browser, never through MUGA.Neither bucket is ever visible to MUGA. Session data (chrome.storage.session) is automatically cleared when the browser restarts. Usage counters are never transmitted anywhere.
Acceptance of these terms is recorded per device, not per browser account. If you install MUGA on a second device, you will be asked to read and accept the terms on that device too, even if you already accepted them somewhere else. The reasoning is captured in our architectural decision record ADR-0001: consent is an act between you and the device you are using; inheriting it across devices silently would deny each device's user the chance to read and decide.
Behavioural preferences (toggles like "Inject our affiliate tag", "Enable remote rule updates", and others) follow your browser account through sync. But on a fresh device, if any of those preferences arrives enabled from another device, MUGA shows you an explicit confirmation prompt during onboarding before acting on them. If you decline a preference on this device, the override is recorded locally and your other devices' settings are left untouched.
If we update these terms in a way that materially changes what you previously agreed to, MUGA will surface a re-acceptance flow on each device the next time the service worker wakes up. If we only add clauses (without changing existing ones), the flow shows you the new clauses and lets you accept or decline; declining keeps you under the previously accepted terms.
If you previously installed MUGA before this version and your acceptance was stored across devices via sync, MUGA will migrate that acceptance to local storage on the first run after upgrade. The migration is one-way (sync → local) and idempotent: you keep your acceptance state without re-onboarding. The migration is implemented in src/lib/sync-migration.js in the source.
MUGA strips tracking parameters (UTMs, fbclid, gclid, and others) from URLs automatically. This happens locally. The removed parameters are not logged, transmitted, or stored anywhere.
The following features are enabled by default and can be individually toggled in Settings:
<a ping> attributes from links so the browser does not send tracking beacons when you click.All of these operate entirely within your browser. No external requests are made.
URL cleaning (and the click, copy, page-load self-clean paths) runs as a local computation inside your browser. It does not round-trip through any extension service worker or external server. The cleaning logic ships in the extension package as a small bundled file (src/content/cleaner-bundle.js) generated from the ES module source under src/lib/ via tools/bundle-content.mjs; the bundle is committed to the repository so reviewers can verify it matches the unbundled source.
MUGA can add affiliate tags to URLs that carry none when you visit a supported store. This is how an independent developer earns income from the tool he maintains. If you opted in during onboarding, this feature is active. You can disable it at any time in Settings.
When you visit a supported store, MUGA checks the URL locally to see if an affiliate tag is already present. If not, and if you have the option enabled, MUGA modifies the URL before navigation to include our affiliate tag. This URL modification happens locally. No external request is made to determine whether to inject.
If you enable "Remove all affiliate tags from other sources", third-party tags placed by other creators or networks are removed from the URL. MUGA's own tag is preserved only when you also have affiliate injection enabled on this device; if you have injection off, MUGA's tag is treated like any other and removed too. The toggle's behaviour is symmetric with your stated preference: if you do not want to support MUGA via affiliate injection on this device, MUGA does not benefit from someone else's link arriving with our tag attached. MUGA never silently replaces another affiliate's tag with ours.
MUGA evaluated 10+ affiliate programs from major retailers and marketplaces. All of them require redirect-based tracking: your click is routed through an external server before reaching the store. That server logs your visit, your referrer, and your destination.
We do not believe forcing users through external tracking servers is necessary or fair. Redirect-based affiliate tracking is a choice these networks make, not a technical requirement. We rejected every one of these programs and chose to give up that revenue rather than compromise your privacy.
Because these stores rely on redirect-based affiliate networks, MUGA actively strips their affiliate tracking parameters (awc, wt_mc, lgw_code, and others) from URLs you visit. These parameters were placed by the same redirect servers we refuse to use. When possible, MUGA also unwraps affiliate redirect URLs and sends you directly to the store, so the intermediary server is bypassed entirely.
Only stores that support direct URL parameter injection -- where the affiliate tag is a simple query parameter added locally, with no server involved -- are compatible with MUGA. We believe users deserve the freedom to reach any store directly, and we will apply this same standard to any affiliate program we evaluate in the future.
When you navigate to a store via a MUGA-modified URL, the store's own analytics may record the visit as originating from an affiliate link. This is standard affiliate behaviour and is governed by the store's own privacy policy, not MUGA's.
MUGA is a registered participant in affiliate programs operated by supported stores. These programs have their own terms of service and privacy policies.
MUGA requests the following browser permissions:
MUGA is licensed under the GNU General Public License v3 (GPL v3). The complete source code is public. If you want to verify that this privacy policy accurately describes the extension's behaviour, read the code. It's all there.
Questions or concerns: open an issue at github.com/yocreoquesi/muga/issues.