MUGA receives URLs when you click links or right-click to copy a clean link. These URLs are cleaned inside your browser. MUGA never silently sends your data anywhere. Any feature that contacts an external service requires your explicit action and is disclosed here.
MUGA's data lives in two places, deliberately separated:
chrome.storage.local): your acceptance of these terms and the version of the policy you agreed to (onboardingDone, consentVersion, consentDate); per-device decisions you made about behaviours your other devices may have enabled (injectOwnAffiliate, remoteRulesEnabled overrides; see Per-device consent below); usage counters (URLs cleaned, parameters removed, referrals spotted); and short-lived session data (debug logs, per-tab badge counts, recently cleaned URLs).chrome.storage.sync): behavioural preferences you would expect to follow you between devices, namely language, blacklist, whitelist, custom tracking parameters, the affiliate toggles' default values, the remote-rule-updates default value. Sync happens through your browser, never through MUGA.Neither bucket is ever visible to MUGA. Session data (chrome.storage.session) is automatically cleared when the browser restarts. Usage counters are never transmitted anywhere.
Acceptance of these terms is recorded per device, not per browser account. If you install MUGA on a second device, you will be asked to read and accept the terms on that device too, even if you already accepted them somewhere else. The reasoning is captured in our architectural decision record ADR-0001: consent is an act between you and the device you are using; inheriting it across devices silently would deny each device's user the chance to read and decide.
Behavioural preferences (toggles like "Inject our affiliate tag", "Enable remote rule updates", and others) follow your browser account through sync. But on a fresh device, if any of those preferences arrives enabled from another device, MUGA shows you an explicit confirmation prompt during onboarding before acting on them. If you decline a preference on this device, the override is recorded locally and your other devices' settings are left untouched.
If we update these terms in a way that materially changes what you previously agreed to, MUGA will surface a re-acceptance flow on each device the next time the service worker wakes up. If we only add clauses (without changing existing ones), the flow shows you the new clauses and lets you accept or decline; declining keeps you under the previously accepted terms.
If you previously installed MUGA before this version and your acceptance was stored across devices via sync, MUGA will migrate that acceptance to local storage on the first run after upgrade. The migration is one-way (sync → local) and idempotent: you keep your acceptance state without re-onboarding. The migration is implemented in src/lib/sync-migration.js in the source.
MUGA strips tracking parameters (UTMs, fbclid, gclid, and others) from URLs automatically. This happens locally. The removed parameters are not logged, transmitted, or stored anywhere.
The following features are enabled by default and can be individually toggled in Settings:
<a ping> attributes from links so the browser does not send tracking beacons when you click.l.facebook.com/?u=, Instagram's l.instagram.com/?u=, Twitter's t.co in some templates) and navigates straight to the embedded destination. This is not an affiliate-attribution event — these wrappers are share-link tracking, not commission-bearing redirects. Affiliate-redirect networks (Awin, CJ, AliExpress Portals, etc.) are deliberately NOT unwrapped — see "Affiliate networks" below.All of these operate entirely within your browser. No external requests are made.
URL cleaning (and the click, copy, page-load self-clean paths) runs as a local computation inside your browser. It does not round-trip through any extension service worker or external server. The cleaning logic ships in the extension package as a small bundled file (src/content/cleaner-bundle.js) generated from the ES module source under src/lib/ via tools/bundle-content.mjs; the bundle is committed to the repository so reviewers can verify it matches the unbundled source.
MUGA can add affiliate tags to URLs that carry none when you visit a supported store. This is how an independent developer earns income from the tool he maintains. If you opted in during onboarding, this feature is active. You can disable it at any time in Settings.
When you visit a supported store, MUGA checks the URL locally to see if an affiliate tag is already present. If not, and if you have the option enabled, MUGA modifies the URL before navigation to include our affiliate tag. This URL modification happens locally. No external request is made to determine whether to inject.
If you enable "Remove all affiliate tags from other sources", third-party tags placed by other creators or networks are removed from the URL. MUGA's own tag is preserved only when you also have affiliate injection enabled on this device; if you have injection off, MUGA's tag is treated like any other and removed too. The toggle's behaviour is symmetric with your stated preference: if you do not want to support MUGA via affiliate injection on this device, MUGA does not benefit from someone else's link arriving with our tag attached. MUGA never silently replaces another affiliate's tag with ours.
MUGA recognises both styles of affiliate attribution and respects both. Some programs (Amazon, eBay, Vercel, DigitalOcean, Lemon Squeezy, Apple Performance Partners, Bookshop.org, Steam Curator) carry the creator's referral as a query parameter or path segment on the merchant's own URL. Other programs (Awin, CJ Affiliate, AliExpress Portals, Impact, Partnerize, Admitad, A8.net, Rakuten, TradeTracker) carry it as a redirect through the network's own servers, where the network's 30x sets a first-party cookie on the merchant's domain at landing. MUGA does not pick winners by attribution model.
Practically: when MUGA sees an affiliate-redirect URL, the redirect passes through your browser unchanged. The network's servers see your click (that's the entire point — without it the creator's commission cannot be paid) and the merchant's first-party cookie gets populated normally. MUGA does not interpose, does not log the redirect anywhere outside your device, and does not rewrite the URL beyond removing well-known tracking parameters (utm_*, fbclid, gclid, and the rest) from the merchant's landing page once you arrive. The matrix that drives this is published in docs/affiliate-networks-matrix.md on each release.
Independently of any affiliate model, MUGA offers an optional "Follow shortener redirects" feature that resolves generic URL shorteners (bit.ly, tinyurl.com, t.co, link.medium.com, lnkd.in, fb.me, ebay.to) so you can see where a short link actually leads before clicking. When enabled, the extension itself contacts the shortener host directly with credentials: "omit" (no cookies, no identifying headers) and reads the Location header — no MUGA server is involved. Off by default. Affiliate redirect networks are NEVER followed. See the Permissions section below.
When you navigate to a store via a MUGA-modified URL, the store's own analytics may record the visit as originating from an affiliate link. This is standard affiliate behaviour and is governed by the store's own privacy policy, not MUGA's.
MUGA is a registered participant in affiliate programs operated by supported stores. These programs have their own terms of service and privacy policies.
MUGA requests the following browser permissions:
Optional host permissions (off by default; granted only when you turn on the corresponding feature in Settings, revocable from browser settings at any time):
fetch(url, { redirect: "manual", credentials: "omit" }) to that shortener host and reads the destination from the Location header. No cookies are sent, no identifying headers are attached, and no MUGA server is contacted. Affiliate-redirect networks are NEVER followed.MUGA is licensed under the GNU General Public License v3 (GPL v3). The complete source code is public. If you want to verify that this privacy policy accurately describes the extension's behaviour, read the code. It's all there.
Questions or concerns: open an issue at github.com/yocreoquesi/muga/issues.