Most payment monitoring tools work the same way:
your API key goes to their server, their server
polls Stripe, their server sends you a notification.
That means your revenue data, customer patterns,
and API credentials are sitting on someone else's
infrastructure. Forever.
I built Stripe Alerts differently.
The architecture
Everything runs in the browser. Here's the full flow:
- User pastes a read-only Stripe API key
- Key is stored in chrome.storage.local — never synced, never transmitted
- A Chrome Manifest V3 service worker polls the Stripe REST API directly on a schedule
- Response is processed locally in the browser
- Chrome's native notifications API fires the alert
The request chain is: Browser → Stripe API → Browser.
No middleman. No server. No data leakage.
Why Manifest V3 matters
Chrome's Manifest V3 forced developers to move from
persistent background pages to service workers. This
actually helped the privacy architecture — service
workers are ephemeral, they spin up to do a job and
shut down. Nothing persists in memory between checks.
What it monitors
- Failed payment spike detection
- Chargeback and dispute activity
- Subscription cancellation monitoring
- Refund anomaly detection
The result
A monitoring tool that is genuinely privacy-first by
architecture, not just by policy. There's no server
to breach, no database to leak, no API key to steal.
Free to install → https://chromewebstore.google.com/detail/stripe-alerts/epemeoabcaoifldejoblcknljpgbphao
Happy to answer any technical questions below.
Top comments (0)