Privacy Policy

Last Updated: November 2, 2025

1. Information We Collect

1.1 Information You Provide

• Account Information: Email address or phone number for authentication
• Notes Content: Text, images, and attachments you create in the extension
• Tags and Organization: Tags, categories, and metadata you assign to notes
• Tasks and Reminders: Task descriptions, due dates, and reminder preferences
• Feedback: Feedback and suggestions you voluntarily submit

1.2 Automatically Collected Information

• Security & Session Metadata: IP address, user agent, device fingerprint, approximate location (derived from IP), and session timestamps used to protect your account
• Note Context: Page URL, title, and hostname saved with your note in your account
• AI Usage: Model name and credits/tokens used when you invoke AI features
• Timestamps: Creation and modification dates for notes, reviews, tasks, and reminders

1.3 Information We Do NOT Collect

• Plaintext passwords (passwords are hashed using bcrypt)
• Payment information (no paid features currently)
• Browsing history beyond note context
• Personal information not explicitly provided

2. How We Use Your Information

We use the collected information for the following purposes:

• Service Provision: To provide, maintain, and improve ExtenNote functionality
• Synchronization: To sync your notes across devices and browsers
• AI Features: To enhance notes, analyze content, and provide smart suggestions
• Reminders: To send notifications for tasks and reminders you set
• Authentication: To verify your identity and secure your account
• Support: To respond to your inquiries and provide customer support
• Security: To detect, prevent, and address security issues

3. Data Storage and Security

3.1 Where Your Data is Stored

• Local Storage: Notes may be cached locally in your browser for offline access
• Cloud Storage: Notes are stored on our servers for synchronization
• Encryption: Data is transmitted using HTTPS/TLS
• Authentication: Passwords are hashed using bcrypt; auth tokens are stored in your extension's local storage; only hashed token identifiers are stored server-side for session validation

3.2 Security Measures

• Encryption in transit (HTTPS/TLS)
• Secure authentication using JWT tokens
• Token validation with IP/device context and revocation
• Rate limiting and account lockout
• Input validation and access controls

4. Data Sharing and Disclosure

We do NOT sell, trade, or rent your personal information to third parties.

4.1 We May Share Information With:

• AI Service Providers: For AI-powered features (note enhancement, analysis)
  • We send only the content you choose to process and limited context (e.g., note text, page title/URL)
  • Content may include personal information if you include it
  • Processing is performed by third‑party AI APIs (e.g., OpenAI/OpenRouter) subject to their privacy policies; we do not control their retention
• Service Providers: Hosting, database, and infrastructure providers
  • Bound by confidentiality agreements
  • Access limited to service provision only

4.2 Legal Requirements

We may disclose your information if required by law or in response to valid legal requests, such as:

• Court orders or subpoenas
• Legal processes or government requests
• Protection of our rights, property, or safety
• Prevention of fraud or security issues

5. Your Rights and Choices

5.1 Access and Control

• Access: View all your notes, tasks, and account information
• Edit: Modify or update your notes and account details anytime
• Delete: Remove individual notes or your entire account

5.2 Account Deletion

You can delete your account at any time. Upon deletion:

• All your notes, tasks, and personal data will be permanently deleted
• Deletion is irreversible and cannot be undone
• Some information may be retained for legal or security purposes (e.g., logs)

5.3 Opt-Out Options

• AI Features: You can choose not to use AI-powered features
• Notifications: Disable browser notifications in extension settings
• Sync: Use the extension offline without cloud synchronization

6. Cookies and Tracking

We do not use cookies for authentication. The extension stores your JWT in local storage and sends it via the Authorization header.

• Local Storage: Used by the extension to store your auth token and cache notes for offline access
• No Third‑Party Trackers: We do not use third‑party advertising or cross‑site tracking

7. Children's Privacy

ExtenNote is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

9. Data Retention

• Active Accounts: We retain your data while your account is active
• Deleted Accounts: Associated notes, tags, attachments, reminders, and tasks are removed shortly after account deletion
• Security Logs: Security and system logs are retained for a limited time to ensure system integrity and may persist in backups for a limited period

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date
• Sending a notification through the extension (for material changes)

Your continued use of ExtenNote after changes constitutes acceptance of the updated Privacy Policy.

11. Third-Party Links

ExtenNote may contain links to third-party websites. We are not responsible for the privacy practices of these websites. We encourage you to read the privacy policies of any third-party sites you visit.

12. Your Consent

By using ExtenNote, you consent to this Privacy Policy and agree to its terms.

---

Summary