Privacy Policy for Highlighter Extension

Introduction

Thank you for using Highlighter Extension ("we," "our," "the extension," or "the service"). Your privacy is important to us. This Privacy Policy explains what information we collect, how we use it, how we store it, and your rights regarding your data.

By using Highlighter Extension, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Email Address: Used for authentication and password recovery
• Password: Securely encrypted and stored through Supabase authentication (we never see your plaintext password)
• User ID: Automatically generated unique identifier for your account

1.2 Highlight Data

When you create, edit, or save highlights, we collect:

• Selected Text: The exact text content you choose to highlight on web pages
• Full URL: The complete web address (including query parameters and fragments) of the page where you created the highlight
• Notes: Any notes you add to your highlights
• Contextual Information: Text before and after your highlight (prefix and suffix) to help accurately restore highlights
• Position Data: Technical information including CSS paths, character offsets, and DOM positions needed to restore highlights accurately
• Highlight Colors: Your selected highlight colors
• Timestamps: When highlights were created, modified, or deleted

1.3 Technical Information

• Extension Version: To provide support and ensure compatibility
• Browser Type: For troubleshooting purposes
• Sync Status: To manage data synchronization between devices

1.4 Information We Do NOT Collect

We DO NOT collect:

• Browsing history beyond pages where you create highlights
• Full page content (only text you explicitly select)
• Cookies or tracking data from websites you visit
• Analytics, telemetry, or usage statistics
• Device identifiers beyond what's necessary for authentication
• Location data
• Financial information
• Any data from pages where you don't create highlights

2. How We Use Your Information

We use your information solely to provide and improve our service:

2.1 Core Functionality

• Authenticate your identity and maintain your session
• Store and display your highlights across devices
• Synchronize highlights across multiple browsers and devices
• Restore highlights when you revisit web pages
• Allow you to edit, search, and delete your highlights

2.2 Communication

• Send password reset emails when requested
• Respond to support inquiries (if you contact us)

2.3 Service Improvement

• Fix bugs and technical issues
• Improve highlight accuracy and performance

3. How We Store and Protect Your Data

3.1 Data Storage

Your data is stored using Supabase, a trusted backend-as-a-service platform:

• Service Provider: Supabase (https://supabase.com)
• Security Certification: SOC 2 Type II certified
• Compliance: GDPR and CCPA compliant
• Encryption: All data transmitted between your browser and Supabase is encrypted using HTTPS/TLS
• Password Security: Passwords are hashed using industry-standard algorithms (bcrypt) and never stored in plaintext

3.2 Local Storage

• Highlights are cached locally in your browser's storage for offline access and performance
• Local data syncs with cloud storage when you're online and authenticated

3.3 Security Measures

We implement industry-standard security practices:

• HTTPS/TLS encryption for all data in transit
• Secure authentication with hashed passwords
• Role-based access controls (users can only access their own data)
• Regular security updates and patches
• Protection against common vulnerabilities (SQL injection, XSS, CSRF)

4. Data Sharing and Third Parties

4.1 Third-Party Service Providers

We share your data only with the following third party:

4.2 We Do NOT Share Data With:

• Advertisers or marketing companies
• Data brokers
• Social media platforms
• Analytics companies (we don't use Google Analytics or similar services)
• Any other third parties, except as required by law

4.3 Legal Requirements

We may disclose your information if required to:

• Comply with valid legal processes (subpoena, court order, search warrant)
• Protect our legal rights or defend against legal claims
• Prevent fraud, abuse, or security threats
• Protect the safety of users or the public

We will notify you of such requests unless prohibited by law.

5. Your Rights and Choices

You have the following rights regarding your data:

6. Data Retention

6.1 Active Accounts

We retain your data as long as your account is active and you continue using the service

6.2 Inactive Accounts

• Accounts inactive for 2 years may be marked for deletion
• We will attempt to notify you before deletion

6.3 Deleted Accounts

• After you request account deletion, all your data is permanently deleted within 30 days
• Backup copies may be retained for up to 90 days for disaster recovery purposes only

6.4 Individual Highlights

• Deleted highlights are removed immediately from active systems
• May persist in backups for up to 90 days

7. Children's Privacy

Highlighter Extension is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

If you believe a child under 13 has provided us with personal information, please contact us immediately, and we will delete the information promptly.

8. International Users and Data Transfers

8.1 Data Transfers

Your data is processed and stored on Supabase servers. By using our extension, you consent to the transfer of your information to countries that may have different data protection laws than your country of residence.

8.2 European Union Users (GDPR Rights)

If you're in the EU, you have additional rights under GDPR:

• Right to Access: Obtain a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure ("Right to be Forgotten"): Request deletion of your data
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to processing of your data
• Right to Withdraw Consent: Withdraw consent at any time
• Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise these rights, contact us.

8.3 California Users (CCPA Rights)

If you're a California resident, you have rights under CCPA:

• Right to Know: What personal information we collect and how it's used
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: We do NOT sell your personal information (and never will)
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights

9. Browser Permissions Explained

Our extension requests the following Chrome permissions:

10. Cookies and Tracking

• We do NOT use cookies for tracking
• We do NOT use web beacons, pixels, or fingerprinting
• We do NOT integrate with analytics services (no Google Analytics, Mixpanel, etc.)
• We use secure session tokens to keep you logged in (stored locally in your browser)

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our practices, legal requirements, or new features.

11.1 Notification of Changes

When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Display a notice in the extension (for significant changes)
• Email you (for major changes affecting your rights)

11.2 Your Continued Use

Your continued use of the extension after changes take effect constitutes acceptance of the updated Privacy Policy.

12. Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will:

• Notify you within 72 hours of discovering the breach
• Inform you of what data was affected
• Explain the steps we're taking to address the breach
• Provide guidance on protecting yourself

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your data:

For data access, deletion, or export requests, please include:

• Your registered email address
• A description of your request
• Verification of your identity (for security purposes)

14. Legal Compliance

This extension and privacy policy comply with:

• General Data Protection Regulation (GDPR) - EU
• California Consumer Privacy Act (CCPA) - USA
• Chrome Web Store Developer Program Policies
• Supabase Terms of Service and Privacy Policy

15. Your Consent

By using Highlighter Extension, you consent to:

• The collection, use, and storage of your data as described in this policy
• The transfer of your data to Supabase servers
• The storage of full URLs including query parameters
• The synchronization of your highlights across devices

You can withdraw consent at any time by signing out, uninstalling the extension, or requesting account deletion.

16. Limitation of Liability

While we implement robust security measures, no system is completely secure. We cannot guarantee absolute security of your data. Use of this extension is at your own risk.

17. Transparency

We believe in transparency. Our extension's code structure and data practices are as described in this policy. If you have technical questions about how we handle data, contact us.