Myndo Browser Extension Privacy Policy

This Privacy Policy describes how Myndo ("Extension," "we," "our," or "us") handles information when you use our browser extension. We are committed to protecting your privacy and have designed the Extension to minimize data collection while providing its core functionality.

By using the Extension, you agree to this policy. If you do not agree, please do not use the Extension.

Scope

This policy applies only to the Myndo browser Extension. It does not apply to third‑party websites you visit, to Google services, or to data collected by other products or services.

Information We Collect

We collect the minimum data necessary to operate the Extension.

1) Authentication and Account Information

• Google OAuth information necessary to sign you in and access Google Drive within the scope you approve (currently `drive.file` and basic profile scopes).
• Email address and basic profile details (name, profile picture) provided by Google if you grant those scopes, used for account identification and support.
• Access/refresh/session tokens and device/security tokens used to authenticate requests and keep your session secure.

2) Operational Metadata (Non‑content)

• IDs and relationships for folders/documents that the Extension creates in your Google Drive (e.g., folder/document IDs and parent/child relationships).
• Minimal state needed to run features (e.g., timestamps, versioning, success/error flags). We do not collect or store your clipped content or file bodies on our servers.
• We do not store the names you give to files/notebooks on our servers. Names may be handled locally with Google APIs as needed to create or update files in your Google Drive.

3) When You Clip Content

• Selected webpage content is processed locally in your browser and sent directly to Google APIs (e.g., Google Drive/Docs) under your account. We do not receive or store the content on our servers.

We Do Not Collect

• Your browsing history or web activity across sites.
• The content you clip (it goes from your browser directly to Google Drive/Docs).
• Sensitive personal information beyond what is needed for authentication and operation of the Extension.
• Analytics or telemetry about your usage of the Extension.

How We Use Information

We use information solely to provide, maintain, secure, and improve the Extension:

• Authenticate you and enable access to Google Drive using the least‑privileged scope (`drive.file`), limited to files created by the Extension; no full‑Drive access.
• Create and update documents/folders you choose to create via the Extension.
• Maintain your notebook/project structure using non‑content metadata (IDs/relationships) as needed for functionality.
• Provide customer support and troubleshoot issues.
• Maintain security, prevent fraud/abuse, and comply with law.

We do not use your information for advertising, interest‑based profiling, or data monetization.

Browser Extension Permissions

The Extension requests only the minimum permissions required for its features:

• `activeTab`: Access the current tab when you choose to clip.
• `identity`: Use Chrome Identity for Google OAuth sign‑in.
• `storage`: Store minimal settings/tokens locally.
• `scripting`: Inject code only when you actively use clipping features.
• Host permissions for Google and our backend services to complete authentication and file operations.

Google Drive scope `https://www.googleapis.com/auth/drive.file`: The Extension can only create, view, and modify files and folders that it creates (and items you explicitly choose to open with the Extension). It cannot access your other Drive files and does not provide full‑Drive access.

Data Storage and Security

On Your Device

• Access tokens and similar credentials are encrypted using the Web Crypto API (AES‑GCM) and stored via the browser extension storage.
• Short‑lived tokens may be kept in memory only; persistent tokens are encrypted at rest.

On Our Servers

• We may store session tokens, device tokens, and minimal operational metadata required for authentication and device/session management. These are protected using industry‑standard encryption in transit (TLS) and strong encryption at rest.

Processing and Transmission

• Clipped content is processed locally and transmitted directly from your browser to Google APIs over TLS; we do not store content on our servers.
• All transmissions of personal or sensitive data are sent over secure connections (HTTPS/TLS).

We employ the principle of least privilege, access controls, and monitoring to protect your information.

Data Retention

• Authentication/session/device tokens: retained only as long as needed to maintain your session and operate the Extension. Revoked when you log out or disconnect access in your Google Account.
• Operational metadata (non‑content): retained as long as needed for the features you use and deleted upon account deletion or when you remove related projects.
• We do not retain the content you clip on our servers.

User Controls

• Revoke access at any time from within the Extension or via your Google Account settings.
• Delete files/folders created by the Extension directly from your Google Drive.
• Request deletion of server‑side authentication/session metadata by contacting us (see Contact section). We will complete deletion within 30 days unless a longer period is required by law or to resolve a security issue.

Sharing of Information

We do not sell or rent your personal information.

We may share information only as follows:

• With Google services/APIs to perform the actions you request (e.g., create or update a Google Doc/Drive folder).
• With service providers who assist us in operating the Extension (bound by confidentiality and security obligations; no advertising use).
• For legal, safety, or security reasons (e.g., to comply with law or investigate abuse).
• In connection with a business transfer (e.g., merger/acquisition) subject to this policy's protections and any required notices.

No sharing for advertising or data brokerage.

International Data Transfers

We may process data in countries other than your own. When we transfer personal information internationally, we use appropriate safeguards (such as encryption and contractual protections) consistent with applicable law.

Children's Privacy

The Extension is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided personal information to us, please contact us so we can delete it.

Your Privacy Rights

Depending on your location, you may have rights to access, correct, delete, or port your personal information, or to object to or restrict processing. To exercise these rights, contact us (see Contact). We will respond as required by applicable law.

Data Breach Notification

In the unlikely event of a security incident affecting your personal information, we will notify you in accordance with applicable law. Where we have a valid email address associated with your account, we will contact you within required timelines.

Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via the Extension and/or our website, and the "Last updated" date will be revised.

Contact Us

If you have questions about this policy or our data practices, contact: support@myndoai.com