Privacy Policy

    Effective Date: May 6, 2026

    SnapIndex ("we", "our", "us") respects your privacy. This Privacy Policy explains how our Chrome extension ("SnapIndex" or the "Extension") handles your data.

    1. Core Principle

    SnapIndex is built as a local-first tool. Most data processing (screenshots, scroll captures, OCR, annotations) happens entirely on your device and is not sent to our servers.

    2. Data We Collect

    2.1 Data Processed Locally (Not Collected by Us)

    The Extension may process:

    • Screenshots and screen recordings
    • Webpage content (for scroll capture and OCR)
    • Extracted text from images or pages
    • User annotations (text, drawings, highlights)

    This data:

    • Stays on your device
    • Is not transmitted to our servers
    • Is only used to provide the Extension functionality

    2.2 Account & Backend Data (Cloudflare Worker)

    When you use paid features, link Google Drive, or enable cross-device library sync, the Extension sends limited data to our backend:

    • A pseudonymous install ID (random UUID generated on first run)
    • A browser fingerprint hash, derived from a canvas rendering test plus user agent, language, screen dimensions, timezone offset, and CPU thread count. It is used solely to re-link your account if you reinstall the Extension.
    • Your email address, if you have signed in or subscribed
    • Subscription state (sourced from Stripe events)
    • Plan-quota counters (e.g. number of captures used in the current period)

    2.3 Cross-Device Library Sync (Opt-In)

    Cross-device library sync is off by default. If you enable it under Settings → Capture, the Extension sends per-capture metadata to our backend so your library appears on every device you sign into:

    • Capture URL
    • Page title
    • Capture timestamp
    • Capture type (visible / scrollshot / area)
    • OCR status (succeeded or failed; never the OCR text itself)
    • Google Drive file ID, if you uploaded the capture
    • Image dimensions

    OCR text, capture images, annotations, and click-sequence data are never sent to our backend, regardless of this setting. You can disable sync at any time under Settings → Capture; doing so clears the local outbox and any pending records are discarded.

    2.4 Anonymous Usage Telemetry (Opt-Out)

    We collect pseudonymous, low-cardinality events to fix bugs and prioritize features:

    • Install ID, plan tier, and Extension version
    • UI events (capture started, export completed, sidebar opened, etc.)
    • OCR pipeline stage timings and error codes
    • Failure reasons for capture, OCR, or Drive upload

    We never include URLs, page titles, image data, OCR text, or your email in these events. Events are sent to our Cloudflare Worker, which writes them to Cloudflare Analytics Engine and forwards an allowlisted subset to PostHog server-side. Your browser does not connect to PostHog directly.

    You can disable telemetry at any time under Settings → Capture → Share anonymous usage data.

    2.5 Optional Integrations

    • Google Drive: when you grant access, files are uploaded only on your explicit action via the official Google Drive API (www.googleapis.com). Signing out revokes the token via accounts.google.com/o/oauth2/revoke. We never read or list other files in your Drive.
    • Tesseract OCR language packs: when OCR runs, the Extension may download a language model (.traineddata.gz) from tessdata.projectnaptha.com, a public CDN we do not operate. The CDN may log standard request metadata (such as IP and user agent) per its own policies.
    • Stripe: when you start a subscription, your email is sent to Stripe to create a customer record. Card details are entered directly into Stripe's hosted checkout and never touch our servers. See https://stripe.com/privacy.

    3. How We Use Data

    We use data strictly to:

    • Provide core functionality
    • Manage subscriptions
    • Improve the product

    We do not:

    • Sell your data
    • Use your content for advertising
    • Train AI models on your data

    4. Data Storage

    • Local data — stored in chrome.storage.local on your device. Uninstalling the Extension removes it.
    • Account & sync data — stored in Cloudflare D1, keyed by your install ID and email.
    • Idempotency and quota cache — short-lived entries in Cloudflare KV (24-hour TTL).
    • Buffered Stripe events for users we cannot yet match — Cloudflare KV with a 30-day TTL.
    • Analytics events — Cloudflare Analytics Engine and PostHog. Retention follows each provider's policy.
    • Payment data — handled by Stripe per their privacy policy.

    5. Data Retention

    • Local data: controlled by you; removed when you uninstall the Extension or clear local storage.
    • Account & sync data: retained until you request deletion.
    • Idempotency / Stripe-event buffers: expire automatically (24 hours and 30 days respectively).
    • Third-party services (Stripe, PostHog, Cloudflare Analytics Engine, Google Drive): retention is governed by their respective privacy policies.

    6. Your Rights and Controls

    You can:

    • Disable cross-device library sync at any time (Settings → Capture → Cross-device library sync)
    • Disable anonymous usage telemetry (Settings → Capture → Share anonymous usage data)
    • Revoke Google Drive access (Settings → Drive)
    • Stop using the Extension at any time
    • Request access to or deletion of your account data by emailing [email protected] with the email address or install ID you used. We will respond within 30 days.

    7. Security

    We implement:

    • Secure HTTPS communication
    • Minimal data collection
    • Local-first processing

    8. Changes

    We may update this policy. Updates will be posted on this page.