Privacy Policy

NotionSesh ("we," "us," or "the Extension") respects your privacy. This policy explains how we handle your data when you use our Chrome extension to capture and format web content for Notion.

We operate on a privacy-first basis: we do not require accounts, we do not track your browsing history, and we do not sell your data.

1. Data Collection & Storage

We minimize data collection. Data is handled in three main ways: stored locally on your device, sent briefly to our backend for processing, or hosted for Notion embedding.

A. Local Data (Stored on your device)

The following data is stored in your browser's local storage (chrome.storage.local) and never leaves your device:

• Editor Session: The text blocks and content you have captured.
• Preferences: Settings such as theme mode (dark/light) and equation toggles.
• Installation ID: A randomly generated UUID used to anonymously track daily usage limits.
• Image Tracking: Temporary tracking data used to manage which uploaded screenshots are currently active in your editor.

B. Server-Side Data (Sent to our Backend)

We use a secure backend (Supabase) to manage usage limits and processing.

• Anonymous Usage Data: We store your Installation ID, daily usage counts, and coupon redemptions. This data is not linked to your name, email, or IP address.
• Voluntary Feedback: If you submit feedback, we store the text description and any images or email addresses you voluntarily provide.
• AI Feedback: If you explicitly rate an AI capture (thumbs up/down) or report an error, we store the screenshot image and the AI response for debugging purposes.

C. Transient Data (AI Processing)

When you trigger an AI capture (e.g., converting a screenshot or complex text):

• The screenshot, selected text, and source URL are sent to our processing server.
• This data is passed immediately to our AI providers (Google Vertex AI or Mathpix) for extraction.
• Crucially: This data is transient. Once the extraction is returned to you, the image and text are discarded by our server. They are not stored in our database unless you manually submit a feedback report regarding that specific capture.

D. Hosted Content (Manual Screenshot Feature)

When you use the manual screenshot feature to capture a portion of your browser tab, we host the image so it can be displayed in Notion.

• What is collected: A JPEG image containing only the pixel content of your selected screen area. We do not collect metadata, user identifiers, cookies, or browsing history alongside this image.
• Where it is stored: Images are uploaded to a publicly accessible Supabase Storage bucket (backed by AWS S3).
• Access & Security: Images are assigned a random, unguessable UUID filename. While the URL is publicly readable, only someone with the exact URL can access it.
• Retention & Deletion:
  • Active Cleanup: If you delete a screenshot from the extension editor or clear your session, the uncopied image is automatically deleted from our servers.
  • Permanent Storage: Once you click "Copy to Notion," the image must be retained indefinitely so your Notion page does not break.
  • Orphaned Images: If you uninstall the extension before copying an uploaded image, our servers can no longer identify it for deletion, and it will persist in storage indefinitely.

2. Third-Party Services

We use a select few trusted third-party services to provide functionality. We do not use third-party analytics (like Google Analytics) or tracking SDKs.

3. Permissions

We request specific Chrome permissions solely to enable core features:

• activeTab & scripting: To capture the text or screenshot you select on the current page.
• clipboardWrite: To allow you to paste formatted content into Notion.
• storage: To save your settings locally.
• <all_urls>: Required for the screenshot engine to function on any page you visit.

4. Data Security

• Encryption: All data transmitted between the extension, our backend, and AI providers is encrypted via HTTPS.
• Anonymity: Users are identified solely by a random UUID. We cannot link this ID to a real person, Google Account, or Chrome Profile. Hosted screenshots are entirely decoupled from any user identifier.
• Access Control: Our database is protected by Row Level Security, ensuring no unauthorized access to data.

5. Legal Basis & International Transfers

A. Legal Basis for Processing

We process your data under the following legal bases (GDPR Art. 6 and Swiss FADP):

• Performance of Contract: Processing your text/images and hosting your screenshots is necessary to fulfill the core service of the Extension.
• Legitimate Interest: We process anonymous usage statistics and error logs to improve the stability and performance of the Extension.

B. International Data Transfers

Our backend services (Supabase, Google Cloud) are located in the United States (specifically us-east-1 for image storage). By using the Extension, you acknowledge that your data is transferred to the US for processing and storage.

We ensure your data is protected through:

• Standard Contractual Clauses (SCCs): Our agreements include clauses approved by the European Commission and Swiss FDPIC.
• Data Privacy Framework: Our providers are certified under the EU-U.S. and Swiss-U.S. Data Privacy Frameworks.

6. Your Rights (GDPR)

Under the GDPR and Swiss FADP, you have the right to access, correct, and delete your data.

• Deletion: You can delete all local data by uninstalling the extension. Because server-side data (usage stats and hosted screenshots) is entirely anonymous, we cannot process individual deletion requests for server-side files.
• Complaints: You have the right to lodge a complaint with a supervisory authority. In Switzerland, this is the Federal Data Protection and Information Commissioner (FDPIC).

7. Contact

If you have questions about this policy or privacy concerns, please contact the developer directly:

Email: ajustus@student.ethz.ch