Privacy Policy - ToastMark

Core principle:
ToastMark is designed with privacy first. Your bookmarks and web content are stored locally in your browser by default. Data is only synced to our cloud when you actively sign in and subscribe to a paid plan, to enable cross-device access. You can sign out, disable sync, or delete all data at any time.

1. What Data We Collect

1.1 Account Data (sign-in only)

When you choose to sign in to a ToastMark account, we use Supabase Auth to obtain your identity: email address, the unique user ID returned by your OAuth provider (such as Google), and optionally an avatar or display name. Passwords are encrypted by Supabase Auth and we have no access to plain-text passwords.

1.2 Web Content (only when you actively bookmark)

When you click the "Save" button, the extension extracts the following content from the current page:

Data Type	Description	Purpose
URL & domain	Current page URL and hostname	Storage and deduplication
Page title	HTML title tag	Display and search
Page description	meta description	Display and AI summary
Body text	Main text of the page (truncated at 5,000 characters)	AI summary generation
Page screenshot	PNG of the visible area	Display and share cards
Categories & tags	Categories assigned by AI or manually by you	Organization and filtering

1.3 Subscription & Usage Data

If you subscribe to a paid plan, payment is handled directly by Stripe (we never touch your credit card or bank information). We only receive subscription status (active / expired / plan ID) from Stripe webhooks. To enforce free-tier quotas, we record the total number of bookmarks and categories associated with your account.

1.4 Data We Do NOT Collect

✗ Browsing history
✗ Form inputs, passwords, or credit card information
✗ Cookies or session data
✗ Any page content other than what you actively bookmark
✗ Third-party analytics or advertising trackers
✗ Precise geolocation

2. Where Data Is Stored

2.1 Local Storage (default)

All bookmarks, categories, and settings are first written to chrome.storage.local using Chrome's secure storage mechanism. For users who are not signed in, data is stored only here and never leaves your browser. Uninstalling the extension clears local data automatically.

2.2 Supabase Cloud Sync (paid users)

Once paid subscribers sign in, bookmarks and categories are synced to our managed Supabase database (hosted on AWS, region managed by Supabase). The database uses Row Level Security (RLS) to enforce that only you can read or write your own data; no third party (including us) can bypass this policy.

Note for free users: Free-tier users' bookmark data is not uploaded to Supabase and remains only on your device.

2.3 Custom Database (optional)

You may also configure your own Turso database as a storage backend in settings. In this mode, data flows directly from your browser to a database you control, never passing through ToastMark's servers.

3. Data Usage & Third Parties

3.1 AI Summary Service

AI summaries are generated by the model you select. Two modes are available:

Bring your own key:You enter your own OpenAI, Anthropic, OpenRouter, or custom API key in settings. Requests are sent directly from your browser to the corresponding provider and never pass through ToastMark servers.
Built-in proxy (default for paid users):For convenience, we provide a built-in AI proxy based on OpenRouter, deployed as a Supabase Edge Function. In this mode, your request content (page body text) is forwarded through ToastMark servers to OpenRouter. We do not persist request content; we only record call counts to enforce paid-tier quotas.

3.2 Payments (Stripe)

Paid subscriptions are processed via Stripe Checkout. Your credit card and payment details are handled and stored entirely by Stripe; we only receive subscription status events via Stripe webhooks.

3.3 Authentication (Google OAuth)

You may sign in using a Google account. The OAuth flow is handled by Google and Supabase Auth; we only receive the necessary identity information returned by Google (email, user ID, optional avatar).

3.4 Sharing

Share card images are rendered locally on your device. They are only uploaded to a social platform when you actively click "Share to...".

About third-party services:

Data is sent to a provider only when you configure or use that service.
Third-party services (OpenAI, Anthropic, Stripe, Google, etc.) are governed by their own privacy policies.
We do not share your data with any advertising networks or data brokers.

4. Permissions

The extension requests the following Chrome permissions, each with the purpose explained below:

Permission	Purpose
activeTab	Capture a screenshot of the current tab
scripting	Inject scripts to extract webpage information
storage	Store user configuration and bookmarks
tabs	Obtain the current tab's URL and title
contextMenus	Provide right-click menu shortcuts
unlimitedStorage	Store large amounts of bookmark data
identity	Support Google OAuth sign-in
notifications	Show success / failure notifications
offscreen	Render share-card images in the background
sidePanel	Display the bookmark panel in the browser side panel
<all_urls>	Work on any webpage (only when you actively trigger it)

About the <all_urls> permission: This permission allows the extension to run content scripts on any website. It is required because users may want to bookmark any webpage. The extension does not collect any data automatically — content is extracted only when you actively click to save.

5. Your Rights

You have full control over your data:

5.1 View Your Data

View all saved bookmarks on the Bookmarks page
View all configuration and subscription status on the Settings page

5.2 Export

Export a full JSON backup from the Bookmarks page
Export via a custom API or your Turso database

5.3 Delete

Delete any individual bookmark or category at any time
Clear all local data with one click in Settings
Uninstalling the extension removes all local data

5.4 Delete Your Account

To delete your account and all cloud data, please contact us via GitHub Issues. We will process the request within 30 days.

5.5 Disable Features

Disable cloud sync (simply sign out)
Disable the AI summary feature entirely
Switch to bring-your-own-key instead of the built-in AI proxy

6. Data Security

All network traffic uses HTTPS + TLS encryption
API keys are stored in Chrome's secure storage and never hard-coded in source
The Supabase database enforces per-user isolation via Row Level Security
Bookmark and category limits are enforced on the server via database triggers to prevent client-side bypass
The source code is fully open source and available for audit on GitHub

7. Children's Privacy

This extension is not directed at children under 13, and we do not knowingly collect personal information from children. If you are a parent or guardian and discover your child is using this extension, please contact us.

8. Chrome Web Store Limited Use Statement

ToastMark complies with the Chrome Web Store User Data Policy, including the Limited Use requirements. We do not use the data produced through this extension for advertising, selling to third parties, or training AI models. Data is only used to provide the core features (bookmarking, AI summaries, and cross-device sync) to you personally.

9. Policy Updates

We may update this privacy policy from time to time. Material changes will be announced via the extension's update notes and the GitHub repository. Please review this page periodically to stay informed.

10. Open Source

This extension is fully open source under the MIT license. The source code is hosted on GitHub; you can review it to verify our privacy commitments.

11. Contact

If you have any questions or suggestions regarding this privacy policy, please contact us via:

GitHub Issues：github.com/alianrock/data_gather_extension/issues