|
| 1 | +<!doctype html> |
| 2 | +<html lang="en"> |
| 3 | +<head> |
| 4 | + <meta charset="utf-8"> |
| 5 | + <meta name="viewport" content="width=device-width, initial-scale=1"> |
| 6 | + <title>Privacy Policy · Quick Notes</title> |
| 7 | + <meta name="description" content="Quick Notes privacy policy. Local-first. Zero tracking. Optional Google Drive sync uses minimum-privilege appdata scope."> |
| 8 | + <link rel="icon" type="image/png" href="https://raw.githubusercontent.com/quicknotes/quick-notes/main/icons/icon128.png"> |
| 9 | + <style> |
| 10 | + :root { |
| 11 | + --bg: #1F1F1E; |
| 12 | + --bg-alt: #2C2C2A; |
| 13 | + --fg: #e8e6e3; |
| 14 | + --fg-dim: #c1beb8; |
| 15 | + --muted: #8a857e; |
| 16 | + --accent: #d4a85f; |
| 17 | + --border: #3a3a37; |
| 18 | + } |
| 19 | + body { |
| 20 | + margin: 0; |
| 21 | + font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", system-ui, sans-serif; |
| 22 | + background: var(--bg); |
| 23 | + color: var(--fg); |
| 24 | + line-height: 1.7; |
| 25 | + } |
| 26 | + .container { |
| 27 | + max-width: 720px; |
| 28 | + margin: 0 auto; |
| 29 | + padding: 48px 24px; |
| 30 | + } |
| 31 | + h1 { |
| 32 | + font-size: 30px; |
| 33 | + margin: 0 0 8px; |
| 34 | + color: var(--accent); |
| 35 | + } |
| 36 | + h2 { |
| 37 | + font-size: 20px; |
| 38 | + margin: 32px 0 12px; |
| 39 | + color: var(--accent); |
| 40 | + border-bottom: 1px solid var(--border); |
| 41 | + padding-bottom: 6px; |
| 42 | + } |
| 43 | + h3 { font-size: 16px; margin: 20px 0 8px; color: var(--fg-dim); } |
| 44 | + p { margin: 10px 0; } |
| 45 | + a { |
| 46 | + color: var(--accent); |
| 47 | + text-decoration: none; |
| 48 | + } |
| 49 | + a:hover { text-decoration: underline; } |
| 50 | + table { |
| 51 | + width: 100%; |
| 52 | + border-collapse: collapse; |
| 53 | + margin: 12px 0; |
| 54 | + background: var(--bg-alt); |
| 55 | + border-radius: 6px; |
| 56 | + overflow: hidden; |
| 57 | + } |
| 58 | + th, td { |
| 59 | + padding: 10px 14px; |
| 60 | + text-align: left; |
| 61 | + border-bottom: 1px solid var(--border); |
| 62 | + font-size: 14px; |
| 63 | + } |
| 64 | + th { color: var(--accent); font-weight: 600; } |
| 65 | + tr:last-child td { border-bottom: none; } |
| 66 | + code { |
| 67 | + background: var(--bg-alt); |
| 68 | + padding: 2px 6px; |
| 69 | + border-radius: 4px; |
| 70 | + font-family: ui-monospace, Menlo, monospace; |
| 71 | + font-size: 13px; |
| 72 | + } |
| 73 | + .muted { color: var(--muted); font-size: 14px; } |
| 74 | + .summary { |
| 75 | + background: var(--bg-alt); |
| 76 | + border-left: 3px solid var(--accent); |
| 77 | + padding: 16px 20px; |
| 78 | + border-radius: 0 6px 6px 0; |
| 79 | + margin: 16px 0 32px; |
| 80 | + } |
| 81 | + nav { margin-bottom: 32px; } |
| 82 | + nav a { margin-right: 16px; } |
| 83 | + footer { |
| 84 | + margin-top: 48px; |
| 85 | + padding-top: 24px; |
| 86 | + border-top: 1px solid var(--border); |
| 87 | + color: var(--muted); |
| 88 | + font-size: 13px; |
| 89 | + } |
| 90 | + </style> |
| 91 | +</head> |
| 92 | +<body> |
| 93 | + <div class="container"> |
| 94 | + <nav> |
| 95 | + <a href="./">← Home</a> |
| 96 | + <a href="https://github.com/quicknotes/quick-notes">GitHub</a> |
| 97 | + </nav> |
| 98 | + |
| 99 | + <h1>Privacy Policy</h1> |
| 100 | + <p class="muted">Last updated: April 22, 2026</p> |
| 101 | + |
| 102 | + <div class="summary"> |
| 103 | + <strong>The short version:</strong> Quick Notes is a local-first Chrome extension. |
| 104 | + By default, all your data stays on your device. The extension makes zero network |
| 105 | + requests. Optional Google Drive sync is opt-in and uses a minimum-privilege scope |
| 106 | + (<code>drive.appdata</code>) that cannot access your other Drive files. |
| 107 | + </div> |
| 108 | + |
| 109 | + <h2>What data the extension handles</h2> |
| 110 | + <p>Quick Notes handles the following data <strong>only on your local device</strong>, never on a remote server owned by the developer:</p> |
| 111 | + <ul> |
| 112 | + <li><strong>Notes content</strong> — the text, images, and formatting you type into notes.</li> |
| 113 | + <li><strong>History</strong> — records of paste / selection / URL-capture operations you trigger (capped at 200 entries).</li> |
| 114 | + <li><strong>Settings</strong> — your configured themes, URL-pattern rules, per-site default notes, panel opacity, and shape preferences.</li> |
| 115 | + <li><strong>Pasted page content</strong> — if you click the "Paste clipboard," "Insert URL," or "Insert selection" buttons, the content goes into your active note.</li> |
| 116 | + </ul> |
| 117 | + <p>Storage is in Chrome's sandboxed <code>chrome.storage.local</code> API, local to your browser profile.</p> |
| 118 | + |
| 119 | + <h2>What the extension does NOT do</h2> |
| 120 | + <ul> |
| 121 | + <li>Does <strong>not</strong> collect, transmit, or share notes with the developer, analytics services, advertisers, or any third party.</li> |
| 122 | + <li>Does <strong>not</strong> contain tracking, telemetry, or remote logging.</li> |
| 123 | + <li>Does <strong>not</strong> read page content automatically. Page content is captured only when you click a capture button.</li> |
| 124 | + <li>Makes <strong>no network requests at all</strong>, unless you opt into Google Drive sync.</li> |
| 125 | + </ul> |
| 126 | + |
| 127 | + <h2>Optional: Google Drive sync</h2> |
| 128 | + <p>If you <strong>explicitly</strong> enable Drive sync in the options page:</p> |
| 129 | + <ul> |
| 130 | + <li>You grant the extension the <code>https://www.googleapis.com/auth/drive.appdata</code> scope only. This scope allows reading and writing files in a hidden per-app folder (the "appDataFolder") in your Google Drive.</li> |
| 131 | + <li>This folder is <strong>not visible</strong> in your regular Drive UI and cannot be accessed by any other application.</li> |
| 132 | + <li>The extension <strong>cannot</strong> see, read, or modify your other Drive files. The <code>drive.appdata</code> scope is specifically sandboxed.</li> |
| 133 | + <li>Your notes, images, and settings are packaged as a single JSON file and uploaded to this private folder, then downloaded when syncing from another device.</li> |
| 134 | + <li>Sync frequency is configurable (manual, or every 5/15/30/60 min). You can sign out at any time.</li> |
| 135 | + </ul> |
| 136 | + <p>No other Google APIs or services are contacted.</p> |
| 137 | + |
| 138 | + <h2>Third-party services</h2> |
| 139 | + <p>Quick Notes uses exactly one optional third-party service:</p> |
| 140 | + <ul> |
| 141 | + <li><strong>Google Drive</strong> (only when sync is enabled). Its own privacy policy applies: <a href="https://policies.google.com/privacy">policies.google.com/privacy</a>.</li> |
| 142 | + </ul> |
| 143 | + <p>No other third parties are involved.</p> |
| 144 | + |
| 145 | + <h2>Permissions explained</h2> |
| 146 | + <table> |
| 147 | + <thead><tr><th>Permission</th><th>Why</th></tr></thead> |
| 148 | + <tbody> |
| 149 | + <tr><td><code>storage</code></td><td>Save notes and settings in <code>chrome.storage.local</code>.</td></tr> |
| 150 | + <tr><td><code>scripting</code></td><td>Inject the floating panel into the active tab on user command.</td></tr> |
| 151 | + <tr><td><code>clipboardRead</code></td><td>The Paste button reads the clipboard — only when you click it.</td></tr> |
| 152 | + <tr><td><code>contextMenus</code></td><td>Right-click menu entries for sending selected text / URLs to notes.</td></tr> |
| 153 | + <tr><td><code>identity</code></td><td>Google sign-in (only if you enable Drive sync).</td></tr> |
| 154 | + <tr><td><code>alarms</code></td><td>Schedule periodic auto-sync to Drive (only if enabled).</td></tr> |
| 155 | + <tr><td><code><all_urls></code></td><td>So the floating panel can appear on any page. No page content is read unless you click Insert URL or Insert Selection.</td></tr> |
| 156 | + </tbody> |
| 157 | + </table> |
| 158 | + |
| 159 | + <h2>Exporting and deleting your data</h2> |
| 160 | + <h3>Export</h3> |
| 161 | + <p>At any time, export all your local data as a JSON file via the options page's Backup & Restore section. This file is saved via your browser's normal download flow — the extension does not upload it anywhere.</p> |
| 162 | + <h3>Delete (local)</h3> |
| 163 | + <p>Options page → Storage → "Reset everything." Or uninstall the extension.</p> |
| 164 | + <h3>Delete (Google Drive, if sync was enabled)</h3> |
| 165 | + <p>Options → Google Drive sync → Sign out. Then visit <a href="https://myaccount.google.com/permissions">myaccount.google.com/permissions</a>, find Quick Notes, and revoke access.</p> |
| 166 | + |
| 167 | + <h2>Children's privacy</h2> |
| 168 | + <p>Quick Notes is not directed at children under 13.</p> |
| 169 | + |
| 170 | + <h2>Changes to this policy</h2> |
| 171 | + <p>If this policy changes, the new version will be committed to the public repository at |
| 172 | + <a href="https://github.com/quicknotes/quick-notes/blob/main/PRIVACY.md">github.com/quicknotes/quick-notes/blob/main/PRIVACY.md</a> with a new "Last updated" date, and this page will be updated accordingly.</p> |
| 173 | + |
| 174 | + <h2>Contact</h2> |
| 175 | + <p>Open an issue at <a href="https://github.com/quicknotes/quick-notes/issues">github.com/quicknotes/quick-notes/issues</a>.</p> |
| 176 | + |
| 177 | + <footer> |
| 178 | + <strong>Developer</strong>: <a href="https://github.com/mthcht">@mthcht</a> · |
| 179 | + <strong>Source</strong>: <a href="https://github.com/quicknotes/quick-notes">github.com/quicknotes/quick-notes</a> · |
| 180 | + <strong>License</strong>: MIT |
| 181 | + </footer> |
| 182 | + </div> |
| 183 | +</body> |
| 184 | +</html> |
0 commit comments