This Privacy Policy explains how Stashy ("we", "our", or "extension") collects, uses, stores, and protects your information when you use our Chrome extension. Stashy is designed with privacy-first principles, ensuring your data remains under your control.
How We Use Your Information
Stashy uses your information exclusively to provide functionality and enhance your experience. We follow data minimization principles and only process data necessary for the requested features.
Core Functionality
- Note-Taking: Store, organize, and display your notes and highlights across webpages
- Content Enhancement: Format, structure, and improve your content using rich text features
- Search & Organization: Enable searching, filtering, and organizing your content
- Template Processing: Apply templates and smart placeholders to create structured content
AI-Powered Features
- Content Analysis: Process webpage content and your notes for AI-powered insights
- Text Enhancement: Improve, summarize, and expand your content using AI services
- Academic Problem Solving: Analyze and solve STEM problems with step-by-step explanations
- Video Intelligence: Extract insights, transcripts, and analysis from video content
Cloud Integration
- Data Synchronization: Sync your data across devices via Google Drive (optional)
- Document Export: Export notes to Google Docs and other formats
- Calendar Integration: Create calendar events and reminders (optional)
- Backup & Recovery: Maintain backups of your data in your personal cloud storage
Voice & Media Processing
- Speech Recognition: Convert voice to text using various speech recognition providers
- Screenshot Processing: Capture, optimize, and store webpage screenshots
- Media Enhancement: Process and optimize images and other media content
Data Storage & Location
Stashy employs a privacy-first, local-first storage architecture with optional cloud synchronization:
Local Storage (Primary)
- Browser Storage: All data is primarily stored locally using Chrome's secure storage APIs
- Encrypted Storage: Sensitive data (API keys, personal information) is encrypted before storage
- IndexedDB: Large content and media files are stored in browser's IndexedDB for performance
- Offline Access: All core functionality works without internet connection
Cloud Storage (Optional)
- Google Drive: If enabled, notes, highlights, and screenshots are synced to your personal Google Drive
- Google Docs: Exported documents are saved to your Google Docs account
- User-Controlled: Cloud sync can be enabled/disabled at any time
- Personal Account Only: Data is stored only in your personal cloud accounts, never on our servers
What We Don't Store
- No Central Servers: We do not maintain any servers that store your personal data
- No Analytics: We do not collect usage analytics or tracking data
- No Behavioral Data: We do not track your browsing habits or website visits
- No Personal Profiles: We do not create profiles or databases of user information
Third-Party Services & Integrations
Stashy integrates with various third-party services to provide enhanced functionality. All integrations are optional and user-controlled:
Google Services
- Google Drive API: For syncing notes, highlights, and screenshots to your personal Drive
- Google Docs API: For exporting notes to Google Docs format
- Google Calendar API: For creating reminder events and calendar integration
Privacy Policy: Google Privacy Policy
Speech Recognition Providers
- Browser Speech API: Built-in browser speech recognition (processed locally)
- Google Cloud Speech-to-Text: High-accuracy cloud-based transcription
- Microsoft Azure Speech: Enterprise-grade speech recognition
- AssemblyAI: Advanced speech recognition with AI features
Data Handling with Third-Party Services
- User Consent: All third-party integrations require explicit user consent and setup
- API Key Control: You provide and control your own API keys for external services
- Data Minimization: Only necessary data is sent to third-party services
- Temporary Processing: Voice data is processed and immediately deleted by speech services
- No Data Sharing: We do not share your data with third parties beyond your explicit requests
AI Services & Data Processing
Stashy's AI features use multiple providers to enhance your content and provide intelligent analysis:
Supported AI Providers
- OpenAI (ChatGPT): Advanced language processing and content generation
- Google AI (Gemini): Intelligent content analysis and reasoning
- Anthropic (Claude): Safety-focused AI with excellent reasoning capabilities
- Cohere: Enterprise-grade language processing
- Hugging Face: Open-source AI models and research
AI Data Processing Principles
- User-Controlled API Keys: You provide and manage your own API keys for AI services
- Direct Communication: Stashy communicates directly with AI providers using your credentials
- No Data Intermediation: We do not store, log, or process your AI interactions
- Temporary Processing: AI providers process your content temporarily and do not retain it (per their policies)
- Content Minimization: Only relevant content is sent to AI services for processing
- Provider Choice: You can choose which AI provider to use or disable AI features entirely
Data Security & Protection
Stashy implements comprehensive security measures to protect your data:
Encryption & Storage Security
- End-to-End Encryption: Sensitive data is encrypted before storage using industry-standard encryption
- API Key Protection: All API keys are encrypted using AES-256 encryption before storage
- Secure Storage APIs: Uses Chrome's secure storage APIs with built-in protection
- Local-First Architecture: Primary data storage is local, reducing exposure to network threats
Network Security
- HTTPS Only: All external communications use encrypted HTTPS connections
- OAuth2 Authentication: Secure OAuth2 flow for Google services authentication
- Content Security Policy: Strict CSP implementation prevents XSS and injection attacks
- Subresource Integrity: Verification of external resources to prevent tampering
Access Control
- Minimal Permissions: Extension requests only necessary browser permissions
- User-Controlled Access: All external service access requires explicit user authorization
- Session Management: Secure session handling with automatic token refresh
- Permission Auditing: Regular review and minimization of required permissions
Your Rights & Controls
You have comprehensive rights and controls over your data when using Stashy:
Data Access Rights
- Full Access: Access all your data directly through the extension interface
- Data Export: Export your notes, highlights, and settings in multiple formats (JSON, HTML, PDF, etc.)
- Search & Filter: Search and filter through all your data using the dashboard
- Data Inspection: View detailed information about data storage and usage
Data Control Rights
- Selective Deletion: Delete individual notes, highlights, or data categories
- Bulk Operations: Perform bulk deletion and management operations
- Complete Removal: Completely remove all extension data and settings
- Cloud Disconnection: Disconnect from Google services while preserving local data
Privacy Controls
- Feature Toggles: Enable/disable specific features and data collection
- Storage Preferences: Choose between local-only and cloud-sync storage
- AI Provider Selection: Choose your preferred AI provider or disable AI features
- Data Retention Settings: Configure how long data is retained locally
Data Retention & Deletion
Retention Policies
- Local Data: Retained indefinitely until you choose to delete it
- Cloud Data: Retained according to your Google account settings and policies
- Temporary Data: Voice recordings and processing data deleted immediately after use
- Cache Data: Automatically cleaned up based on browser storage policies
Automatic Deletion
- Voice Processing: Audio data is never stored and is deleted immediately after transcription
- Temporary Files: Processing files are automatically cleaned up
- Session Data: Temporary session data is cleared when browser is closed
- Cache Expiration: Cached data expires automatically based on TTL settings
Privacy Controls & Settings
Available Privacy Settings
- Data Storage Location: Choose between local-only or cloud-sync storage
- AI Feature Controls: Enable/disable AI features and choose providers
- Voice Recognition Settings: Select speech recognition providers and privacy levels
- Screenshot Privacy: Configure screenshot storage and sharing settings
- Google Integration: Control which Google services to connect
- Data Sharing: Manage what data is shared with which services
Privacy Dashboard
- Data Usage Overview: View what data is stored and where
- Service Connections: Manage connected services and permissions
- Privacy Audit: Review privacy settings and recommendations
- Data Export Tools: Export data for backup or migration
Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. When we make changes:
- Notification: We will notify users through the extension interface
- Version Control: Each version is clearly marked with date and version number
- Change Summary: Significant changes will be summarized for easy understanding
- Continued Use: Continued use of the extension constitutes acceptance of updated terms
- Opt-Out: Users can always choose to stop using the extension if they disagree with changes