π WorkVivo Chat Favorites Extension - Privacy Policy
π― Our Commitment: We collect minimal data and prioritize your privacy above all else. This extension is built purely to enhance productivity - we have no intention to sell data, show ads, or target users with marketing.
π Jurisdiction-Aware Privacy
Smart Compliance: This extension automatically detects your jurisdiction and applies appropriate privacy protections based on your local laws. We respect and comply with privacy regulations including GDPR, CCPA/CPRA, LGPD, PIPL, and state-specific privacy laws.
Our privacy practices adapt to your location:
- EU/EEA (GDPR): Explicit consent required before any data collection
- California (CCPA/CPRA): Enhanced transparency and opt-out rights
- US States with Privacy Laws: Compliance with Virginia, Colorado, Connecticut, Utah privacy acts
- Other Jurisdictions: Privacy-first approach with clear opt-out mechanisms
π Google Analytics 4 Integration
π How We Use Google Analytics 4
Purpose: Product improvement and feature optimization only - no advertising, targeting, data sales, or any commercial use beyond making this extension better.
Individual Developer: This extension is developed and maintained by an individual (not a company). Analytics data is used solely to understand how features are used and identify areas for improvement.
Google Analytics: We use Google Analytics 4 as our analytics platform. Google processes the anonymous usage data we send them. We have no formal agreements or business relationships beyond using their free analytics service.
Data Sharing: Only anonymous usage patterns are sent to Google Analytics. No personal information, chat content, or sensitive data is ever shared.
Your Control: You can opt out of GA4 data sharing at any time while still using all extension features.
Google's Privacy Policy: https://policies.google.com/privacy
π Google API Services Usage
OAuth Integration: This extension uses Google OAuth 2.0 to enable instant Google Meet meeting creation. Below is a complete disclosure of what Google user data we access, how we use it, and how it is protected.
π Google User Data We Access
When you sign in with Google to use the instant Meet feature, we request access to:
- Email Address (scope:
userinfo.email) - Your Google email address
- Profile Information (scope:
userinfo.profile) - Your name and profile picture
- Google Calendar (scope:
calendar.events) - Permission to create calendar events with Google Meet links
π― How We Use Google User Data
- Email & Profile: Displayed in the extension popup and settings page to show your signed-in status and identity. No other use.
- Calendar Access: Used exclusively to create instant Google Meet meeting events on your behalf when you click the "Create Meet" button. We do not read, modify, or delete existing calendar events.
- Authentication: OAuth tokens stored locally in your browser to maintain your signed-in session and refresh access as needed.
π Google User Data Sharing & Storage
- No Third-Party Sharing: Your Google user data is NOT shared with any third parties, external services, or other users.
- No Server Transfer: Your Google access tokens, email, profile information, and calendar data are NOT transmitted to our servers or any external servers.
- Local Storage Only: All Google OAuth tokens and user profile data are stored locally in your browser's secure storage (
chrome.storage.local).
- No Human Access: The developer does not have access to your Google user data. All processing happens locally in your browser.
π‘οΈ Data Security & User Control
- OAuth 2.0 with PKCE: Industry-standard secure authentication with Proof Key for Code Exchange (PKCE) for enhanced security.
- Automatic Token Refresh: Access tokens are refreshed automatically when expired, using secure refresh tokens.
- Sign Out Anytime: You can revoke access at any time by signing out in the extension settings. This immediately deletes all locally stored tokens and profile data.
- Google Account Controls: You can revoke this extension's access through your Google Account security settings at any time.
π Google API Services Compliance
Limited Use Disclosure: This application's use of information received from Google APIs adheres to Google API Services User Data Policy, including the Limited Use requirements.
Specifically: Google user data is used only to provide and improve user-facing features of this extension. We do NOT use Google user data for serving advertisements, for retargeting or personalized marketing, for selling to data brokers or surveillance platforms, or for creditworthiness determination or lending purposes.
π What We Collect
With Your Consent (Jurisdiction-Dependent):
- Usage Analytics: Which features you use, how often, and user interaction patterns
- Performance Metrics: Extension load times, search performance, database efficiency
- Feature Engagement: Which features are most/least used to guide development priorities
- Device Information: Device type (mobile/desktop), browser type, and general region
- Search Patterns: Anonymous search frequency and success rates (no search terms stored)
- Error Rates: Anonymous error frequency to identify stability issues
Always Collected (Essential for Functionality):
- Error Reports: Technical errors and crashes to ensure extension stability
- System Events: Extension startup/shutdown, critical failures for debugging
- API Failures: WorkVivo API integration issues to maintain compatibility
- Performance Issues: Database corruption, memory issues, or critical failures
π« What We DON'T Collect or Transmit
- β Personal conversations or chat content from completed messages
- β
Note: Draft message content (text you're typing) is stored locally only when Drafts feature is enabled - never transmitted to any server
- β Precise location data (only general country/region)
- β Login credentials, passwords, or authentication tokens
- β Personal identity information beyond anonymous user IDs
- β Screen recordings, screenshots, or clipboard content
- β Files, documents, or any WorkVivo content
- β Browser history or activities outside this extension
- β Names, email addresses, or other personal identifiers
- β IP addresses (beyond what's automatically included in web requests)
- β Biometric data or device fingerprinting
πΎ Local Data Storage (Device Only)
Important: The following data is stored locally on your device only and is never transmitted to external servers. All local storage can be cleared by disabling features or uninstalling the extension.
π What Each Feature Stores Locally:
1. Drafts Feature (Optional - Can Be Disabled)
- Storage Location: Browser localStorage
- Data Stored: Draft message content (text you're typing), rich text formatting, timestamps, chat/thread context
- Purpose: Auto-save and restore draft messages so you don't lose work
- Retention: Until message is sent, manually deleted, or feature is disabled
- Privacy: Stored locally only, never transmitted. Can be disabled in settings (v2.7.0+)
2. Mentions Panel Feature (Optional - Can Be Disabled)
- Storage Location: IndexedDB (UnifiedDatabase)
- Data Stored: Mention notifications, message metadata (sender name, timestamp, channel)
- Purpose: Display where you've been mentioned across chats
- Retention: Until feature is disabled or extension uninstalled
- Privacy: Local cache only, never transmitted. Can be disabled in settings (v2.7.0+)
3. Threads Panel Feature (Optional - Can Be Disabled)
- Storage Location: Browser localStorage
- Data Stored: Thread metadata (thread counts, read status, channel URLs) - NO message content
- Purpose: Track and display threaded conversations
- Retention: Until feature is disabled or extension uninstalled
- Privacy: Metadata only, no content. Can be disabled in settings (v2.7.0+)
4. Smart Database (Always Active)
- Storage Location: IndexedDB
- Data Stored: User profiles (names, IDs), search indexes, pinned chat preferences
- Purpose: Lightning-fast local search without API calls
- Retention: 30-day automatic cleanup for inactive entries
- Privacy: User directory data only, no message content
5. Extension Settings
- Storage Location: Chrome Storage Sync (synced across your devices)
- Data Stored: Your preferences (layout choices, feature toggles, keyboard shortcuts)
- Purpose: Remember your customization settings
- Privacy: Settings only, synced via Chrome's secure sync
6. Debug Logging (Optional - Disabled by Default)
- Storage Location: Browser console only (not persisted)
- Data Stored: Detailed interaction logs, timing information, error details
- Purpose: Troubleshooting and debugging when enabled
- Privacy: Local console only, accessible only via browser DevTools (F12), never transmitted
- Control: Can be enabled/disabled in settings (v2.7.0+)
π How We Protect Your Data
- Privacy by Design: Analytics disabled by default in strict consent jurisdictions
- Local Processing: Most data stays on your device and is never transmitted
- Anonymous IDs: We use randomly generated IDs, never personal identifiers
- Data Minimization: We collect only what's necessary for product improvement
- Secure Transmission: All data transmission uses HTTPS encryption
- Retention Limits: Analytics data is retained only as long as needed for improvement
- Access Controls: Only authorized developers can access aggregated analytics data
- Regular Audits: We conduct regular privacy assessments and security reviews
π Jurisdiction Detection Method
We detect your jurisdiction using privacy-friendly browser APIs without requiring any permissions:
- Browser Language: UI language settings (e.g., "en-US" indicates US)
- Timezone: System timezone (e.g., "America/New_York" indicates US Eastern)
- Locale Settings: Regional format preferences for dates and numbers
- Chrome i18n API: Browser's built-in region detection for extensions
- Multi-Method Consensus: We use multiple methods and consensus analysis for accuracy
Important Privacy Protection: No location permission required, no external API calls, no precise location tracking, and no GPS or network-based location detection.
βοΈ Privacy Tiers by Jurisdiction
π΄ Strict Consent Required
Jurisdictions: EU/EEA (GDPR), California (CCPA/CPRA), Virginia, Colorado, Connecticut, Utah
Default: Analytics disabled
Requirements:
- Explicit consent before any data collection
- Clear privacy notices with GA4 disclosure
- Easy consent withdrawal
- Enhanced data subject rights
π’ Opt-In Permissible
Jurisdictions: Most US states, Canada, Australia, UK (post-Brexit)
Default: Analytics enabled with clear opt-out
Requirements:
- Clear notice of GA4 data sharing
- Easy opt-out mechanism
- Transparent privacy policy
- Purpose limitation (product improvement only)
π΅ Minimal Requirements
Jurisdictions: Countries with basic or no specific privacy laws
Default: Analytics enabled
Requirements:
- Basic privacy notice
- Clear purpose statement
- Contact information for privacy queries
- Respect for user preferences
π Your Privacy Rights
Depending on your jurisdiction, you may have enhanced rights including:
πͺπΊ GDPR Rights (EU/EEA):
- Right to Consent: Explicit consent required before data processing
- Right to Withdraw: Revoke consent at any time without penalty
- Right to Access: Request information about data we have about you
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion of your personal data
- Right to Portability: Receive your data in a portable format
- Right to Object: Object to processing based on legitimate interests
πΊπΈ CCPA/CPRA Rights (California):
- Right to Know: Know what personal information is collected and how it's used
- Right to Delete: Request deletion of personal information
- Right to Opt-Out: Opt out of the sale or sharing of personal information
- Right to Non-Discrimination: Not be discriminated against for exercising rights
- Right to Correct: Request correction of inaccurate personal information
π Other State Privacy Laws:
Similar rights apply under Virginia CDPA, Colorado CPA, Connecticut CTDPA, and Utah UCPA.
βοΈ Your Controls
ποΈ Feature Privacy Controls (New in v2.7.0)
Granular Feature Toggles: You now have complete control over which features are active and what data is stored locally.
- Drafts Feature Toggle: Enable/disable draft message auto-save. When disabled, no draft content is stored locally
- Mentions Panel Toggle: Enable/disable mentions tracking. When disabled, mention data is not cached locally
- Threads Panel Toggle: Enable/disable thread tracking. When disabled, thread metadata is not stored
- Debug Logging Toggle: Enable/disable detailed console logging. Disabled by default for cleaner console output
- Layout Options: Choose pinned chats display (Carousel, 3-column grid, 4-column grid) - no privacy impact, preference only
- Immediate Effect: All feature toggles take effect immediately - disabling a feature stops data collection instantly
π General Privacy Controls
- Extension Settings: Modify all privacy preferences in real-time
- Consent Management: Grant or revoke consent with immediate effect
- Data Deletion: Request complete data deletion through support
- Data Export: Request copy of collected data in portable format
- Granular Controls: Choose exactly what data types to share
- Jurisdiction Updates: Automatic privacy protection updates when traveling
- Transparency Dashboard: View exactly what data has been collected
π€ Data Transfers
Analytics data may be processed by Google Analytics 4 servers which may be located outside your jurisdiction. Google provides appropriate safeguards for international data transfers:
- Google Analytics Terms: By using Google Analytics 4, we rely on Google's standard terms of service for data processing
- Data Protection: Google Analytics has built-in safeguards and complies with major privacy regulations (GDPR, CCPA)
- Limited Scope: As an individual developer, we use Google's free analytics service under their standard terms - no custom agreements or special data processing contracts