Privacy Policy

Last updated: January 2025

1. Introduction and Controller Information

At Ingesto ("we", "us", "our"), we are committed to protecting your privacy and personal data in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and other applicable European data protection laws. This Privacy Policy explains how we handle your data when you use the Ingesto browser extension (the "Extension").

Data Controller: Ingesto
Contact Email: support@ingesto.org
Applicable Law: This Privacy Policy is governed by European Union data protection laws, including GDPR.

We believe in privacy-first design, which is why all your data is stored locally on your device. This Privacy Policy explains what data we process, how we process it, and your rights regarding your personal data.

2. Data Collection and Processing

2.1. Two Modes of Operation

Ingesto operates in two modes, giving you control over how your data is stored:

Guest Mode (Local-Only Storage)

When using Ingesto without creating an account (Guest Mode), all your data is stored exclusively on your device:

  • No data transmission: No data is transmitted to external servers
  • No cloud storage: All information remains exclusively on your device
  • Complete privacy: Your data never leaves your browser

Authenticated Mode (Cloud Sync)

When you create an account and authenticate, your data is synchronized with our servers to enable:

  • Cloud backup: Your notes are backed up on secure servers
  • Multi-device access: Access your notes from multiple devices
  • Data recovery: Restore your data if your device is lost or damaged
  • Offline-first: Data is still stored locally for offline access, with automatic synchronization when online

Your Choice: You can use Ingesto in Guest Mode without creating an account, or create an account to enable cloud synchronization. The choice is entirely yours.

2.2. Categories of Personal Data Processed

Data Stored Locally (Both Modes)

The following data is always stored locally on your device:

  • Content Data: Your captured notes, text highlights, and annotations
  • Metadata: Tags, organization data, timestamps (createdAt, modifiedAt)
  • Source Information: URLs of web pages from which you captured content, website titles, and context snippets
  • Settings Data: Extension preferences, auto-tagging settings, keyboard shortcut configurations
  • Search Index: Locally generated search index for fast retrieval of your notes

Data Transmitted to Server (Authenticated Mode Only)

When you create an account and authenticate, the following data is transmitted to and stored on our servers:

  • Account Information:
    • Email address (used for account identification and authentication)
    • Hashed password (passwords are never stored in plain text; they are hashed using industry-standard algorithms)
    • Account creation timestamp
    • User ID (unique identifier for your account)
  • Synchronized Content Data:
    • Notes (text, title, source URLs, source titles, context snippets)
    • Tags associated with notes
    • Timestamps (createdAt, modifiedAt)
    • Note IDs and metadata
  • Authentication Tokens: Access tokens and refresh tokens are stored locally in your browser's secure storage (chrome.storage.local) and transmitted only for API authentication. Tokens are not stored on our servers in a way that allows us to access your account without your password.

Important: We do not transmit or store your browsing history, visited websites (except source URLs you explicitly capture), or any other browsing behavior data.

2.3. Legal Basis for Processing (GDPR Article 6)

Under GDPR, we process your personal data based on the following legal basis:

  • Consent (Article 6(1)(a)):
    • By installing and using the Extension, you provide explicit consent to process your data locally on your device
    • By creating an account and authenticating, you provide explicit consent to transmit and store your data on our servers for cloud synchronization
    • You can withdraw your consent at any time by deleting your account or uninstalling the Extension
  • Contractual Necessity (Article 6(1)(b)): Processing is necessary for the performance of the service you requested:
    • Capturing and organizing web highlights (local processing)
    • Cloud synchronization and multi-device access (when authenticated)
    • Account management and authentication
  • Legitimate Interest (Article 6(1)(f)): Processing is necessary for our legitimate interest in:
    • Providing a functional browser extension
    • Ensuring data security and preventing unauthorized access
    • Maintaining service availability and reliability
    Provided your interests and fundamental rights do not override our interests.

Withdrawal of Consent: You may withdraw your consent at any time by:

  • Deleting your account (which will delete all server-stored data)
  • Uninstalling the Extension (which will remove all locally stored data)
  • Switching to Guest Mode (which stops cloud synchronization)

2.4. Purpose of Processing

We process your personal data solely for the following purposes:

  • Core Functionality:
    • To enable you to capture, save, and organize text highlights from web pages
    • To provide search functionality for your saved notes
    • To automatically generate tags for better organization
    • To track source URLs for citation and reference purposes
    • To store your extension preferences and settings
  • Account and Authentication (Authenticated Mode):
    • To create and manage your user account
    • To authenticate your identity when accessing the service
    • To secure your account with password-based authentication
    • To manage authentication tokens for secure API access
  • Cloud Synchronization (Authenticated Mode):
    • To synchronize your notes across multiple devices
    • To provide cloud backup of your data
    • To enable data recovery in case of device loss or failure
    • To resolve synchronization conflicts between devices
  • Service Improvement:
    • To ensure service availability and reliability
    • To maintain data security and prevent unauthorized access
    • To comply with legal obligations

We do not: Use your data for advertising, marketing, or selling to third parties. We do not analyze your notes for any purpose other than providing the core functionality of the Extension.

3. No Tracking, Analytics, or Unnecessary Data Collection

Ingesto is designed with privacy as a core principle. We do not:

  • Collect usage analytics: We do not track how you use the Extension, which features you use, or how often you use it
  • Monitor browsing behavior: We do not track which websites you visit (except source URLs you explicitly capture), how you browse the internet, or your browsing patterns
  • Send telemetry data: No diagnostic, usage, or performance data is transmitted from your device
  • Use third-party analytics: We do not integrate any analytics services (Google Analytics, Mixpanel, etc.)
  • Create user profiles: We do not build profiles of your behavior, interests, or preferences for any purpose other than providing the core service
  • Collect device information: We do not collect device identifiers, IP addresses (except as necessary for API communication), or browser fingerprints
  • Use cookies or tracking technologies: The Extension does not use cookies, web beacons, pixel tags, or similar tracking technologies
  • Cross-site tracking: We do not track you across different websites or services

Guest Mode: In Guest Mode, all data processing occurs exclusively on your device. No data leaves your browser unless you explicitly export it.

Authenticated Mode: When authenticated, only the data necessary for cloud synchronization (notes, tags, source information) is transmitted to our servers. We do not collect any additional tracking or analytics data.

IP Addresses: When you make API requests (for authentication or synchronization), your IP address may be temporarily logged by our servers or Supabase for security and operational purposes. These logs are typically retained for a short period (up to 30 days) and are not used for tracking or profiling purposes.

4. Account Registration and Authentication

4.1. Guest Mode (No Registration Required)

You can use Ingesto without creating an account by selecting "Continue as Guest" or "Enter as Guest". In Guest Mode:

  • No account registration is required
  • No email address or password is collected
  • All data is stored locally on your device
  • No data is transmitted to our servers
  • You can switch to authenticated mode at any time by creating an account

4.2. Account Registration

To enable cloud synchronization and multi-device access, you can create an account by providing:

  • Email Address: Used for account identification, authentication, and communication (if necessary)
  • Password: Must meet security requirements (minimum 8 characters, including uppercase, lowercase, numbers, and special characters)

Password Security: Your password is never stored in plain text. It is hashed using industry-standard cryptographic algorithms (bcrypt or similar) before being stored on our servers. We cannot see or retrieve your original password.

4.3. Authentication Tokens

When you authenticate, we generate and store:

  • Access Token: A short-lived token (typically expires within hours) used to authenticate API requests
  • Refresh Token: A longer-lived token used to obtain new access tokens without requiring you to re-enter your password

These tokens are stored locally in your browser's secure storage (chrome.storage.local) and are transmitted only in encrypted form (HTTPS) when making API requests. Tokens are not stored on our servers in a way that allows us to access your account without your password.

4.4. Account Deletion

You can delete your account at any time through the Extension's Settings page. Account deletion requires you to confirm your password for security purposes. When you delete your account:

  • All server-stored data (notes, account information) is permanently deleted
  • Your account is removed from our systems
  • All authentication tokens are invalidated
  • Local data remains on your device (you can continue using Guest Mode)

5. Browser Permissions and Their Use

The Extension requires the following browser permissions to function. Each permission is used solely for the stated purpose and no data collected through these permissions is transmitted externally:

4.1. Storage Permission

Purpose: To save your notes, settings, and search index locally in your browser's IndexedDB storage.
Data Stored: Notes, tags, source URLs, settings, search index.
Transmission: None. All data remains on your device.

4.2. Scripting Permission

Purpose: To inject content scripts into web pages to enable text selection capture and highlight display.
What It Does: Allows the Extension to detect when you select text and show a micro-popup for saving notes. Also enables highlighting of previously saved notes on web pages.
Data Access: Only the text you explicitly select is captured. No other page content is accessed.
Transmission: None. Selected text is stored locally only.

4.3. Context Menus Permission

Purpose: To add a "Save to Ingesto" option to your browser's right-click context menu.
What It Does: Provides an alternative method to save selected text via right-click menu.
Data Access: Only the text you right-click on is captured.
Transmission: None.

4.4. Active Tab Permission

Purpose: To access information about the currently active browser tab when you save a note.
Data Accessed: Tab URL and page title (for source tracking).
Transmission: None. This information is stored locally with your note.

4.5. Host Permissions (<all_urls>)

Purpose: To allow capturing notes from any website you visit.
What It Does: Enables the Extension to work on all websites, not just specific domains.
Data Access: Only the text you explicitly select is accessed. The Extension does not read entire page content or access other page data.
Transmission: None. This permission is optional and can be restricted in browser settings if you prefer to limit the Extension to specific websites.
Note: You can restrict this permission in your browser's extension settings to limit the Extension to specific websites.

Important: All permissions are used exclusively for the Extension's core functionality. None of the data accessed through these permissions is transmitted to external servers, shared with third parties, or used for any purpose other than providing the Extension's features.

6. Data Retention and Storage Period

5.1. Local Data Retention

Your personal data stored locally on your device is retained for as long as:

  • You continue to use the Extension
  • You do not explicitly delete the data through the Extension's interface
  • You do not clear your browser's IndexedDB storage
  • You do not uninstall the Extension

There is no automatic deletion of your local data. You have complete control over when and how your local data is deleted.

5.2. Server Data Retention (Authenticated Mode)

When you create an account, your data stored on our servers is retained:

  • Active Accounts: For as long as your account remains active and you continue to use the service
  • Account Deletion: When you delete your account, we will delete all your server-stored data within 30 days, except where we are required to retain certain data for legal compliance purposes
  • Inactive Accounts: If your account remains inactive for a period of 3 years, we may contact you to confirm whether you wish to keep your account. If you do not respond, we may delete your account and associated data
  • Legal Requirements: We may retain certain data for longer periods if required by law, such as for tax, accounting, or legal compliance purposes

Backup Data: Deleted data may remain in our backup systems for up to 90 days before being permanently deleted. During this period, the data is not accessible through normal operations.

7. Data Export and Portability (GDPR Article 20)

Under GDPR, you have the right to data portability. You have full control over your data and can:

  • Export your local data: Export all your notes to JSON (complete data with metadata), Markdown (human-readable format), or CSV (spreadsheet-compatible format) at any time through the Extension's Data tab
  • Export server data (Authenticated Mode): When authenticated, you can export all your server-synchronized data, which includes all notes stored in the cloud
  • Import your data: Import previously exported data to restore or migrate your notes between devices or browsers
  • Machine-readable format: Exported JSON files contain all your data in a structured, machine-readable format as required by GDPR Article 20
  • No restrictions: You can export your data as frequently as you wish, without any limitations
  • Request server data: If you need a complete copy of all data stored on our servers, you can request it by contacting us at support@ingesto.org. We will provide your data in a structured, commonly used, and machine-readable format within one month

Guest Mode: In Guest Mode, you can export your data directly through the Extension's Data tab. No request to us is necessary since all data is stored locally.

Authenticated Mode: When authenticated, you can export your data through the Extension, or request a complete server-side export by contacting us.

8. Data Transfers and Third-Party Services

7.1. Supabase (Data Processor)

When you create an account and authenticate, your data is stored and processed by Supabase, our cloud infrastructure provider. Supabase acts as a data processor under GDPR (Article 28).

What Data is Processed by Supabase:

  • Your account information (email address, hashed password, user ID)
  • Your synchronized notes and associated metadata
  • Tags and source information
  • Authentication tokens (for API access)

Supabase's Role: Supabase provides database and authentication services. They process your data solely on our behalf and in accordance with our instructions. Supabase is contractually bound to:

  • Process your data only for the purposes we specify
  • Implement appropriate technical and organizational measures to protect your data
  • Comply with GDPR requirements
  • Not use your data for their own purposes

Supabase's Privacy Policy: For more information about how Supabase handles data, please review their Privacy Policy at https://supabase.com/privacy.

7.2. International Data Transfers (GDPR Chapter V)

Supabase may store and process your data in data centers located outside the European Economic Area (EEA). When such transfers occur, we ensure compliance with GDPR Chapter V requirements through:

  • Standard Contractual Clauses (SCCs): We use EU-approved Standard Contractual Clauses with Supabase to ensure adequate protection of your data
  • Adequacy Decisions: Where applicable, we rely on adequacy decisions by the European Commission
  • Additional Safeguards: We implement additional technical and organizational measures to protect your data during international transfers

Your Rights: You have the right to be informed about international transfers and to object to such transfers. If you object, you can use the Extension in Guest Mode, which does not involve any data transfers.

7.3. Other Third-Party Services

No Other Data Sharing: We do not share, sell, or rent your personal data to any other third parties, including:

  • Analytics services (we do not use analytics)
  • Advertising networks
  • Social media platforms
  • Data brokers
  • Marketing services

Future Optional Integrations: If we add optional integrations in the future (such as Notion, Obsidian, or other third-party services), they will be:

  • Clearly disclosed in this Privacy Policy
  • Opt-in only (you must explicitly enable them)
  • Subject to separate consent
  • Fully transparent about what data is shared and with whom
  • Compliant with GDPR requirements for third-party data sharing

9. Cookies and Local Storage

No Cookies: Ingesto does not use cookies, web beacons, pixel tags, or similar tracking technologies.

Local Storage: The Extension uses your browser's local storage technologies:

  • IndexedDB: Primary storage for notes, tags, sources, and search index
  • localStorage (if used): Only for storing extension preferences and settings

All local storage data remains on your device and is never transmitted externally. You can clear this data at any time through your browser's settings or by uninstalling the Extension.

10. Children's Privacy

The Extension is not intended for children under the age of 16 (or the age of digital consent in your jurisdiction, which may be 13 in some countries). We do not knowingly collect personal information from children.

Since all data is stored locally on the user's device and we do not have access to any user data, we cannot verify the age of users. Parents or guardians who believe their child has provided personal information should contact us at support@ingesto.org. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete such information.

Parents or guardians can prevent their children from using the Extension by not installing it or by uninstalling it from their browser.

11. Your Rights Under GDPR

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data. Since all data is stored locally on your device, you can exercise most of these rights directly through the Extension:

10.1. Right of Access (Article 15)

You have the right to access all your personal data. You can view all your notes, tags, sources, and settings directly through the Extension's interface. You can also export all your data in JSON format for a complete copy.

10.2. Right to Rectification (Article 16)

You have the right to correct inaccurate or incomplete data. You can edit any note, modify tags, or update settings directly through the Extension at any time.

10.3. Right to Erasure / "Right to be Forgotten" (Article 17)

You have the right to request deletion of your personal data. You can:

  • Delete individual notes: Delete individual notes through the Extension interface (deletes from both local storage and server if authenticated)
  • Delete all local data: Delete all data through the Extension's settings (removes all locally stored data)
  • Delete your account: Delete your account through the Extension's Settings page, which will:
    • Delete all your server-stored data (notes, account information)
    • Remove your account from our systems
    • Delete all locally stored authentication tokens
    • Note: You will need to provide your password to confirm account deletion
  • Uninstall the Extension: Uninstalling the Extension removes all locally stored data, but does not delete your account or server-stored data. To delete server data, you must delete your account first.

Deletion Timeline: When you delete your account, we will delete your data from our active systems within 30 days. Data may remain in backup systems for up to 90 days before permanent deletion.

10.4. Right to Restrict Processing (Article 18)

You can restrict processing by disabling auto-tagging or other automatic features in the Extension's settings. You can also stop using the Extension, which will cease all processing of your data.

10.5. Right to Data Portability (Article 20)

You have the right to receive your data in a structured, commonly used, and machine-readable format. Use the export feature to download your data in JSON, Markdown, or CSV formats.

10.6. Right to Object (Article 21)

You have the right to object to processing of your personal data. Since all processing occurs locally on your device, you can object by uninstalling the Extension or disabling specific features in settings.

10.7. Right to Withdraw Consent (Article 7(3))

You can withdraw your consent at any time by uninstalling the Extension, which will remove all locally stored data. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

10.8. Exercising Your Rights

Since all data is stored locally on your device, you can exercise most rights directly through the Extension. If you need assistance or wish to make a formal request, please contact us at support@ingesto.org. We will respond to your request within one month (as required by GDPR Article 12(3)).

12. Right to Lodge a Complaint (GDPR Article 77)

If you believe that our processing of your personal data violates GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement.

For users in the European Union, you can find your local data protection authority at: https://edpb.europa.eu/about-edpb/board/members_en

However, we encourage you to contact us first at support@ingesto.org so we can address your concerns directly.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

  • Updating the "Last updated" date at the top of this page
  • Posting a notice in the Extension (if significant changes occur)
  • Sending an email notification (if you have provided your email address)

Continued use of the Extension after changes to this Privacy Policy constitutes acceptance of the updated policy. If you do not agree with the changes, you should stop using the Extension and uninstall it.

We recommend reviewing this Privacy Policy periodically to stay informed about how we protect your data.

14. Security Measures

We implement appropriate technical and organizational measures to protect your personal data in accordance with GDPR Article 32:

13.1. Local Data Security

  • Browser security: Your data benefits from your browser's built-in security features, including sandboxing and permission systems
  • Encrypted storage: Data stored in IndexedDB is protected by your browser's security mechanisms
  • Secure token storage: Authentication tokens are stored in chrome.storage.local, which is protected by browser security
  • Open source code: The Extension's source code is open source, allowing security researchers to identify and report vulnerabilities

13.2. Server Data Security (Authenticated Mode)

  • HTTPS encryption: All data transmitted between your device and our servers is encrypted using HTTPS (TLS 1.2 or higher)
  • Password hashing: Passwords are never stored in plain text. They are hashed using industry-standard algorithms (bcrypt or similar) before storage
  • Secure authentication: We use secure token-based authentication (JWT) with access tokens and refresh tokens
  • Database security: Data stored on Supabase servers is protected by:
    • Encryption at rest (data is encrypted when stored)
    • Encryption in transit (data is encrypted during transmission)
    • Access controls and authentication mechanisms
    • Regular security audits and updates
  • Access controls: Only authenticated users can access their own data. We implement strict access controls to prevent unauthorized access
  • Regular backups: Server data is regularly backed up to ensure data availability and recovery

13.3. Your Responsibilities

You are responsible for maintaining the security of your account and device:

  • Strong passwords: Use a strong, unique password for your account (minimum 8 characters, including uppercase, lowercase, numbers, and special characters)
  • Account security: Do not share your account credentials with anyone
  • Device security: Keep your browser and operating system updated, use strong device passwords or biometric authentication
  • Regular backups: Regularly back up your data using the export feature
  • Secure networks: Avoid using the Extension on unsecured public Wi-Fi networks when synchronizing data
  • Logout: If using a shared device, log out of your account when finished

13.4. Incident Response

In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will:

  • Notify you without undue delay (within 72 hours as required by GDPR Article 33)
  • Notify the relevant supervisory authority within 72 hours of becoming aware of the breach
  • Provide clear information about the nature of the breach and the measures we are taking to address it
  • Recommend steps you can take to protect yourself

15. Open Source and Transparency

Ingesto is open source, which means:

  • You can review the source code to verify our privacy claims
  • Security researchers can audit the code for vulnerabilities
  • You can see exactly how your data is processed
  • There is complete transparency about the Extension's functionality

The source code is available for inspection, ensuring complete transparency about how your data is handled. This aligns with GDPR's principle of transparency (Article 5(1)(a)).

16. Contact Information and Data Protection Officer

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: support@ingesto.org
Response Time: We will respond to your inquiry within one month as required by GDPR Article 12(3).

For formal data protection requests (access, rectification, erasure, etc.), please clearly state your request and include any necessary information to verify your identity.