Privacy Policy
Effective Date: April 2, 2026
Introduction
This Privacy Policy describes how OneBuddy ("we", "our", or "us") collects, uses, and safeguards information when you install and use our Google Chrome extension. We are committed to protecting user privacy and ensuring transparency about how data is handled.
OneBuddy is designed to operate primarily on the user’s device. All productivity data (reminders, notes, habits, todos, timer state, clipboard history, and settings) is stored locally using Chrome’s storage API and never transmitted to external servers unless explicitly required by a feature.
Information We Collect
The extension does not collect or sell personal data for advertising or tracking purposes. Depending on the features enabled by the user, the extension may process the following categories of information:
Authentication Information
- Extino Account: When you sign in, the extension stores a JSON Web Token (JWT) locally to maintain your session. Your email, display name, and profile photo are retrieved from the Extino API solely to display your account information and manage your subscription. Passwords are never handled or stored by the extension.
- Google Calendar: If you choose to connect Google Calendar, the extension uses Chrome’s Identity API to obtain a read-only OAuth token. This token is stored locally and used exclusively to fetch your calendar list and upcoming events. The extension requests only
calendar.readonlyandcalendar.calendarlist.readonlyscopes and cannot create, edit, or delete your calendar events.
Locally Stored User Data
All of the following data is stored locally on your device using chrome.storage.local and is never sent to external servers:
- Reminders (custom and calendar-synced)
- Notes
- Clipboard history entries
- Pomodoro timer state and session history
- Habit and todo data
- Bookmark interactions
- Eye care, ad blocker, tracker blocker, and privacy blur settings and statistics
- Extension preferences (theme, language, sound, volume)
User Activity Data
The extension processes limited user interactions only when you explicitly initiate an action, such as:
- Clicking buttons within the extension interface
- Starting or stopping the Pomodoro timer
- Creating or editing reminders and notes
- Toggling features on or off
The extension does not perform background monitoring, keystroke logging, mouse tracking, or behavioral profiling.
Website Content
When required for core functionality, the extension may access content on the active web page:
- Reminders and Pomodoro overlays: Injected into the active tab to display in-page notification banners and timer overlays.
- Ad Blocker: Applies CSS rules to hide known advertising elements.
- Tracker Blocker: Blocks requests to known tracking domains.
- Privacy Blur: Blurs user-selected page elements on demand.
- Screen Capture: Captures the visible tab content only when the user explicitly initiates a recording or screenshot via the Chrome media picker.
This access occurs only on pages you visit and only after explicit user interaction or based on features you have enabled. Website content is not stored or transmitted externally.
Technical Data
The extension may process non-identifying technical information such as:
- Browser type and version (for compatibility)
- Extension error logs (local only, for diagnostics)
This information is used solely to ensure reliable operation.
How We Use Information
Collected information is used only to:
- Provide and operate extension features as described above
- Maintain your sign-in session and subscription status
- Sync your Google Calendar events to display reminders
- Play notification sounds for reminders and timer alerts
- Improve performance and diagnose technical issues
We do not use collected data for advertising, profiling, or tracking users across websites.
Data Sharing and Disclosure
We do not sell, rent, or trade user data.
Information may be shared only in the following limited circumstances:
- Extino API (
api.extino.net): Your authentication token is sent to verify your account and subscription status. No other user data is transmitted. - Google Calendar API (
googleapis.com): Your OAuth token is sent to retrieve calendar and event data. No other user data is transmitted. - Stripe (via Extino): If you choose to subscribe, payment processing is handled by Stripe through Extino. The extension does not handle or store credit card or payment information.
- Legal Compliance: When required by law or legal process.
- Security: To protect our rights, users, or systems from abuse or harm.
All third-party services are expected to comply with applicable data protection standards.
Data Retention
- Local data (reminders, notes, settings, clipboard history, timer state) is retained on your device until you clear it or uninstall the extension.
- Authentication tokens are retained locally until you log out or they expire.
- Google Calendar tokens are retained locally until you disconnect Google Calendar or uninstall the extension.
- No user data is retained on our servers beyond what is necessary for account authentication.
Data Security
We implement reasonable technical and organizational safeguards to protect information:
- Authentication tokens are stored in Chrome’s local storage, isolated per-extension by the browser.
- API communication uses HTTPS encryption.
- Google Calendar access uses OAuth 2.0 with minimal read-only scopes.
- The extension never requests or stores passwords, credit card numbers, or government identification.
Third-Party Services
The extension interacts with the following third-party services:
| Service | Purpose | Data Sent |
|---|---|---|
| Extino API | Authentication and subscription management | Auth token, email (for checkout) |
| Google Calendar API | Read-only calendar and event sync | OAuth token |
| Stripe (via Extino) | Payment processing | Handled by Extino/Stripe, not the extension |
These services operate under their own privacy policies. Users are encouraged to review them separately.
Permissions Explained
| Permission | Why It Is Needed |
|---|---|
sidePanel | Displays the productivity dashboard in the browser side panel |
alarms | Schedules reminders, timer phases, calendar alerts, and eye care breaks |
storage | Stores all user data locally (settings, reminders, notes, timer state) |
tabs | Displays in-page notifications on the active tab and opens external links |
scripting | Injects the lock-screen overlay and runs scroll scripts for screen capture |
identity | Google Calendar OAuth and Extino authentication flows |
contextMenus | Adds a "Lock Browser" right-click menu item |
offscreen | Plays notification sounds (required in Manifest V3) |
bookmarks | Provides the integrated bookmark manager |
desktopCapture | Lets users select and capture a tab for screen recording |
tabCapture | Obtains the media stream from the user-selected tab |
activeTab | Accesses the focused tab for in-page overlays |
<all_urls> | Injects content scripts for reminders, ad blocking, tracker blocking, and privacy blur |
User Controls and Choices
You can:
- Control all extension permissions via
chrome://extensions - Enable or disable individual features (ad blocker, tracker blocker, eye care, etc.) at any time
- Disconnect Google Calendar to remove all calendar data
- Log out of your Extino account to clear authentication data
- Uninstall the extension to stop all data processing and remove all locally stored data immediately
Children’s Privacy
The extension is not intended for use by children under the age of 13. We do not knowingly collect personal information from children.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Changes will be reflected on this page, and the "Effective Date" will be updated accordingly. Continued use of the extension constitutes acceptance of the updated policy.
Contact Information
If you have any questions or concerns about this Privacy Policy, please contact us at:
Email: extinoltd@gmail.com