Privacy Policy

Last updated: May 23, 2026

Extenzy HQ ("we", "us", "our") builds Chrome extensions and native apps for macOS, iOS, Windows, Android, and Linux. This Privacy Policy explains what data we collect, how we use it, and what choices you have. It applies to every product we ship.

1. Overview

Our products fall into two categories, each with different data practices:

• Chrome extensions that work without an account. Tasks, settings, and activity are stored locally in your browser and never sent to our servers unless you explicitly enable a feature (e.g. cloud sync) that requires it.
• Native apps (macOS, iOS, Windows, Android, etc.) that require an account to use. We store your email, a hashed password, and your license/usage records on our servers so we can authenticate you and remember what you've paid for.

2. Information We Collect

a) Account information (native apps only)

• Email address — required for sign-up so we can authenticate you across devices.
• Password — stored as a bcrypt hash. We never see or store your plaintext password.

Chrome extensions do not require an account; we do not collect an email unless you voluntarily provide one through a checkout or support email.

b) Payment information

When you subscribe or purchase, payments are processed by Stripe. We receive a Stripe customer ID and metadata about your subscription, but we never store credit card numbers, bank details, or other payment credentials on our servers.

c) Content you submit for AI processing

When — and only when — you request an AI-generated suggestion, the specific text you select is transmitted over an encrypted connection to our AI processing provider (currently OpenRouter and/or Google Gemini) for the sole purpose of generating that response. See Section 4 for details.

d) Usage information

• Number of AI requests, tokens consumed, and which features you use, tied to your account (native apps) or anonymized device ID (Chrome extensions).
• Auto-purged after 90 days.

e) Cloud sync data (only if you enable it)

If you opt to sync settings or notes across devices, the data you sync is stored encrypted in transit on our servers and tied to your account. You can delete it at any time from within the app or by contacting us.

f) Site session cookies (Chrome extensions only)

Some of our Chrome extensions read your existing site session cookie locally in your browser to confirm you're logged in to that site before performing actions you've initiated. Session cookies are never copied off your device and are never stored on our servers.

g) Technical information

Browser type and version, app version, OS, device type, and IP address. We use IP only to determine your approximate country/region for localized pricing (purchasing-power-parity discounts). We do not track precise geolocation.

h) Data we do NOT collect

We explicitly do not collect any of the following:

• Government IDs, physical addresses, phone numbers, age, or gender
• Health information
• Financial account credentials (bank details, full card numbers)
• Personal communications you did not submit to the app (email, SMS, chat)
• Web browsing history outside the specific sites our extensions are explicitly scoped to
• Keystrokes, clicks, or mouse movements

3. How We Use Information

We use the information we collect strictly to:

• Operate the features you have configured
• Authenticate you and remember your purchase history
• Generate AI-assisted output when you request it
• Process payments and apply regional pricing
• Diagnose errors and improve reliability
• Prevent fraud and abuse
• Comply with legal obligations

We do not use your data for advertising, profiling, or any unrelated purpose.

4. AI Processing

When you request an AI-generated suggestion, the specific text you select is transmitted over an encrypted (HTTPS) connection to our AI processing provider (OpenRouter or Google Gemini) for the sole purpose of generating the response.

This content is:

• Transient — it passes through the AI provider, the response is returned, and nothing is retained on our side
• Not used to train any AI model
• Not used for advertising
• Not sold or shared with any third party beyond the provider listed above

You may also bring your own AI provider key (BYOK) in supported products, in which case the text is sent under your own account and our usage policies above do not apply to that traffic.

5. Data Storage and Retention

• Account email + password hash — retained while your account is active. Deleted within 30 days of an account-deletion request.
• License records — retained for the duration of the license + up to 7 years for tax and audit purposes; emails are anonymized after deletion requests.
• AI usage logs — auto-purged after 90 days.
• Cloud sync data — retained until you delete it or close your account.
• Local data in Chrome extensions — stored on your device; uninstalling the extension removes it.

6. Data Sharing

We do not sell, rent, or trade your personal information. We share data only with the service providers required to operate the platform, and only the minimum necessary for them to perform their function:

• Stripe — payment processing
• OpenRouter / Google Gemini — AI processing
• MongoDB Atlas — database hosting
• Amazon Web Services — application hosting

We may also disclose information if compelled by valid legal process. We do not maintain a profile-style user database — there is no advertising profile to sell.

7. Permissions and Why We Use Them

Where our products request OS-level or browser permissions, they are used only for the listed purpose and only at the moment they are needed:

• Browser tabs / scripting (Chrome extensions) — read the page you're viewing when you trigger an action
• Storage — save your tasks and preferences locally
• Alarms / background — run tasks you've scheduled
• Cookies (Chrome extensions) — detect that you're logged in to the host site
• Network (native apps) — call our APIs over HTTPS
• Keychain / secure storage (native apps) — store your auth tokens securely on-device

8. Chrome Web Store Required Certifications

For our Chrome extensions, in accordance with the Chrome Web Store Developer Program Policies, we certify that:

1. We do not sell user data to third parties.
2. We do not use or transfer user data for purposes unrelated to the extension's single purpose.
3. We do not use or transfer user data to determine creditworthiness or for any lending purposes.

9. User Control & Your Rights

You are in full control of your data at all times. From within our products you can:

• Edit, delete, or export your data
• Disable any optional feature in settings
• Sign out, or delete your account from within the app
• Uninstall any product, which removes its local data

You also have the right to:

• Correct inaccurate information
• Delete your account and associated data
• Opt out of non-essential data processing
• Withdraw consent at any time

To make a request, email privacy@extenzyhq.com and we will respond within a reasonable time.

10. Data Security

We protect your data using:

• HTTPS-encrypted connections for all network requests
• Bcrypt-hashed passwords (we never store plaintext passwords)
• Hashed refresh tokens, so a database leak does not yield usable session tokens
• OS-managed secure storage (Keychain, EncryptedSharedPreferences, DPAPI, libsecret) for credentials on your device
• Access controls on our infrastructure

No method of transmission or storage is 100% secure, but we apply reasonable safeguards consistent with industry best practices. Please do not submit highly sensitive personal or confidential information through any Extenzy product.

11. Third Parties

Our products may interact with third-party websites and services (for example, Chrome extensions that operate on a specific site). Extenzy is not affiliated with, endorsed by, or sponsored by those third parties unless explicitly stated. You remain responsible for complying with their terms of service.

12. Children's Privacy

Extenzy products are not intended for users under the age of 13. We do not knowingly collect data from children. If you believe a child has used any Extenzy product, please contact us immediately at privacy@extenzyhq.com and we will delete the data promptly.

13. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be posted on this page with an updated "Last updated" date. Continued use of our products after changes constitutes acceptance of the revised policy.

14. Contact

Email: privacy@extenzyhq.com
Company: Extenzy HQ