StickiesCloud - Privacy Policy

Last Updated: March 6, 2025

Welcome to StickiesCloud. We value your privacy and are committed to safeguarding your personal information. This Privacy Policy outlines how we collect, use, and protect your data when you use our browser extension and related services.

1. Information We Collect

To provide a seamless and secure experience, we collect the following data:

  • Authentication Tokens: We retrieve an auth token from our website (app.stickiescloud.com) and store it in cookies. This token validates your identity and secures interactions with our backend.
  • Sticky Note Content: Content you create via the extension—including text notes, screenshots, and notes generated from selected text. These notes are stored both locally (in IndexedDB) and synced to our servers so you can access them across devices.
  • Browser Activity: We monitor URL changes and tab information. This includes detecting when a page loads or navigates (especially in Single Page Applications) to display or update sticky notes that correspond to that page.
  • Local Storage Data: We utilize your browser’s IndexedDB to store sticky note data offline. This improves performance and ensures data availability even when offline, with periodic synchronization to our servers.
  • Screenshot Data: When you capture a screenshot (either of a selected area or a paragraph), the image is processed (using external APIs such as Google Vision for text extraction) and stored locally and on our servers. We do not store any sensitive content beyond the sticky note information you choose to keep.

2. How and Why We Use Your Data

Your data is used strictly to improve your experience with our extension. Specifically, we use your data to:

  • Authenticate and Authorize: Ensure that only you can access, modify, or sync your notes across devices.
  • Synchronize Notes: Seamlessly sync your sticky notes between local storage and our servers, ensuring that you can access your notes anytime, anywhere.
  • Enable Context-Aware Features: Track browser tab changes and URL updates to show or update sticky notes that are relevant to your current page.
  • Capture and Process Screenshots: Allow you to capture screenshots of webpage areas. Screenshots are processed (e.g., text extraction via the Google Vision API) to automatically create notes.
  • Maintain and Enhance Performance: Use data stored locally (IndexedDB) to ensure the extension performs quickly while keeping your note data in sync.

3. Permissions and Data Access

Our extension requires certain permissions to function as intended. These include:

  • Tabs and URL Permissions: Access to tab information and URLs enables us to display and update sticky notes contextually.
  • ActiveTab Permission: This permission is granted temporarily when you interact with the extension (for example, when you click a button or confirm a screenshot capture). It ensures that only the active tab is accessed during that session.
  • Host Permissions (e.g., <all_urls>): These permissions are necessary to inject our content scripts into the pages you visit. While our content scripts run on all URLs to provide a seamless UI, our background processes require host permissions only for specific actions like capturing screenshots.
  • Cookies: Cookies are used solely for maintaining your authentication session and ensuring secure communication with our servers.
  • Alarms: Used to schedule periodic tasks such as syncing data and cleaning up outdated entries from local storage.

Note: While the extension injects content scripts into many pages (using <all_urls>), this only determines where the UI appears. The ability to capture screenshots and interact with tabs is subject to stricter permission requirements (such as the activeTab permission) and is only enabled following a direct user action.

4. Data Security and Retention

We employ industry-standard encryption (HTTPS) and security measures to protect your data both in transit and at rest. Your notes remain on our servers until you decide to delete them or deactivate your account. Locally stored data in IndexedDB is regularly synchronized with our backend, and obsolete or unsynced data is periodically purged.

5. Sharing, Third-Party Services, and External APIs

We do not sell or share your personal data or sticky note content with third parties. However, we do integrate with external services to provide enhanced functionality:

  • Google Vision API: Used for processing screenshots to extract text. The data sent to Google is limited to what is necessary for text extraction, and no sensitive user data is retained.
  • Postmark: Handles email communications (e.g., sharing notes) on your behalf.
  • Stripe: Manages payments and subscriptions securely. All payment-related data is processed by Stripe, and we do not store sensitive payment information on our servers.
  • AWS Serverless Backend: Our backend services, authenticated via Amazon Cognito, are used solely for syncing and storing your sticky note data.

6. User Control and Transparency

We are committed to providing you with control over your data. You can:

  • View and manage all your sticky notes via the extension’s popup and our online dashboard.
  • Delete or edit notes directly from the content UI, popup, or dashboard.
  • Review and change settings related to screenshot capture, note synchronization, and UI behavior.
  • Opt-out of certain data collection mechanisms by adjusting your browser settings (note that this might limit functionality).

7. How We Handle Browser Refreshes and Permissions

To provide you with a seamless experience across all websites and during browser or extension refreshes, our extension requires broad host permissions. We request the "all_urls" permission, which is essential for injecting our content scripts into every page you visit. This allows us to display and manage sticky notes, capture screenshots, and automatically generate notes based on selected text—without forcing you to take extra steps each time you navigate to a new page.

Unlike permissions that are granted only upon a direct user gesture (such as the activeTab permission), the "all_urls" permission remains continuously active. This ensures that even if you refresh your browser or the extension itself, our functionality persists seamlessly. This permission is crucial for maintaining a consistent user experience, as it allows the extension to instantly access the necessary webpage context without requiring a new user action for each task.

We understand that granting access to all URLs may sound extensive. However, this permission is solely used to inject our content scripts and enable essential features like screenshot capturing, note creation, and dynamic page updates. We do not misuse or collect any additional personal data from the websites you visit. Instead, the permission allows us to operate efficiently across different pages, ensuring your sticky notes are displayed accurately and that screenshots are captured precisely where you need them.

Our approach is designed with your security and privacy in mind. By using "all_urls", we avoid the need for repetitive manual activations and ensure that our extension functions reliably—even after refreshes—while still keeping your personal data protected through secure, transparent practices.

8. Changes to This Policy

We may update this Privacy Policy from time to time. Significant changes will be posted on our website, and we encourage you to review this page periodically to stay informed about how your data is being protected.

9. Contact Us

If you have any questions, concerns, or feedback regarding this Privacy Policy or our data practices, please reach out to us at:

Email: nadeem.ahmad@stickiescloud.com

© 2025 StickiesCloud. All rights reserved.