Our Core Commitment
DevNotes does not operate any servers, does not maintain any databases, and does not collect or transmit your data to any third party — ever. Your notes live on your device and, optionally, in your own Google Drive. That's the whole picture.
Overview & Scope
This Privacy Policy describes how DevNotes ("the Extension," "we," "our") handles information when you use our Chrome browser extension. By installing and using DevNotes, you agree to the practices described herein.
This policy applies exclusively to the DevNotes Chrome Extension and does not apply to any third-party websites, services, or applications that may be linked from within the extension.
DevNotes is designed with a privacy-first architecture. All processing happens locally on your device. We have no backend infrastructure and no ability to access your data.
Data Collection
We collect the minimum data necessary to provide the extension's core functionality. Here is a precise breakdown of everything we collect and why:
Google Profile
Your email address and profile picture are collected exclusively for identity display and UI personalization within the extension.
User-Created Content
Notes, tags, highlights, and to-dos you explicitly create. This content belongs entirely to you.
Page Context
URL and page title of webpages where you create highlights or notes — used only to restore your annotations on return visits.
Nothing Else
We do not collect browsing history, search queries, clicks, analytics, or any behavioral data whatsoever.
We never collect passwords, payment information, precise location, or any data beyond what is listed above.
Data Storage & Transfer
Your data flows through two possible paths, and only two. No third-party servers are ever involved.
Local Storage (Default)
All data is stored on your device using chrome.storage.local and IndexedDB. It
never leaves your machine unless you enable sync.
Google Drive Sync (Optional)
If enabled, data is transmitted to Google Drive over TLS 1.2+ encrypted connections and stored using
Google's AES-256 encryption at rest and written to a single backup file
(devnotes_backup.json) in your own Google Drive. We cannot access any other Drive files.
No Third-Party Servers. We do not use AWS, Firebase, MongoDB, Supabase, or any other database or cloud infrastructure. Your data is strictly between your local device and your personal Google Drive account.
Data Protection & Security Mechanisms
DevNotes handles the following categories of
sensitive data: Google OAuth access tokens,
Google Calendar event metadata accessed via
https://www.googleapis.com/auth/calendar.readonly
(meeting titles, times, and Google Meet links), and Google
Drive file content accessed via
https://www.googleapis.com/auth/drive.file
(a single backup file named devnotes_backup.json).
The following safeguards protect this sensitive data at every stage.
DevNotes does not use data obtained through Google APIs to develop, improve, or train any AI or ML models. All data is used exclusively for the narrow functionality described in this policy.
DevNotes applies the following technical and procedural safeguards to protect your data at every stage — from capture on your device to optional sync with Google Drive.
Encryption in Transit — TLS 1.2+
All data transmitted between the extension and Google APIs (Google Drive and Google Calendar) is encrypted using TLS 1.2 or higher. No data is ever transmitted over unencrypted HTTP connections. This applies to every API call the extension makes — authentication, Drive sync, and Calendar reads.
Encryption at Rest — AES-256
Data stored in your Google Drive via devnotes_backup.json is protected by Google Drive's
built-in AES-256 encryption at rest, as provided by Google's infrastructure. Data
stored locally in chrome.storage.local is protected by your operating system's native
user-account-level encryption and Chrome's sandboxed storage model.
OAuth Token Security
Authentication with Google is handled entirely via OAuth 2.0. DevNotes never sees,
stores, or transmits your Google password. OAuth access tokens are stored exclusively in
chrome.storage.local on your local device, are scoped to the minimum permissions required,
and are never transmitted to any server operated by DevNotes.
Access Controls
Only the authenticated Google account user can access their own data. There are no DevNotes servers, no admin dashboards, and no employees or systems with access to your notes or Google data — because your data never reaches us. Access is enforced entirely by Google's OAuth infrastructure and your device's local storage boundaries.
No Third-Party Data Processors
DevNotes does not integrate any third-party analytics SDKs, crash reporting tools, advertising networks, or data processors. The only external service the extension communicates with is Google's own API infrastructure (Drive and Calendar), under your explicit authorisation via OAuth. No other outbound network requests are made.
DevNotes' use of information received from Google APIs adheres strictly to the Google API Services User Data Policy, including the Limited Use requirements. Data obtained via Google APIs is used solely for the functionality described in this policy, is not transferred to third parties, and is not used for advertising or profiling purposes.
Google API Scopes — Limited Use
DevNotes uses Google APIs under Google's Limited Use policy. Our use of information received from Google APIs strictly adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Google Drive — Backup Only
This scope is used exclusively to create and update a single backup file named
devnotes_backup.json in your Google Drive. The extension cannot read, modify, or access any
other files in your Drive — not your documents, photos, spreadsheets, or any other content. The scope is
restricted to files the extension itself creates.
Google Calendar — Read-Only Access
This scope is used to read your upcoming calendar events
and detect Google Meet links, so we can surface timely desktop
reminders before your meetings. The extension uses
read-only access via
calendar.readonly and cannot create, modify,
or delete any calendar events or calendars. Event data is
fetched in real-time, used only to generate the reminder
notification, and immediately discarded — never written
to any storage.
Data obtained through Google APIs is used solely for the purpose described above. We do not use this data to serve advertisements, do not share it with third parties, and do not allow humans to read it except as needed to provide the service or as required by law.
Browser Permissions Justification
Every permission DevNotes requests serves a specific, narrow function. We do not request permissions beyond what is strictly necessary.
Required to allow you to create notes and highlights on any website of your choosing, and to accurately restore your highlights when you revisit those specific pages. Without this permission, the extension could only function on a predefined list of websites.
Used to authenticate the signed-in Google user for Google Drive sync and to display your name and profile picture within the extension's interface. No identity information is transmitted to our servers.
Enables the use of chrome.storage.local to persist your notes, settings,
and preferences locally on your device across browser sessions.
Required to display desktop reminders for upcoming Google Meet links detected from your calendar. Notifications are generated locally and shown only to you.
Data Retention & Deletion
You have complete and unconditional control over your data at all times.
Edit Anytime
Modify any note, highlight, or to-do directly within the extension.
Delete Instantly
Deleting a note removes it from local storage and from the Google Drive backup simultaneously.
Export Freely
Export all your data at any time in standard formats — your notes are never locked in.
Clean Uninstall
Uninstalling the extension automatically removes all locally stored data from your device.
Google Drive Backup: If you enabled sync, the backup file
(devnotes_backup.json) will remain in your Google Drive after uninstalling the extension unless
you manually delete it. You can find and delete this file in your Google Drive at any time.
Children's Privacy
DevNotes is not directed to children under the age of 13. We do not knowingly collect any personal information from children. If you believe a child under 13 has provided personal information through the extension, please contact us immediately at the address below, and we will take steps to delete such information.
Policy Changes
We may update this Privacy Policy from time to time. When we do, we will revise the "Last Updated" date at the top of this page and, for material changes, provide a more prominent notice (such as a notification within the extension itself).
Your continued use of DevNotes after any changes to this policy constitutes your acceptance of the new terms. We encourage you to review this policy periodically.
We will never make changes that reduce your privacy rights without explicit notice and, where required, your consent.
Contact Us
Have questions, concerns, or requests regarding this Privacy Policy or your data? We're here to help and will respond within 48 hours.