Privacy Policy

This page explains what data is processed, where it is processed, and what controls you have.

No server-side export processing

Your exported conversation content stays in the browser during export.

Authentication and billing only manage account and entitlement state

Google sign-in and payment events are used for account identity, entitlement checks, and checkout only.

Downloaded files remain under user control

Files generated by the extension stay on your device after export unless you choose to remove them.

What we process

Depending on features you use, we process:

Conversation export settings and generated export artifacts in your browser
Account profile fields from Google sign-in (id, email, name, avatar)
Entitlement state and payment transaction fields required for Pro activation and verification (status, amount, currency, stripe_customer_id, stripe_checkout_session_id, stripe_payment_intent_id)
Local font metadata via queryLocalFonts and temporary font bytes (font blob) for PDF glyph coverage checks

What we do NOT collect

We do not upload conversation content for any purpose
We do not upload local font files; font blob is used locally for PDF glyph checks only
We do not sell personal data

When data leaves your browser

Only when you trigger the following network features does related data leave your browser:

Google OAuth sign-in
Entitlement status refresh
Payment verification and Stripe checkout
GitHub feedback draft (when you click Send Feedback, a GitHub issue draft opens with extension version prefilled; opening the GitHub page immediately sends that request to GitHub)
Google favicon lookup for PDF link cards (sends only the target link domain to https://www.google.com/s2/favicons, not chat content)

Google OAuth data is handled under the Google API Services User Data Policy, including Limited Use requirements. It is used only for user-facing authentication/session, entitlement, and payment flows, and is not sold or used for advertising.

Permissions and why

tabs: open and inspect related ChatGPT/checkout pages
storage: store settings, local session, and cached entitlement status
identity: run Google OAuth flow with Chrome identity API
scripting: reinject content scripts and run local font bridge in page context

Third-party services

OpenAI web assets and APIs needed for conversation export flow
Google OAuth for account sign-in
Cloudflare Workers and Turnstile for API hosting and abuse protection
Stripe for payment processing
GitHub Issues for optional user feedback draft and submission
Google favicon endpoint (https://www.google.com/s2/favicons) for PDF link-card icons

Storage and retention

In-browser storage: auth session in chrome.storage.local; settings and entitlement cache in chrome.storage.sync
Backend storage: account profile, entitlement state, and payment records required for service operation and compliance
Retention baseline: account profile and entitlement records are deleted within 30 days after a verified deletion request or account closure (unless legal hold applies); payment and invoicing records are retained for 7 years for financial/tax compliance; security and abuse-prevention logs are retained for up to 90 days

Your controls (logout / revoke / delete request)

Use extension logout to clear local auth session
Revoke OAuth access from your Google account settings
Request account data deletion via [email protected] (GitHub Issues is available as fallback)

Contact

Use the support email for deletion/privacy requests. If email is unavailable, use GitHub Issues as fallback.

Support Email GitHub Issues ReedThinking Website

Effective date

Effective date: 2026-02-18