Privacy Policy

1. Introduction

Notebook Toolkit (“we,” “our,” or “us”) is a browser extension and web dashboard that helps users organize and manage their research workflow with Google NotebookLM. It works alongside NotebookLM as a complementary productivity layer and does not modify, reverse-engineer, or access any private NotebookLM APIs. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application at notebooktoolkit.com and our Chrome browser extension (collectively, the “Service”).

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, and profile picture (if you sign in via Google OAuth). We do not store your Google password.

Content You Capture

When you use the Notebook Toolkit extension or web app, we store the sources you capture, including webpage content, AI conversation exports, YouTube transcripts, text selections, and any metadata associated with these captures (titles, URLs, tags, notes).

Usage Data

We collect anonymized usage analytics including feature usage frequency, error logs, and performance metrics to improve the Service. This data cannot be used to identify individual users.

Chrome Extension Permissions

The Notebook Toolkit Chrome extension requests the following permissions:

• activeTab: To read the content of the current page when you choose to capture it.
• storage: To save your preferences, authentication token, and cached data locally in your browser.
• sidePanel: To display the Notebook Toolkit side panel for quick access to your sources and prompts.
• contextMenus: To add “Save to Notebook Toolkit” to your right-click menu.
• Host permissions (specific sites): To inject capture buttons on supported platforms (ChatGPT, Claude, Gemini, Perplexity, YouTube).

The extension only accesses page content when you explicitly trigger a capture. It does not passively monitor your browsing activity.

3. How We Use Your Information

• To provide, operate, and maintain the Service
• To manage your account and deliver features you request
• To process your transactions and manage billing
• To communicate with you about updates, support, and marketing (with your consent)
• To improve and personalize your experience
• To detect, prevent, and address technical issues and abuse

4. Data Storage

Your data is stored securely using Supabase, a SOC 2 Type II compliant database platform hosted on AWS infrastructure. All data is encrypted at rest using AES-256 and in transit using TLS 1.3. Database backups are performed daily and retained for 30 days.

The Chrome extension stores minimal data locally (authentication tokens, preferences, and a small cache) using Chrome's secure storage API. This data remains on your device and is not accessible to other extensions or websites.

5. Third-Party Services

We use the following third-party services:

• Supabase: Database hosting, authentication, and real-time subscriptions. Supabase processes your account data and captured content.Supabase Privacy Policy
• Polar.sh: Payment processing for subscriptions. Polar processes your payment information (credit card details, billing address). We never see or store your full credit card number.Polar Privacy Policy
• Google OAuth: Authentication. When you sign in with Google, we receive your name, email, and profile picture. We do not access your Google Drive, Gmail, or other Google services.

6. Your Rights

For All Users

• Access: You can view and export all your data from the Settings page.
• Correction: You can update your profile information at any time.
• Deletion: You can delete your account and all associated data from Settings. Deletion is permanent and completed within 30 days.
• Portability: You can export your data in JSON or ZIP format at any time.

GDPR (European Economic Area)

If you are in the EEA, you have the right to access, rectify, erase, restrict processing, data portability, and object to processing of your personal data. Our legal basis for processing is your consent (for account creation) and legitimate interest (for service improvement). To exercise these rights, contact us at privacy@notebooktoolkit.com.

CCPA (California)

California residents have the right to know what personal information we collect, to delete it, and to opt out of its sale. We do not sell personal information. To exercise your rights, contact us at privacy@notebooktoolkit.com.

7. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete all your personal data and captured content within 30 days. Anonymized usage analytics may be retained indefinitely. Backup copies are purged within 90 days of deletion.

8. Security

We implement industry-standard security measures including encryption at rest and in transit, regular security audits, access controls, and monitoring. However, no method of electronic storage is 100% secure, and we cannot guarantee absolute security.

9. Children's Privacy

The Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover that we have collected data from a child under 13, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or an in-app notification. Your continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

• Email: privacy@notebooktoolkit.com
• Support: notebooktoolkit.com/support