privacy-policy-for-chrome-extension

Privacy Policy for 高效待办清单 Chrome Extension

Last Updated: 2025-07-17

Thank you for using 高效待办清单 (To-Do List), a Chrome extension developed by Alan Smith. Your privacy is important to us. This Privacy Policy explains what information we collect, how we use and store it, and the permissions we require.

1. Information We Collect and Use

Our extension is designed to be a private, personal productivity tool. We handle the following types of data:

a) User-Generated Content: This is the core data of the extension, created and managed entirely by you. It includes:

• Your to-do items (daily, monthly, future plans)
• Notes, progress text, and priority associated with your tasks
• Subtasks for your monthly to-dos
• Hyperlinks you add to your tasks
• Ledger entries (date, item, amount, payment method, details)
• Budget information for your ledger items
• Currency symbol preference

How we use it: This data is used solely to provide the core functionality of the extension. It is displayed back to you within the extension’s interface (popup, dashboard, and stats page).

b) Financial Information: The “Ledger” and “Budget” features allow you to voluntarily record and manage your financial transactions and spending goals. This information is treated as sensitive and is part of your User-Generated Content.

c) Google User Information (for Google Drive Sync): To enable the Google Drive synchronization feature, we use Google’s OAuth 2.0 process to request access to specific functionalities. When you authorize the extension:

• We obtain an OAuth access token that allows the extension to interact with your Google Drive on your behalf.
• We do not directly collect or store your Google account email address or password. The authentication is handled by Google.
• The extension will create a specific application data folder or a specific file (e.g., efficienTodoData.json) within your own Google Drive to store your extension data.

How we use it: This access is used exclusively to read and write your 高效待办清单 data to and from the designated file in your Google Drive, enabling synchronization across your devices and providing a backup. We do not access, view, or use any other files or data in your Google Drive.

2. Data Storage

Your data is stored in two locations:

a) Locally on Your Device: All the data you create is initially stored locally on your device using Chrome’s Local Storage API (chrome.storage.local). This allows the extension to function offline and provides fast access to your data. This data is private to your Chrome profile on that specific device.

b) In Your Google Drive (if Sync is Enabled): If you choose to enable the Google Drive synchronization feature:

• A copy of your extension data (User-Generated Content) is stored in a dedicated file (e.g., efficienTodoData.json) within your personal Google Drive account.
• This file is under your control and subject to Google’s privacy policies and security measures for Google Drive.
• We, the developers, do not have direct access to this file or the data within it via our own accounts. The extension accesses this file on your behalf using the OAuth token you grant.
• Synchronization occurs when you manually trigger it, or automatically at intervals or upon data changes, to keep your local data and Drive data consistent.

3. Permissions Justification

Our extension requests the following permissions to function correctly:

• storage: Essential for saving your to-do lists, ledger data, and settings locally on your device using chrome.storage.local so it persists between browser sessions.
• alarms:
  • Used to schedule and trigger desktop notifications for your “Future Plan” tasks at the specified times.
  • Used for background tasks such as resetting daily tasks at the start of a new day and moving due future plans to the daily list.
  • May be used for scheduling periodic automatic synchronization with Google Drive.
• identity (or specific Google Drive scopes requested via chrome.identity.getAuthToken): Required to authenticate you with your Google account and obtain an OAuth token. This token grants the extension permission to:
  • Access and manage its own configuration data in your Google Drive (e.g., read/write the specific efficienTodoData.json file). This isrequested using scopes https://www.googleapis.com/auth/drive.file. This permission is only used for storing and retrieving your extension’s data file and does not grant access to other files in your Drive.
• notifications: Required to display desktop notifications for “Future Plan” task reminders.
• contextMenus: Used to provide a “Add to 高效待办清单” option in the right-click context menu when you select text on a webpage, allowing for quick task creation.
• downloads: This permission is used for data management features, allowing you to:
  • Export your task or ledger history as .xlsx (Excel) files.
  • Backup your entire application data as a .json file for manual transfer or safekeeping.
• Host Permissions (https://api.openai.com/ https://generativelanguage.googleapis.com/ https://api.deepseek.com/): These permissions are strictly required for the core AI Assistant feature.
  • Purpose: To enable “Smart Add” and “Generate Report” functionalities, the extension needs to send requests from your browser directly to the AI service provider (OpenAI or Google Gemini) that you have selected and configured.
  • User Control: This feature is entirely optional and opt-in. It only functions if you explicitly provide your own personal API Key in the extension’s settings.
  • Data Privacy: The extension acts only as a conduit. We do not collect, store, or have access to your API Key or the content of your requests to these services. The communication occurs directly between your browser and the respective AI provider’s servers. Without these permissions, the AI Assistant feature will be disabled, but all other features of the extension will remain fully functional.
• Host Permissions (https://notion-auth-proxy.martinlinzhiwu.workers.dev/): Requesting host permissions for https://notion-auth-proxy.martinlinzhiwu.workers.dev/ is necessary to enable this plugin’s “AI report export to Notion” feature. Following Google’s recommended security best practices, the exchange of sensitive information during the user’s Notion authorization process (using the OAuth 2.0 protocol to exchange authorization codes for access tokens) will be handled on our Cloudflare Worker proxy server, rather than on the user’s browser. This approach securely protects users’ authorization credentials and prevents any sensitive keys from being exposed in the frontend code. Therefore, the plugin requires this permission to establish secure communication with the proxy server to complete the Notion authorization process and subsequent data export operations.

Translated with DeepL.com (free version)

4. Third-Party Services

• Google Drive API: Used for optional data synchronization and backup, as described in sections 1(c) and 2(b). Your interaction with Google Drive is governed by Google’s Privacy Policy and Terms of Service.
• SortableJS: This library is bundled locally within the extension to enable drag-and-drop functionality for list items. It does not make any external network requests or transmit any data.
• SheetJS (xlsx): This library is bundled locally within the extension to enable import and export of task and ledger data to/from Excel (.xlsx) files. This functionality is user-initiated and operates entirely on your local device; no data is transmitted externally by this library during the process.

5. Data Security

We take reasonable precautions to protect your information.

• Local data is protected by Chrome’s built-in security for extension storage.
• Data synced to Google Drive is protected by Google’s security infrastructure and your Google account credentials.
• Access to your Google Drive for synchronization is based on OAuth 2.0, a standard and secure authorization protocol.

However, please remember that no method of transmission over the internet or method of electronic storage is 100% secure.

6. User Control and Data Deletion

• You can view, edit, and delete your data directly within the extension.
• If you use Google Drive sync, you can manage or delete the extension’s data file (e.g., efficienTodoData.json) directly from your Google Drive. Deleting this file from Drive will remove the cloud backup but may not immediately remove local data until the next sync attempt or manual reset.
• You can revoke the extension’s access to your Google Drive at any time through your Google Account’s security settings (Apps with access to your account).
• Uninstalling the extension will typically remove the locally stored data (chrome.storage.local), but it will not automatically delete the data file from your Google Drive if sync was enabled.

7. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Last Updated” date. You are advised to review this Privacy Policy periodically for any changes.

8. Contact Us

If you have any questions about this Privacy Policy, you can contact us at:

• Email: martinlinzhiwu@gmail.com