Privacy Policy - pageIQ Chrome Extension

Introduction

Welcome to pageIQ ("Extension," "we," "us," or "our"). pageIQ is a Chrome extension that helps you summarize web content, extract YouTube transcripts, and engage in AI-powered discussions about the content you're viewing. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Chrome extension.

By installing and using pageIQ, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not install or use the Extension.

Chrome Extension Permissions Explained

pageIQ requests specific permissions to function properly. We believe in transparency and want you to understand exactly why each permission is needed:

Permissions We Request

1. activeTab

Purpose: Access the currently active tab when you explicitly trigger the extension
Usage: Only activated when you click the extension icon or use the context menu
Privacy Note: We can only read content from tabs you actively choose to summarize

2. storage

Purpose: Store your preferences and authentication credentials locally on your device
What We Store: Email address, JWT authentication token, language preference, voice settings, TTS playback rate, auto-play preferences, copy format settings, and a non-sensitive UI theme preference (darkMode)
Privacy Note: Data is stored in Chrome extension storage (chrome.storage.session and chrome.storage.local), with darkMode stored in extension-page localStorage

3. contextMenus

Purpose: Add a "Summarize selection with pageIQ" option to your right-click menu
Usage: Allows you to quickly summarize selected text on any webpage

4. scripting

Purpose: Inject necessary code to extract content from web pages
Privacy Note: Scripts are only injected when you actively use the extension, not automatically on every page

5. clipboardWrite

Purpose: Copy AI-generated summaries and responses to your clipboard
Usage: Enables the copy functionality in the extension interface

Host Permissions

The extension requests access to specific domains:

youtube.com, googlevideo.com, ytimg.com: To extract video transcripts for summarization of YouTube content
api.maskia.co: To communicate with our AI processing service for generating summaries and responses
maskia.co: To support account and billing flows (for example, opening checkout and billing status pages)

Privacy-First Design Philosophy

                    On-Demand Only: The extension ONLY processes content when you explicitly request it by clicking the extension icon, using the context menu, or interacting with the sidebar
No Background Monitoring: We do not monitor, collect, or transmit data from pages you browse passively
No Analytics or Tracking: We do not use Google Analytics, tracking pixels, or any analytics services
Minimal Data Retention: Content is processed in real-time and not stored on our servers
Local-First Storage: All your settings and credentials are stored locally on your device

                

Information We Collect and Process

We believe in transparency about data collection. Here's a comprehensive breakdown of what information we collect and how we handle it:

1. Account and Authentication Information

Email Address

Collection: Provided by you during the login process
Purpose: User authentication and account identification
Storage: Stored in Chrome extension storage (chrome.storage.session with chrome.storage.local fallback)
Transmission: Sent to api.maskia.co only during authentication requests
Retention: Until you log out or uninstall the extension

JWT Authentication Token

Collection: Issued by our server after email verification
Purpose: Authenticate API requests without repeatedly sending your email
Storage: Stored in Chrome extension storage (chrome.storage.session with chrome.storage.local fallback)
Transmission: Included in header of API requests to api.maskia.co
Retention: Until you log out or uninstall the extension

2. User Preferences and Settings

Stored locally on your device:

Language Preference: Your preferred language for summaries
Voice Settings: Selected text-to-speech voice preference
TTS Playback Rate: Audio playback speed preference (0.5x to 2.0x)
Auto-Play TTS Setting: Whether to automatically play text-to-speech
Copy Format Preference: Format for copying content (formatted or plain text)

Storage Location: Chrome extension storage (chrome.storage.session and chrome.storage.local) plus extension-page localStorage for non-sensitive UI theme preference (darkMode)
Transmission: Stored preferences are primarily local. Request-specific preferences (for example selected language or detail level) are transmitted to api.maskia.co only when required to fulfill a user-initiated request
Purpose: Personalize your experience across sessions

3. Web Page Content (Temporary Processing Only)

What We Process:

Text content from articles, blog posts, and web pages you choose to summarize
Selected text when using the "Summarize selection" context menu
YouTube video transcripts when summarizing videos

When It's Collected: Only when you actively click the extension icon or use the summarize feature

How It's Processed:

Extracted from the active tab using content scripts
Transmitted to api.maskia.co via secure HTTPS connection
Processed by AI models to generate summaries
NOT stored permanently on our servers. Recent summaries and source text may be cached locally in your browser (count-limited cache) until replaced by newer entries or cleared by you

Why We Need It: To generate AI summaries and answer your questions about the content

4. User Messages and Chat Conversations

What: Questions and messages you type in the chat interface
Purpose: Provide context-aware answers about the web page content
Processing: Sent to api.maskia.co along with page content for AI processing
Storage: Not stored locally after the session ends; not permanently stored on our servers
Retention: Only held in memory during active processing

5. YouTube Transcript Data

What: Transcripts extracted from YouTube videos
How: Retrieved from YouTube's public transcript API or DOM extraction
Caching: If you summarize a video, transcript text may be included in the local recent-summary cache (count-limited) until replaced or cleared
Purpose: Enable summarization and Q&A for video content
Privacy Note: Only extracted when you actively request a summary of a YouTube video
Session Context Note: Transcript fetch may use browser session context (for example, first-party YouTube session context) to retrieve caption data. pageIQ does not set tracking cookies

6. Technical and Usage Information

API Request Metadata:

Request timestamps (for rate limiting and retry logic)
Error logs (stored locally in browser console, not transmitted)
Service configuration metadata (for routing/compatibility)
Usage metadata (for billing and abuse prevention)

What We DON'T Collect:

Browsing history
Personal identifiers beyond email
Geolocation data
Device fingerprints
Analytics or tracking data
Information from pages you don't actively summarize

How We Use Your Information

We use the collected information for the following purposes:

1. Provide Core Functionality

Content Summarization: Process web page text to generate AI-powered summaries
Question Answering: Use page content and your questions to provide relevant answers
Text-to-Speech: Convert summaries and responses to audio using your voice preferences
YouTube Transcript Extraction: Retrieve and process video transcripts for summarization

2. Authentication and Account Management

User Authentication: Verify your identity using email-based magic link authentication
API Request Authorization: Validate requests to our API using JWT tokens
Account Security: Protect your account from unauthorized access

3. Service Improvement

Error Handling: Debug and resolve technical issues (error logs remain local)
Rate Limiting: Prevent abuse and ensure fair usage across all users
Performance Optimization: Cache transcripts temporarily to reduce redundant API calls

4. Billing and Credits Management

Usage Tracking: Monitor API usage for billing purposes
Credit System: Track your available credits for AI processing. Purchased credits expire 3 months after the date of purchase. Expired credits are forfeited and cannot be refunded or reinstated
Checkout Processing: Facilitate credit purchases through Stripe (handled by our backend)

What We DON'T Use Your Information For

Marketing or advertising
Selling to third parties
Building user profiles for targeting
Training AI models on your submitted content
Cross-site tracking or behavioral analysis

Data Sharing and Third-Party Services

Third-Party Service Providers

We share data with the following third-party service providers solely to deliver our service:

1. Maskia API Backend (api.maskia.co)

Operated By: Maskia (us)

Data Shared:

Your JWT authentication token (in request headers)
Email address (during authentication only)
Web page content you choose to summarize
Your questions and chat messages
Settings like language preference and feature preferences
Request metadata needed to fulfill your request (for example page URL, page title, optional channel name, and selected summary detail level)

Purpose: AI processing for content summarization, question answering, and text-to-speech generation

Data Handling:

All transmissions use HTTPS encryption
Content is processed in real-time and not permanently stored
Server logs may temporarily record request metadata for error debugging and rate limiting

2. Third-Party AI Service Providers

Our backend API (api.maskia.co) uses external AI service providers to deliver summarization, question-answering, and text-to-speech functionality.

Important Notes:

We act as an intermediary between you and these AI providers
Content you submit for processing is sent to our API (api.maskia.co), which routes it to third-party AI services for processing
These providers process data under their own privacy terms and data processing commitments
We may change AI providers without prior notice to improve service quality or reliability
For questions about specific providers currently in use, contact us at marc@maskia.co

3. Stripe (Payment Processing)

Purpose: Process credit purchases when you add credits to your account

Data Shared: Payment information is handled directly by Stripe; we do not store credit card information

Usage: Only when you initiate a checkout to purchase credits

4. YouTube/Google

Purpose: Extract video transcripts from YouTube videos

Data Shared: Video URLs when you request summaries of YouTube content

Note: Transcript extraction uses publicly available YouTube APIs and page data

Google API Limited Use Disclosure

pageIQ's use of information received from Google APIs adheres to the Chrome Web Store User Data Policy, including the Limited Use requirements.

Specifically:

Data obtained from Google APIs (such as YouTube transcripts) is only used to provide and improve features of this extension
We do not transfer this data to third parties except as necessary to provide the extension's functionality or as required by law
We do not use this data for serving advertisements
We do not allow humans to read this data unless we have your affirmative consent, it's necessary for security purposes, or to comply with legal obligations

Data We Do NOT Share

We do NOT:

Sell your personal information to third parties
Share your data with advertisers or marketing companies
Provide your data to analytics services (we don't use Google Analytics or similar tools)
Share your browsing history or usage patterns
Disclose your information except as described in this policy or as required by law

Data Security

We take the security of your information seriously and implement industry-standard security measures:

Technical Safeguards

1. Encryption in Transit

All communications with api.maskia.co use HTTPS/TLS encryption
Authentication tokens are transmitted securely in HTTP headers
No sensitive data is sent via unencrypted channels

2. Secure Local Storage

Credentials and settings are stored using Chrome's storage API
Chrome's storage is protected by the browser's sandboxing and security model
Data is isolated per extension and cannot be accessed by other extensions or websites

3. Authentication Security

Magic link email authentication (no passwords to be compromised)
JWT tokens with expiration for API authentication
Tokens are validated on each API request

4. Content Security Policy (CSP)

Strict CSP headers prevent unauthorized script execution
No inline scripts or eval() usage
Restricted connections to only approved domains

5. Minimal Attack Surface

Scripts only injected when actively used
No background monitoring or passive data collection
Sandboxed iframe for extension UI

Data Protection Practices

No Server-Side Storage of Content: Web content and chat messages are processed in memory and not written to databases
Local Recent-Summary Cache: Recent summaries/source content are cached locally in a count-limited cache and can be removed with "Clear All Data"
Rate Limiting: Protects against abuse and unauthorized access attempts
Error Handling: Errors logged locally in your browser console, not transmitted to external servers

Your Role in Security

Keep your email account secure (it's used for authentication)
Log out if using a shared device
Report any suspicious activity to us immediately
Keep your browser and operating system updated

Limitations

While we implement strong security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we continuously work to protect your information using industry best practices.

Your Privacy Rights and Choices

You have significant control over your data and how the extension functions:

1. Access and Control Your Data

View Your Settings: Access all stored preferences through the extension's settings interface
Export Your Data: Your local data can be viewed through Chrome's extension storage inspector
Modify Preferences: Change language, voice, playback rate, and other settings at any time

2. Delete Your Data

You have multiple options to delete your data:

Clear All Data: Use the "Clear All Data" button in extension settings to immediately delete:
- Authentication tokens
- Email address
- All preferences and settings
- Cached summaries and extracted source content
- TTS audio cache
Log Out: Remove authentication credentials while keeping preferences:
- Clears JWT token and email
- Preserves your language and voice settings
Uninstall Extension: Completely removes:
- All locally stored data
- All extension files and permissions
- Access to your content
Server-Side Deletion Request: Request deletion of eligible server-side personal data (for example, authentication/account metadata that is not required to be retained by law):
- Contact us at marc@maskia.co from your account email
- We may require identity/account verification before deletion
- We process verified deletion requests within applicable legal timelines

3. Control What Gets Processed

Selective Summarization: You choose which pages to summarize - nothing happens automatically
Context Menu Control: Right-click summarization only processes selected text
Disable Extension: Temporarily disable the extension without uninstalling
Pause Usage: Simply don't click the extension icon - no data is collected passively

4. Manage Permissions

Review Permissions: Check granted permissions in Chrome's extension management page (chrome://extensions)
Revoke Access: Disable specific permissions (though this may break functionality)
Remove Extension: Instantly revokes all permissions

5. Opt-Out Options

No Marketing Emails: We do not send marketing emails (authentication codes only)
No Tracking: There's nothing to opt out of - we don't track you
TTS Auto-Play: Disable auto-play in settings if you prefer manual control

6. Data Portability

Most extension settings data is stored locally:

You can access local extension data through Chrome's storage inspector
Settings are simple key-value pairs that you can export
For server-side records (for example, authentication/account metadata and billing records), contact us using the details in this policy

Data Retention and Deletion

We follow a minimal data retention approach to protect your privacy:

Local Storage (On Your Device)

Data Type	Retention Period	Deletion Method
JWT Authentication Token	Until logout or uninstall	Log out, clear data, or uninstall
Email Address	Until logout or uninstall	Log out, clear data, or uninstall
Language Preference	Until changed or uninstall	Change setting, clear data, or uninstall
Voice Settings	Until changed or uninstall	Change setting, clear data, or uninstall
TTS Playback Rate	Until changed or uninstall	Change setting, clear data, or uninstall
Auto-Play TTS Setting	Until changed or uninstall	Change setting, clear data, or uninstall
Copy Format Preference	Until changed or uninstall	Change setting, clear data, or uninstall
Recent Summary/Source Cache	Count-limited local cache	Replaced by newer entries or removed by clear data/uninstall
TTS Audio Cache (in-memory)	60 seconds	Auto-deleted or page reload

Server-Side Processing (api.maskia.co)

Data Type	Retention Period	Purpose
Web Page Content	Not stored (in-memory processing only)	Real-time AI processing
Chat Messages	Not stored (in-memory processing only)	Real-time AI processing
Request Logs	Limited retention period based on security and operational needs (metadata only)	Error debugging, rate limiting, abuse prevention
Authentication Records	Duration of account existence	Account management, security
Billing Records	As required by law (typically 7 years)	Legal compliance, tax purposes

Automatic Deletion

Recent Summary/Source Cache: Newer entries evict older entries (count-limited cache)
TTS Audio: Cleared from memory after 60 seconds or when tab/page reloads
Processing Data: Web content and messages are never written to disk; held in memory during processing only

Manual Deletion

You can delete all local data immediately by:

Opening the extension settings
Clicking "Clear All Data"
Or by logging out to remove authentication only
Or by uninstalling the extension to remove everything

For server-side deletion requests:

Email marc@maskia.co from your account email with subject "Data Deletion Request"
Complete any required verification
We will delete eligible data and confirm completion, except where retention is required by law

International Data Transfers

Cross-Border Data Processing

When you use pageIQ, your data may be transferred to and processed in different countries:

API Backend: Our API servers (api.maskia.co) may be located in various regions
AI Service Providers: Third-party AI model providers may process data in the United States and other jurisdictions
Cloud Infrastructure: We may use cloud service providers with data centers globally

Safeguards for International Transfers

We ensure appropriate safeguards for international data transfers:

Encryption: All data transfers use HTTPS/TLS encryption
Contractual Protections: We require third-party providers to implement appropriate data protection measures
Minimal Data Retention: Content is processed in-memory and not stored permanently
Standard Contractual Clauses: Where applicable, we use EU-approved Standard Contractual Clauses

Your Rights Regarding International Transfers

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the right to:

Be informed about international data transfers
Object to transfers that don't meet adequate protection standards
Request that your data be processed only in specific jurisdictions (note: this may limit service functionality)

Children's Privacy

pageIQ is not directed to children under the age of 13 (or 16 in the European Economic Area).

We do not knowingly collect personal information from children under 13/16
We do not market our services to children
If we become aware that we have inadvertently collected data from a child under 13/16, we will take steps to delete it promptly
Parents or guardians who believe we may have collected information from a child should contact us immediately

Region-Specific Privacy Rights

For European Union (EU) and European Economic Area (EEA) Users (GDPR)

Under the General Data Protection Regulation (GDPR), you have the following rights:

Your GDPR Rights

Right to Access (Article 15)
- Request confirmation of whether we process your personal data
- Obtain a copy of your personal data
- How: Contact us via email or check local storage in extension settings
Right to Rectification (Article 16)
- Correct inaccurate personal data
- How: Update your settings directly in the extension
Right to Erasure / "Right to be Forgotten" (Article 17)
- Request deletion of your personal data
- How: Use "Clear All Data" in settings, log out, or uninstall
Right to Restriction of Processing (Article 18)
- Limit how we process your data
- How: Disable the extension or don't use summarization features
Right to Data Portability (Article 20)
- Receive your data in a structured, machine-readable format
- How: Access local extension data via Chrome's storage inspector; contact us for server-side records
Right to Object (Article 21)
- Object to processing based on legitimate interests
- How: Stop using the extension or contact us
Right to Withdraw Consent (Article 7)
- Withdraw consent at any time
- How: Log out, clear data, or uninstall
Right to Lodge a Complaint
- File a complaint with your local supervisory authority
- How: Contact your national Data Protection Authority

Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

Contract Performance (Article 6(1)(b)): To provide the services you request (for example, summarization, Q&A, and account functions)
Legitimate Interests (Article 6(1)(f)): To secure the service, prevent abuse/fraud, and maintain reliability
Consent (Article 6(1)(a)), where required: For optional processing activities that legally require consent in your jurisdiction

For California Residents (CCPA/CPRA)

Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), you have the following rights:

Your CCPA/CPRA Rights

Right to Know
- Know what personal information we collect, use, disclose, and sell
- This Privacy Policy provides comprehensive disclosure
Right to Access
- Request access to your personal information
- How: Review local extension data in settings/storage and contact us for server-side records
Right to Delete
- Request deletion of your personal information
- How: Use "Clear All Data" in settings
Right to Opt-Out of Sale
- Note: We do NOT sell your personal information
- No opt-out necessary as we don't engage in data sales
Right to Non-Discrimination
- We will not discriminate against you for exercising your privacy rights
Right to Correct
- Request correction of inaccurate personal information
- How: Update settings directly in the extension

CCPA Data Categories We Collect

Identifiers: Email address
Internet Activity: Web page content you choose to summarize (not retained)
Preferences: Language, voice settings, and UI theme preference (stored locally)

For Users in Other Jurisdictions

We respect privacy rights globally. If your jurisdiction has specific privacy laws, please contact us to exercise your rights. We will respond in accordance with applicable law.

Cookies and Tracking Technologies

Important: pageIQ does NOT use cookies or tracking technologies.

No cookies are set by the extension
No tracking pixels or beacons
No fingerprinting techniques
No cross-site tracking
No analytics services (Google Analytics, etc.)

The extension uses Chrome extension storage APIs (chrome.storage.session and chrome.storage.local) for preferences/authentication and extension-page localStorage for a non-sensitive UI theme preference (darkMode). These storage areas are scoped to the extension context and are not used for cross-site tracking.

Changes to This Privacy Policy

How We Update This Policy

We may update this Privacy Policy from time to time to reflect:

Changes in our practices
Changes in applicable laws
New features or services
User feedback and improvements

Notice of Changes

Effective Date: All changes will be reflected in the "Last Updated" date at the top of this policy
Material Changes: For significant changes, we will provide prominent notice through the extension interface or via email
Your Continued Use: Continued use of the extension after changes constitutes acceptance of the updated policy
Version History: Previous versions may be available upon request

Review Regularly

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Maskia - pageIQ Extension

Legal Entity / Controller Name: Maskia
Jurisdiction/Country: Available upon written request
Postal Contact: Available upon verified written request sent to the email below
Website: https://maskia.co
Email: marc@maskia.co
Chrome Web Store: Support section for pageIQ extension

Response Time

We aim to respond to privacy-related inquiries within:

General inquiries: 7 business days
Data subject rights requests (GDPR, CCPA): 30 days (as required by law)
Security concerns: 48 hours

Data Protection Officer

For EU/EEA users with GDPR-specific concerns, you may request to speak with our Data Protection Officer (if appointed) by contacting us through the methods above.

Acceptance of This Policy

By installing and using the pageIQ Chrome extension, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

If you do not agree with this Privacy Policy, please do not install or use the extension.