# Privacy Policy
**LABEL+ Extension for Google Keep**
**Effective Date:** January 23, 2025
**Last Updated:** January 23, 2025
---
## Introduction
Thank you for choosing LABEL+. Your privacy is important to us. This Privacy Policy explains how we collect, use, store, and protect your information when you use the LABEL+ Chrome extension ("Extension", "Service").
**Key Principles:**
- We collect only what we need to provide the Service
- Your note content is NEVER accessed or stored by us
- We use industry-standard encryption and security practices
- You have control over your data
By using the Extension, you agree to the collection and use of information in accordance with this Privacy Policy.
---
## 1. Information We Collect
### 1.1 Information Stored Locally (On Your Device)
The following data is stored in your browser using Chrome's Storage API and **never leaves your device** unless you explicitly upload a backup:
| Data Type | Purpose | Retention |
|-----------|---------|-----------|
| **Google Keep Label Names** | Display in Extension interface | Until you uninstall or clear data |
| **Sublabel Configurations** | Your custom sublabel hierarchies | Until you uninstall or clear data |
| **Label Order Preferences** | Custom ordering of labels | Until you uninstall or clear data |
| **UI Preferences** | Expanded/collapsed state, selected labels | Session or until changed |
| **Theme Preference** | Light or dark mode setting | Until you change it |
| **Tutorial Status** | Whether tutorial has been completed | Until you uninstall or clear data |
| **Usage Statistics (Pending)** | Temporarily stored before transmission | Up to 24 hours, then sent to server |
| **Grace Period Timestamp** | First installation time for 2-hour free access | Until grace period expires |
| **Extension Version** | Current installed version number | Until extension updates |
**Storage Location:** Chrome's `chrome.storage.local` API (isolated per extension)
**Per-Account Separation:** Each Google account you use maintains completely separate local data. Switching accounts loads that account's configuration.
### 1.2 Information Sent to Our Servers
The following data is transmitted to our servers at `lplus.protexiom.com`:
#### A. Email Address
- **When Collected:** When you click "Login" or "Refresh License"
- **Source:** Extracted from Google account metadata on keep.google.com
- **Purpose:** License verification and subscription management
- **Retention:** Stored indefinitely while you have an active or expired license
- **Encryption:** Transmitted via HTTPS; stored encrypted at rest
#### B. License Tokens (JWT)
- **When Collected:** Upon successful login or license refresh
- **Purpose:** Verify subscription status without repeated server requests
- **Contains:** Email, license status, issue/expiration dates
- **Retention:** 60 days (token expiration), then must be refreshed
- **Security:** Cryptographically signed with server secret
#### C. Usage Statistics
- **When Collected:** Sent automatically every 24 hours
- **Purpose:** Understand feature usage and improve the Extension
- **Includes:**
- Extension opens count
- Label clicks count
- Sublabel clicks count
- Sublabels created count
- Labels refreshed count
- "Check Notes" feature usage count
- Backup uploads count
- Backup restores count
- First use timestamp
- Last use timestamp
- Statistics period start/end timestamps
- **Does NOT Include:**
- Label names or sublabel names
- Note content or titles
- Browsing history
- Personal identifiable information (except email for association)
- **Retention:** Aggregated indefinitely for analytics; individual records may be deleted after 90 days
- **Opt-Out:** Not currently available (required for license validation)
#### D. Backup Data (Optional)
- **When Collected:** Only when you manually click "Upload Backup" in Settings
- **Includes:**
- Your complete sublabel hierarchy
- Label names and their associated sublabels
- Label order preferences
- Theme preference
- **Does NOT Include:**
- Note content or titles
- Personal notes or data
- **Purpose:** Allow you to restore your configuration on other devices or after reinstallation
- **Retention:** Stored until you request deletion or use "Clear All Data"
- **Encryption:** Transmitted via HTTPS; stored encrypted at rest
### 1.3 Information We Do NOT Collect
We explicitly **do not** collect, access, or store:
- ❌ Google Keep note content or titles
- ❌ Google account passwords or credentials
- ❌ Credit card or payment information (handled by PayPal)
- ❌ Browsing history outside of keep.google.com
- ❌ Contacts or address book
- ❌ Location data
- ❌ Device identifiers (IMEI, MAC address, etc.)
- ❌ Cookies (we don't use cookies)
- ❌ IP addresses (logged temporarily for security, not stored long-term)
**Special Note on "Check Notes" Feature:**
When you use the "Check Notes" validation feature, the Extension reads note titles and labels **only** within the current tab on keep.google.com. This data is processed locally in your browser and **never sent to our servers**.
---
## 2. How We Use Your Information
### 2.1 To Provide the Service
- **Display Labels:** Read label names from Google Keep to display in Extension interface
- **Store Sublabels:** Save your custom sublabel configurations locally
- **Sync Across Sessions:** Maintain your preferences and settings between uses
- **Validate License:** Check subscription status to grant or restrict access to features
### 2.2 To Improve the Service
- **Usage Analytics:** Understand which features are most used to prioritize development
- **Bug Detection:** Identify patterns that may indicate bugs or errors
- **Performance Optimization:** Analyze usage patterns to improve Extension speed
### 2.3 To Communicate With You
- **License Notifications:** Alert you when license is expiring or expired
- **Feature Updates:** Inform you of new features or important changes
- **Support Responses:** Reply to your support requests
### 2.4 To Ensure Security
- **Fraud Prevention:** Detect and prevent unauthorized use or license sharing
- **System Integrity:** Monitor for abuse or misuse of the Service
- **Compliance:** Comply with legal obligations and protect our rights
---
## 3. Data Sharing and Disclosure
### 3.1 Third Parties We Share Data With
| Third Party | Data Shared | Purpose | Privacy Policy |
|-------------|-------------|---------|----------------|
| **PayPal** | Email address, purchase amount | Payment processing for license purchases | [PayPal Privacy Policy](https://www.paypal.com/privacy) |
| **Our Servers** (lplus.protexiom.com) | Email, statistics, backup data | License validation, backup storage, analytics | This policy |
| **Google LLC** | None (we only read publicly visible labels) | Extension operates on keep.google.com | [Google Privacy Policy](https://policies.google.com/privacy) |
### 3.2 We Do NOT Sell Your Data
We **never** sell, rent, or trade your personal information to third parties for marketing purposes.
### 3.3 Legal Disclosures
We may disclose your information if required by law or in response to:
- Valid legal process (subpoena, court order, warrant)
- Requests from government authorities
- Protection of our rights, property, or safety
- Prevention of fraud or illegal activity
We will notify you of such disclosures unless prohibited by law.
### 3.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you via email and/or prominent notice in the Extension before your information is transferred.
---
## 4. Data Security
### 4.1 Encryption
- **In Transit:** All communications between Extension and our servers use HTTPS/TLS encryption
- **At Rest:** Data stored on our servers is encrypted using industry-standard encryption (AES-256)
- **JWT Tokens:** Cryptographically signed with HMAC-SHA256 to prevent tampering
### 4.2 Access Controls
- Server access restricted to authorized personnel only
- Multi-factor authentication required for administrative access
- Regular security audits and monitoring
### 4.3 Data Retention
| Data Type | Retention Period | Deletion Method |
|-----------|------------------|-----------------|
| Local storage (labels, sublabels) | Until you uninstall or clear data | Automatic on uninstall |
| Email address | While license is active or within 1 year of expiration | Manual deletion upon request |
| Usage statistics | 90 days (individual records); aggregated data retained indefinitely | Anonymized after 90 days |
| Backup data | Until you request deletion or clear data | Manual deletion upon request |
| JWT tokens | 60 days (automatic expiration) | Automatic expiration |
### 4.4 Limitations
While we implement strong security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your information.
---
## 5. Your Privacy Rights and Choices
### 5.1 Right to Access
You have the right to:
- View your current license status in Settings
- Review your local sublabel configurations (stored in browser)
- Request a copy of data stored on our servers
**How to Exercise:** Email gtg.ste2@gmail.com with "DATA ACCESS REQUEST"
### 5.2 Right to Deletion
You have the right to delete:
#### Local Data (Immediate):
- **Method 1:** Settings → "Clear All Data" (deletes all local configurations)
- **Method 2:** Uninstall Extension (deletes all local data automatically)
#### Server Data (Within 7 Days):
- **Email:** gtg.ste2@gmail.com with "DATA DELETION REQUEST"
- **Include:** Your registered email address
- **We will delete:**
- Your email address from license database
- Your usage statistics
- Your backup data (if any)
- **We will retain:** Anonymized aggregated statistics (cannot be linked back to you)
### 5.3 Right to Rectification
If your data is inaccurate or incomplete:
- **Email Address:** Use "Refresh License" to update from current Google account
- **Sublabel Data:** Edit directly in Extension interface
- **Other Data:** Email gtg.ste2@gmail.com with correction request
### 5.4 Right to Portability
You can export your data:
- **Sublabel Configurations:** Settings → "Upload Backup" (creates server copy) or use browser storage inspection tools
- **Usage Statistics:** Request export via email to gtg.ste2@gmail.com
### 5.5 Right to Object
You may object to:
- **Usage Statistics Collection:** Not currently possible (required for license validation); contact us if this is a concern
- **Marketing Communications:** We do not send marketing emails; only service-related communications
### 5.6 Right to Withdraw Consent
You may withdraw consent at any time by:
- Uninstalling the Extension
- Requesting account deletion (see 5.2 above)
---
## 6. Children's Privacy
The Extension is **not intended for users under 13 years of age**. We do not knowingly collect personal information from children under 13.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at gtg.ste2@gmail.com. We will take steps to delete such information within 7 business days.
---
## 7. International Data Transfers
Our servers may be located in various regions. If you are accessing the Extension from outside the server location, your information may be transferred to, stored, and processed in that location.
By using the Extension, you consent to the transfer of your information to countries that may have different data protection laws than your country of residence.
**EU/EEA Users:** We comply with applicable data protection laws including GDPR where applicable. See Section 9 for GDPR-specific rights.
---
## 8. Chrome Extension Permissions
The Extension requires the following Chrome permissions:
| Permission | Purpose | Data Access |
|------------|---------|-------------|
| `storage` | Store sublabel configurations, preferences, and statistics locally | Local data only |
| `tabs` | Detect when you're on keep.google.com to show side panel | URL of current tab only |
| `sidePanel` | Display Extension interface in Chrome's side panel | No data access |
| `scripting` | Insert sublabel tags (##sublabel) into notes when you click Insert button | Injects text into active tab |
| **Host Permission:** `keep.google.com` | Access Google Keep labels and interact with notes | Read labels, write sublabel tags |
**Permissions We Do NOT Request:**
- ❌ `history` - We don't track browsing history
- ❌ `cookies` - We don't access cookies
- ❌ `bookmarks` - We don't read bookmarks
- ❌ `<all_urls>` - We only access keep.google.com
---
## 9. GDPR Compliance (EU/EEA Users)
If you are located in the European Union or European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR):
### 9.1 Legal Basis for Processing
We process your data based on:
- **Contractual Necessity:** To provide the Service you've subscribed to
- **Legitimate Interest:** To improve the Service and prevent fraud
- **Consent:** For optional features like backup upload
### 9.2 Data Protection Officer
For GDPR-related inquiries, contact: gtg.ste2@gmail.com with "GDPR REQUEST" in subject line
### 9.3 Additional GDPR Rights
- **Right to Restrict Processing:** Limit how we use your data
- **Right to Data Portability:** Receive your data in machine-readable format
- **Right to Object:** Object to processing based on legitimate interest
- **Right to Lodge a Complaint:** File complaint with your local supervisory authority
### 9.4 Data Retention Justification
We retain data only as long as necessary to:
- Provide the Service
- Comply with legal obligations
- Resolve disputes and enforce agreements
---
## 10. California Privacy Rights (CCPA)
If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):
### 10.1 Categories of Personal Information Collected
- **Identifiers:** Email address
- **Usage Data:** Extension usage statistics
- **Preferences:** Theme, label order, expanded state
### 10.2 Your CCPA Rights
- **Right to Know:** Request disclosure of personal information collected
- **Right to Delete:** Request deletion of personal information
- **Right to Opt-Out of Sale:** We do not sell personal information
- **Right to Non-Discrimination:** We will not discriminate for exercising your rights
### 10.3 How to Exercise Rights
Email gtg.ste2@gmail.com with "CCPA REQUEST" in subject line. We will respond within 45 days.
---
## 11. Cookies and Tracking Technologies
### 11.1 Cookies
The Extension **does not use cookies**. All data is stored using Chrome's Storage API.
### 11.2 Do Not Track
We do not track users across websites. Our Extension only functions on keep.google.com.
### 11.3 Analytics
We use our own analytics system (usage statistics described in Section 1.2.C). We do not use third-party analytics services like Google Analytics.
---
## 12. Changes to This Privacy Policy
### 12.1 Notification of Changes
We may update this Privacy Policy from time to time. We will notify you of material changes via:
- Email to your registered email address
- Prominent notice in the Extension interface
- Update to "Last Updated" date at top of this document
### 12.2 Review and Acceptance
We encourage you to review this Privacy Policy periodically. Continued use of the Extension after changes constitutes acceptance of the updated Privacy Policy.
### 12.3 Material Changes
For material changes that significantly affect your rights, we will:
- Provide 30 days advance notice
- Request explicit consent if required by law
- Allow you to opt-out or delete your account
---
## 13. Contact Us
For questions, concerns, or requests regarding this Privacy Policy or your personal information:
**Email:** gtg.ste2@gmail.com
**Subject Lines for Specific Requests:**
- General privacy questions: "PRIVACY QUESTION"
- Data access request: "DATA ACCESS REQUEST"
- Data deletion request: "DATA DELETION REQUEST"
- GDPR request: "GDPR REQUEST"
- CCPA request: "CCPA REQUEST"
- Data breach notification: "SECURITY CONCERN"
**Response Time:** Within 7 business days for most requests; within 45 days for CCPA/GDPR requests as required by law.
**Mailing Address (if required):**
[Your company mailing address if you have one; otherwise, can omit]
---
## 14. Data Breach Notification
In the unlikely event of a data breach that compromises your personal information, we will:
1. **Investigate** the breach within 24 hours
2. **Notify Affected Users** via email within 72 hours
3. **Notify Authorities** as required by law (e.g., GDPR requires 72-hour notification)
4. **Provide Details** including:
- Nature of the breach
- Data affected
- Steps we're taking to mitigate
- Steps you should take to protect yourself
5. **Offer Assistance** such as credit monitoring if applicable
---
## 15. Third-Party Links
The Extension may contain links to third-party websites (e.g., PayPal for payments, our website for pricing). This Privacy Policy applies only to our Extension. We are not responsible for the privacy practices of third-party sites. We encourage you to review their privacy policies.
---
## 16. Open Source and Transparency
### 16.1 Network Traffic Inspection
While our Extension code is not currently open source, you can inspect network traffic using browser developer tools to verify:
- What data is sent to our servers
- When data is transmitted
- Encryption is used (HTTPS)
### 16.2 Code Audits
We welcome security researchers to inspect our Extension for vulnerabilities. If you discover a security issue, please email gtg.ste2@gmail.com with "SECURITY VULNERABILITY" in the subject line.
---
## 17. Consent and Acknowledgment
By installing and using the LABEL+ Extension, you acknowledge that you have:
- ✅ Read and understood this Privacy Policy
- ✅ Consent to the collection, use, and sharing of your information as described
- ✅ Understand that Google Keep labels will be read by the Extension
- ✅ Understand that usage statistics will be sent to our servers every 24 hours
- ✅ Understand your rights and how to exercise them
---
## 18. Glossary
- **Chrome Storage API:** Browser-based storage mechanism that stores data locally on your device
- **JWT (JSON Web Token):** A secure token format used for license validation
- **HTTPS/TLS:** Encryption protocol for secure data transmission
- **Sublabel:** Custom organizational tag you create under existing Google Keep labels
- **Grace Period:** 2-hour free trial period for new installations
- **License Validation:** Process of verifying your subscription status with our servers
- **Personally Identifiable Information (PII):** Information that can identify you (e.g., email address)
---
**END OF PRIVACY POLICY**
*Version 2.0 - Effective January 23, 2025*
---
## Version History
| Version | Date | Changes |
|---------|------|---------|
| 1.0 | January 10, 2025 | Initial privacy policy |
| 2.0 | January 23, 2025 | Complete rewrite with enhanced detail, GDPR/CCPA compliance, clearer language |