Privacy Policy - MonoMind Extension

1. Introduction

Welcome to MonoMind, a Chrome/Edge browser extension designed to help you maintain deep focus and productivity by blocking distracting websites during work or study sessions.

This Privacy Policy explains how MonoMind collects, uses, stores, and protects your data. We are committed to transparency and protecting your privacy.

2. Information We Collect

2.1. Browsing Activity Data

To provide website blocking and productivity tracking features, MonoMind collects:

Website URLs/Domains: The domains you visit (e.g., "facebook.com", "youtube.com")
Visit Duration: Time spent on each website
Block Events: Number of times a website was blocked
Timestamp: When you visited each website

          ⚠️ What We DON'T Collect:
          ❌ Page content or what you read/write on websites
❌ Passwords or form data
❌ Personal messages or emails
❌ Credit card or financial information
❌ Full URLs with query parameters (only domains)

        

2.2. User Account Data

When you sign in through our web app, we collect:

Email address: For authentication and account management
User ID: A unique identifier assigned by our authentication provider (Supabase)

2.3. Extension Settings

Your custom blocklist (websites you choose to block)
Block type preferences (Always block vs. Pomodoro-only block)
Timer settings and Pomodoro configurations

3. How We Use Your Information

3.1. Core Functionality

Website Blocking: To determine which websites to block based on your settings
Productivity Tracking: To show you statistics about your browsing habits and focus time
Synchronization: To sync your blocklist and settings across devices

3.2. Analytics & Insights

Calculate your daily Focus Score
Generate productivity reports and charts
Show time spent on productive vs. distracting websites

3.3. Authentication

Verify your identity when you log in
Maintain your session across extension and web app
Protect your data with secure authentication

4. How We Store Your Data

4.1. Local Storage (On Your Device)

Most of your data is stored locally in your browser using Chrome's chrome.storage.local API:

Authentication tokens
Blocklist and settings
Daily browsing statistics
Bypass permissions

This data never leaves your device unless you explicitly sync with our server.

4.2. Cloud Storage (Supabase)

When you enable synchronization, the following data is stored on our secure Supabase backend:

Your blocklist (domains and block types)
Daily browsing statistics (aggregated, not real-time)
Timer settings and preferences

Server Location: Data is stored on Supabase servers (PostgreSQL database) with encryption at rest and in transit.

5. Data Sharing & Third Parties

          ✅ We Do NOT:
          ❌ Sell your data to advertisers or third parties
❌ Share your browsing history with anyone
❌ Use your data for advertising purposes
❌ Track you across other websites outside the extension

        

Third-Party Services We Use:

Supabase (Database & Authentication): Stores your account data and synchronized settings. Supabase Privacy Policy
Cloudflare Pages (Web Hosting): Hosts our web app. Cloudflare Privacy Policy

6. Data Retention

Local Data: Stored on your device until you uninstall the extension or clear browser data
Cloud Data: Retained as long as your account is active
Daily Statistics: Aggregated daily and stored for up to 90 days
Account Deletion: If you delete your account, all associated data is permanently deleted within 30 days

7. Your Rights & Controls

You Have the Right To:

Access Your Data: View all data we store about you through the web app dashboard
Export Your Data: Download your blocklist and statistics at any time
Delete Your Data: Delete your account and all associated data permanently
Opt-Out of Sync: Use the extension completely offline without syncing to our servers
Disable Tracking: Turn off website time tracking at any time

How to Exercise Your Rights:

Go to beautiful-pomodoro.pages.dev
Navigate to Settings → Privacy
Choose "Delete Account" or "Export Data"

8. Security Measures

We take security seriously and implement multiple layers of protection:

Encryption: All data transmitted between extension and server uses HTTPS/TLS encryption
Authentication: Secure JWT tokens with expiration
Access Control: Only you can access your data (no admin access without consent)
Local Storage: Most sensitive data stays on your device
No Tracking Scripts: We don't use Google Analytics or similar tracking tools

9. Permissions Explained

MonoMind requests the following Chrome permissions:

"tabs": To detect which websites you visit and apply blocking rules
"storage": To save your blocklist and settings locally
"alarms": To periodically sync data with the server (every 5 minutes)
"webNavigation": To intercept navigation events and block websites in real-time
"activeTab": To check the current tab's URL when you open the popup
"identity": For authentication flow (currently unused, reserved for future OAuth)
"Access to all websites": Required to check if any website should be blocked (we don't read page content)

10. Children's Privacy

MonoMind is not intended for children under 13 years of age. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us to have it removed.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will:

Update the "Last Updated" date at the top
Notify you through the extension popup
Post the new policy at this URL

Continued use of MonoMind after changes means you accept the updated policy.

12. Legal Basis (GDPR)

For users in the European Union, we process your data based on:

Consent: You explicitly agree to our data collection when installing the extension
Legitimate Interest: To provide core functionality (website blocking and productivity tracking)
Contract: To fulfill our service agreement with you

🔒 Privacy Policy