← Back to Home
TL;DR: Duly Noted is privacy-first. Audio is deleted immediately after transcription. Only text is stored locally. We don't collect, sell, or share your data. Third-party integrations (GitHub, Notion) are optional and use secure OAuth authentication.
2. How We Use Your Information
2.1 Core Functionality
We use your data solely to provide the extension's core features:
- Voice transcription: Converting speech to text in real-time
- Draft storage: Saving notes locally for later use
- Integration dispatch: Sending notes to your chosen destinations (GitHub, Notion, etc.)
- History tracking: Displaying your recent notes and their destinations
2.2 Third-Party OAuth Access
When you connect third-party services via OAuth:
- We use OAuth 2.0 to securely authenticate with GitHub and Notion
- We request minimal permissions necessary for core functionality
- We send only the transcribed text you explicitly choose to send
- We do not store copies of data sent to third-party services
- OAuth tokens are stored in chrome.storage.local and never transmitted to our servers for storage
2.3 OAuth Token Exchange
During the OAuth sign-in process:
- Your authorization code is briefly processed by a stateless Cloudflare Worker to exchange it for an access token
- The Cloudflare Worker does not store any data - it only relays the token exchange and returns the result to your browser
- After the exchange, the access token is stored locally in your browser only
We NEVER:
- ❌ Store your data on our servers
- ❌ Share your data with advertisers or data brokers
- ❌ Use your data for machine learning or AI training
- ❌ Sell or monetize your information
3. Data Storage and Security
3.1 Local Storage
All data is stored locally on your device:
- Storage location: Chrome's chrome.storage.local API
- Isolation: Data is stored in Chrome's sandboxed extension storage, accessible only to Duly Noted
- Access: Only the Duly Noted extension can access this data
- Persistence: Data persists until you delete it or uninstall the extension
3.2 Data Deletion
You can delete your data at any time:
- Individual notes: Delete from the History screen
- All drafts: Clear all drafts from Settings
- Settings: Reset to defaults from Settings
- Complete removal: Uninstalling the extension deletes all local data
3.3 Security Measures
- No network transmission of voice data or drafts (except to your chosen third-party destinations)
- Secure token storage: OAuth tokens stored in Chrome's sandboxed chrome.storage.local, isolated from other extensions and websites
- OAuth 2.0 authentication: Industry-standard secure authentication flow
- Stateless token exchange: OAuth authorization codes are exchanged via a Cloudflare Worker that does not log or store any data
- Minimal permissions: Extension requests only necessary Chrome permissions (storage, sidePanel, identity)
- Open source: Code is publicly auditable on GitHub
4. Third-Party Services
4.1 Optional Integrations
Duly Noted integrates with third-party services at your discretion:
- GitHub (Issues & Projects): OAuth 2.0 authentication with minimal required permissions
- Notion (Databases & Pages): OAuth 2.0 authentication with workspace access
Permissions Requested:
- GitHub: Read/write access to issues and projects in repositories you select
- Notion: Read/write access to databases and pages you grant access to
4.2 Third-Party Privacy Policies
When you use these integrations, their respective privacy policies apply:
Note: Duly Noted does not share any data with these services except the notes you explicitly choose to send.
4.3 Data Sharing
When you send a note to a third-party service:
- We transmit only the text content you explicitly choose to send
- We use OAuth tokens you authorized for authentication
- We do not share any other data (metadata, drafts, settings, etc.)
- We do not track what you send or where you send it
- API calls are made directly from your browser to the third-party service. OAuth token exchange uses a stateless Cloudflare Worker that processes authorization codes but does not store any data
5. Your Rights and Choices
5.1 Data Access
You have full access to all data stored by Duly Noted:
- View all notes in the History screen
- Access settings and API keys in the Settings screen
- Inspect chrome.storage.local via Chrome DevTools
5.2 Data Deletion
You can delete your data at any time:
- Individual notes: Click delete icon in History
- All data: Settings → Reset to Defaults
- Complete removal: Uninstall the extension
5.3 Data Portability
Your data is yours:
- Export individual notes by copying the text
- Access raw data via Chrome DevTools (chrome.storage.local)
- Backup your notes by exporting to your preferred destination
5.4 Opt-Out of Features
- You can choose not to use third-party integrations
- You can save notes as local drafts only
- You can revoke OAuth access at any time by signing out in Settings
- You can revoke OAuth app permissions directly in GitHub/Notion account settings
6. Children's Privacy
Duly Noted is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us, and we will delete such information.
7. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last Updated" date. We encourage you to review this Privacy Policy periodically.
For significant changes, we will notify users via:
- In-extension notification banner
- Update notes in the Chrome Web Store
- GitHub repository changelog
Summary: Duly Noted is built with privacy as a core principle. We don't collect, store, or share your data. Everything stays on your device. You have full control over your data at all times.