Privacy Policy — NeuroFilterAI (Distraction Free YouTube)

✓ Plain-language summary: NeuroFilterAI's AI model runs 100% inside your browser. It reads YouTube video titles to score relevance — this data never leaves your device. The only personal information we ever receive is your email address when you choose to create an account. We do not sell any user data.

1. Introduction

This Privacy Policy describes how NeuroFilterAI ("we", "us", or "the Extension") collects, handles, stores, and shares information when you install and use our Chrome browser extension. We are committed to full transparency about our data practices.

By installing or using NeuroFilterAI, you agree to the practices described in this policy. If you do not agree, please uninstall the extension from your browser.

This policy applies to all versions of the extension published on the Chrome Web Store under the item ID bmnpefkddaaeolemegkbfhemgemmjfdk.

2. What Data We Collect

We separate data into two categories: data that stays entirely on your device, and data that is transmitted to our servers when you take specific actions.

2.1 — Data That Stays on Your Device Never Transmitted

Data	Purpose	Where Stored
Your focus topics (interests)	Used by the on-device AI to score each YouTube video's relevance to your goals	`chrome.storage.sync` & `chrome.storage.local`
Your disinterest topics	Used by the AI to deprioritize certain content categories	`chrome.storage.sync`
AI relevance scores	Computed in-memory by the local ML model to decide what to show/hide on YouTube	In-memory only; never persisted
Focus Mode settings	Your preferences: which YouTube UI elements to hide (Shorts, comments, sidebar, autoplay, etc.)	`chrome.storage.sync`
Theme preference	Light or dark mode setting	`chrome.storage.sync`
Extension on/off state	Whether the extension is currently active	`chrome.storage.local`
Review prompt state	Whether you have been shown or dismissed the review request dialog	`chrome.storage.local`
AI model (WASM binary)	The machine learning model (`all-MiniLM-L6-v2`) that performs local inference	Bundled inside the extension package

The AI model reads YouTube video titles and descriptions directly from the page's DOM to compute relevance scores. This content is processed entirely inside your browser and is never transmitted to any server.

2.2 — Data Transmitted to Our Servers Only on Explicit Action

Data	When Sent	Purpose	Recipient
Email address	When you create an account or sign in with email/password	Account creation and authentication	Supabase
Google profile (email + name)	When you tap "Continue with Google"	OAuth 2.0 sign-in	Google, then Supabase
Password (hashed)	On account creation with email/password sign-up	Secure authentication — stored as bcrypt hash, never plaintext	Supabase
Focus topics	When you are signed in and save your interests	Sync your filter profile across your Chrome devices	Supabase
Payment & billing details	When you subscribe to Pro	Process your subscription payment securely	Dodo Payments
License key	When you redeem a Pro license code	Validate and activate your license	Supabase Edge Function
Referral code	When you enter one during sign-up	Apply referral credits to both accounts	Supabase
Student email	When applying for student pricing	Verify eligibility for discounted plan	Supabase

3. Personally Identifiable Information

Personally identifiable information (PII) refers to data that can be used to identify you as an individual — such as your name, email address, or profile details.

3.1 — What PII We Collect

We collect the following personally identifiable information only when you voluntarily create an account:

Email address — collected when you register or sign in
Google profile name and email — received from Google OAuth when you use "Continue with Google"

We do not collect your postal address, phone number, date of birth, government ID, or any other form of personally identifiable information. Core filtering features work without any account or PII.

3.2 — How PII Is Used

To authenticate you and give you access to your account
To send account-related emails (password reset, subscription receipts)
To sync your AI filter profile across your Chrome browsers when signed in
To verify student eligibility when applying for a discounted plan

3.3 — How PII Is Stored

Your email address and account details are stored in Supabase (a hosted PostgreSQL database). Supabase uses TLS/SSL for data in transit and AES-256 encryption for data at rest. Row-level security policies ensure you can only access your own data.

3.4 — How PII Is Shared

We share PII only as follows:

Supabase — to store and authenticate your account. See supabase.com/privacy
Google — your Google email and name are received from Google's OAuth servers when you choose "Continue with Google". See policies.google.com/privacy
Dodo Payments — your email is shared with Dodo to process your subscription. See dodopayments.com/privacy

We do not sell, rent, or trade your personally identifiable information to any third party for advertising or any other purpose.

4. Authentication Information

Authentication information refers to credentials used to verify your identity — such as passwords, tokens, or login keys.

4.1 — What Authentication Information We Collect

Password (email/password sign-up) — you provide this when creating an account with email and password. We never store your password in plaintext. It is immediately hashed using bcrypt before storage.
Google OAuth access token — generated by Google when you use "Continue with Google". This token is used to create a session in Supabase and is not stored beyond the session lifecycle.
Supabase session token — a short-lived JWT issued by Supabase after successful login, stored in chrome.storage.local to keep you signed in across browser sessions. This token expires automatically.

4.2 — How Authentication Information Is Handled

Authentication credentials are used solely to sign you into your NeuroFilterAI account. We use Chrome's built-in chrome.identity.launchWebAuthFlow API for Google OAuth — your Google password is never seen or stored by us. Session tokens are rehydrated on each service worker wake cycle and are rotated automatically by Supabase.

4.3 — How Authentication Information Is Stored

Hashed passwords are stored in Supabase's encrypted PostgreSQL database
Session tokens (JWTs) are stored in chrome.storage.local — sandboxed to the extension only
We do not store any authentication credentials in cookies or web storage accessible to websites

4.4 — How Authentication Information Is Shared

Authentication data is shared only with Supabase for identity verification and session management. It is never shared with third parties for any other purpose.

5. Financial and Payment Information

Financial and payment information refers to data associated with processing subscription payments — such as credit card numbers, billing details, or transaction records.

5.1 — What Payment Information We Collect

When you subscribe to NeuroFilterAI Pro, you are redirected to Dodo Payments, our third-party payment processor. We do not directly collect, see, or store your credit card number, CVV, expiry date, or bank details. These are entered directly on Dodo Payments' secure, PCI-DSS-compliant checkout page.

We receive and store only:

Your subscription status (Free / Pro / Student)
Your subscription expiry date
A non-sensitive transaction reference ID from Dodo Payments

5.2 — How Payment Information Is Handled and Stored

Subscription status and expiry dates are stored in Supabase and are used only to determine which features you have access to. Payment records are retained by Dodo Payments according to their privacy policy and applicable financial regulations (typically 7 years).

5.3 — How Payment Information Is Shared

Your email address is shared with Dodo Payments to process your subscription and send payment receipts. No other payment data is shared with any third party. See Dodo Payments' Privacy Policy.

6. Data We Do NOT Collect

    The following data categories are explicitly never collected, transmitted, or stored by NeuroFilterAI:
  

Web browsing history — We do not access or collect any browsing history outside of youtube.com
YouTube watch history — We do not track which videos you watch or for how long
YouTube video content — Video titles/descriptions are read from the page DOM for local AI scoring only; this data never leaves your browser
Health information — We collect no health-related data of any kind
Location data — We do not access GPS, IP-based location, or any location signals
User activity / keystrokes — We do not monitor mouse clicks, keystrokes, scrolls, or any user behavior on any website
Website content — We do not collect or transmit the content of any web pages you visit (including YouTube)
Personal communications — We do not access emails, messages, or any personal communications
Cookies or tracking identifiers — We do not use advertising cookies, pixel trackers, fingerprinting, or any tracking technology
Demographic information — We do not collect your age, gender, race, nationality, or any demographic profile data

7. How We Use Your Data

Data collected by NeuroFilterAI is used exclusively for the following purposes, all of which are directly related to the extension's single purpose of providing a distraction-free YouTube experience:

Purpose	Data Used
On-device AI content filtering	Your focus topics (stored locally) are processed by the on-device ML model to score and filter YouTube videos
Account authentication	Email address, hashed password, or Google OAuth token — to sign you into your account
Cross-device settings sync	Focus topics synced to Supabase when signed in, so your filter profile is consistent across Chrome browsers
Subscription management	Subscription status stored in Supabase to unlock Pro features; email shared with Dodo Payments to process billing
Account communications	Email used to send password reset links and subscription receipts — no marketing emails without consent
License validation	License key checked against Supabase Edge Function to activate Pro access

We do not use your data for advertising, profiling, or any purpose unrelated to the extension's core function.

8. How We Share Your Data

We do not sell, rent, or trade your personal data. We share data only with the following service providers, strictly for the purposes described above:

Third Party	Role	Data Shared	Their Privacy Policy
Supabase	Authentication, database storage, and serverless functions	Email, hashed password, focus topics (when signed in), subscription status, license keys	supabase.com/privacy
Google (OAuth)	Identity provider for "Continue with Google"	OAuth token exchange; we receive your email and display name from Google	policies.google.com/privacy
Dodo Payments	Payment processor for Pro subscriptions	Email address; payment card details are entered directly on Dodo's servers — we never see them	dodopayments.com/privacy

We may disclose personal data if required by applicable law, court order, or government authority. We will notify you to the extent permitted by law.

9. Data Storage and Security

9.1 — Local Storage (On Your Device)

All extension settings, filter preferences, and AI model data are stored using Chrome's built-in chrome.storage APIs. This data is sandboxed to the extension process and cannot be accessed by websites, other extensions, or third parties. Data in chrome.storage.sync is encrypted and synced by Google's own Chrome Sync infrastructure.

9.2 — Server Storage (Supabase)

Account data is stored on Supabase, which provides:

TLS/SSL encryption for all data transmitted over the network
AES-256 encryption for all data at rest
Row-level security (RLS) ensuring each user can only read their own data
SOC 2 Type II compliance
Data centers located in the United States

9.3 — Payment Data Security

All payment card information is handled exclusively by Dodo Payments on their PCI-DSS Level 1 compliant infrastructure. We never store, transmit, or have access to your raw payment card details.

10. Limited Use Disclosure

NeuroFilterAI's use and transfer of information received from Google APIs — including Google OAuth and YouTube page data — complies with the Chrome Web Store User Data Policy, including its Limited Use requirements.

Specifically: YouTube video titles and descriptions are read from the page DOM solely for the purpose of local, on-device AI relevance scoring. This data is never transferred, stored on a server, sold, or shared with any third party for any purpose.

11. Chrome Permissions Explained

Permission	Why It Is Required
`storage`	To save your focus topics, Focus Mode settings, theme, and extension state locally in `chrome.storage.sync` and `chrome.storage.local`.
`offscreen`	To run the WASM AI inference model in an offscreen document so it does not block YouTube page performance.
`identity`	To enable "Continue with Google" sign-in via Chrome's built-in `chrome.identity.launchWebAuthFlow` API. Your Google password is never accessed by us.
`://.youtube.com/*`	To inject the content script that reads video metadata (for AI scoring) and modifies the YouTube UI (for Focus Mode: hiding Shorts, comments, sidebar, etc.).
`://.supabase.co/*`	To communicate with our Supabase backend for account authentication, interest profile sync, and subscription/license management.

12. Data Retention

Local extension data: Retained on your device until you uninstall the extension or clear the extension's storage from Chrome settings.
Account data (Supabase): Retained while your account is active. You may request deletion at any time by emailing us — we will delete your account and all associated data within 30 days.
Payment records (Dodo Payments): Retained by Dodo Payments per their policy and applicable financial regulations (typically 7 years).

13. Your Rights

You have the following rights regarding your personal data. To exercise any of these, email us at piyushpal2828@gmail.com:

Right of access — request a copy of all personal data we hold about you
Right to correction — request that inaccurate data be corrected
Right to deletion — request deletion of your account and all associated personal data
Right to data portability — request your data in a machine-readable format
Right to withdraw consent — uninstall the extension at any time; signing out revokes server-side access immediately
Right to object — object to specific processing activities

14. Children's Privacy

NeuroFilterAI is not directed at children under 13. We do not knowingly collect personal information from children under 13. If we learn that we have done so, we will delete that data promptly. If you believe a child has provided us with personal information, contact us immediately.

15. International Data Transfers

Our servers (Supabase) are located in the United States. If you are accessing the extension from outside the US — including from India, Europe, or other regions — your account data is transferred to and processed in the United States. These transfers are protected by Supabase's data processing agreements, TLS encryption in transit, and AES-256 encryption at rest.

16. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of the extension after any changes constitutes your acceptance of the updated policy.

17. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your rights, or want to report a privacy concern, please contact:

Email	piyushpal2828@gmail.com
Product	NeuroFilterAI — Distraction Free YouTube
Chrome Web Store	`bmnpefkddaaeolemegkbfhemgemmjfdk`
Response time	We aim to respond to all privacy requests within 48 hours