Privacy Policy

Introduction

This Privacy Policy explains how GPT2Notes ("we," "our," or "the extension") handles your data when you use our browser extension to export ChatGPT conversations.

By using GPT2Notes, you agree to the practices described in this policy.

What data we collect

We do NOT collect:

• Your ChatGPT conversations: All processing—including batch export and auto sync queues—happens locally in your browser. Your chat content never touches our servers.
• Notion page content: OAuth 2.0 is used to send conversations directly from your browser to your own Notion workspace.
• Usage analytics: We don't track which conversations you export, how often you use the extension, or what formats you choose.

Account data (Premium features only):

• Email address & hashed password: Required to create a GPT2Notes account via Supabase authentication.
• Profile metadata: Optional display name or avatar URL you choose to add.
• Subscription status: Plan type, renewal date, and payment state so we know whether to unlock Premium functionality.

Billing data:

• Payment method details: Collected and stored by Creem, our PCI-compliant payment processor. We never see or store your full card number.
• Transaction logs: We keep lightweight records (plan selected, amount, timestamp) for accounting and support.

Diagnostic data (optional/minimal):

• Error logs: Anonymous crash or error reports to help us troubleshoot issues. These never include raw conversation text.
• Extension version & platform: Used to ensure compatibility with browser updates.

We are committed to collecting the absolute minimum data necessary to provide and improve the service.

How we use data

We only use the data we collect to operate and improve GPT2Notes. Specifically:

• Provide the service: Authenticate your account, unlock Premium features, and process subscription renewals.
• Process payments: Share necessary billing details with Creem to complete transactions.
• Respond to support: Use your email and subscription info to troubleshoot issues you report.
• Improve quality: Analyze anonymous error logs to fix bugs and ensure compatibility with browser updates.

We do not sell, rent, or share any data with third parties for advertising or marketing purposes.

Where your data is stored

Local storage (your browser)

GPT2Notes stores the following data locally in your browser using Chrome's storage API:

• OAuth tokens: Access tokens from Notion OAuth (if you've connected Notion)
• GPT2Notes auth session: Encrypted Supabase access/refresh tokens for your GPT2Notes account
• Extension settings: Your preferences for default export format, auto sync settings, selected database, etc.

This data stays on your device and is never transmitted to our servers.

Supabase (accounts & subscriptions)

When you create a GPT2Notes account or subscribe to Premium, we store your email address, hashed password, subscription metadata, and support activity in Supabase (a secure, SOC 2–compliant backend service). This data is used solely to authenticate you and manage your subscription.

Payment processor (Creem)

Payment information is handled by Creem, our PCI-compliant processor. Creem stores your card details and processes charges on our behalf. We receive only limited information (last4, expiration month/year, payment status). Review Creem's Privacy Policy for details.

Notion (when you sync)

When you export a conversation to Notion, GPT2Notes sends the conversation data directly from your browser to Notion's servers using OAuth tokens. We act as a pass-through—your data goes from your browser to Notion, not through our infrastructure.

Notion's handling of your data is governed by Notion's Privacy Policy.

Local downloads

When you download conversations as Markdown, HTML, JSON, or plain text, the files are saved directly to your device. GPT2Notes does not retain copies.

Third-party services

GPT2Notes interacts with the following third-party services:

• OpenAI/ChatGPT: The extension reads conversation content from chat.openai.com/chatgpt.com to perform exports and auto sync checks. This requires host permissions.
• Notion API: If you choose to sync to Notion (manually, in batch, or via auto sync), the extension sends data directly to Notion using your OAuth credentials.
• Supabase: Handles authentication, account data, and subscription status for Premium features.
• Creem: Processes subscription payments and securely stores payment methods.
• Netlify: Hosts our marketing website (no conversation data is stored there).

Each provider has its own privacy policy. We encourage you to review OpenAI, Notion, Supabase, Creem, and Netlify policies to understand how they handle your information.

Premium accounts & subscriptions

Creating a GPT2Notes account is optional. If you choose to upgrade to Premium, we require:

• Email + password: Stored securely in Supabase so you can sign in across browsers.
• Subscription info: Plan type, renewal dates, and invoices so we can provide Premium access and receipts.
• Payment confirmation: A reference to your Creem customer ID; card data stays with Creem.

You can cancel Premium anytime from the in-app Account screen or by contacting support. To delete your GPT2Notes account entirely, email gpt2notes@wanderingtunes.net. We'll remove your Supabase account and subscription metadata within 30 days, except where retention is required for legal or accounting reasons.

Canceling Premium does not affect any conversations already exported to Notion or downloaded to your device.

Your rights and choices

Access and deletion

For extension-only users, all information lives locally. To delete it:

1. Open your browser's extension settings
2. Remove GPT2Notes (this clears local storage, auth tokens, and preferences)
3. Optional: revoke GPT2Notes access in Notion's Settings → Connections

For Premium users, you may request a copy or deletion of the account data stored in Supabase (email, subscription history). Email gpt2notes@wanderingtunes.net and we will respond within 30 days. Payment records may be retained for tax and accounting compliance.

Data subject requests

Residents of the EU/EEA, UK, or California can exercise rights under GDPR/CCPA by contacting us. We will confirm your identity, explain what limited data we hold, and honor valid requests unless a legal obligation prevents deletion.

Security

We take security seriously:

• No server-side storage of chats: Your conversations never leave your browser, eliminating the risk of server breaches.
• Encrypted connections: When syncing to Notion or authenticating with GPT2Notes, all traffic goes over HTTPS.
• Supabase security: Account data is stored in Supabase with row-level security and industry-standard encryption.
• PCI-compliant billing: Creem handles payment data and undergoes regular security assessments.
• No tracking scripts: The extension does not include analytics, ads, or third-party tracking code.

While we implement reasonable security measures, no method of electronic storage is 100% secure. Use strong, unique passwords for your Notion account and review authorized apps regularly.

Children's privacy

GPT2Notes is not intended for use by anyone under the age of 13. We do not knowingly collect data from children. If you believe a child has used our extension, please contact us at gpt2notes@wanderingtunes.net.

Changes to this policy

We may update this Privacy Policy from time to time. If we make significant changes, we'll notify you via the extension or on our website. The "Last updated" date at the top of this page indicates when the policy was last revised.

Continued use of GPT2Notes after changes constitutes acceptance of the updated policy.

Contact us

If you have questions or concerns about this Privacy Policy or how GPT2Notes handles data, please contact us:

Email: gpt2notes@wanderingtunes.net