Legal Effective July 8, 2026

Privacy Policy

Sidenote is a browser extension and web dashboard that lets teams pin structured feedback to elements on web pages. This policy explains what data Sidenote collects, why, where it lives, and the choices you have.

The short version: Sidenote only collects data when you deliberately create an annotation or use your account. We do not sell your data, we do not use it for advertising, and we collect nothing from pages you browse unless you actively annotate them.

Data we collect

Account information

When you sign up we collect your email address, which we use to authenticate you (via one-time email codes) and to associate your annotations with your account. You may optionally set a username and display name in your profile.

Annotation content you create

When you click an element and submit an annotation, the extension captures and stores:

  • Your written comment and any tags you select (severity, intent, or your organization’s custom tags).
  • The URL of the page you annotated and a normalized version of it used to display annotations on the right page.
  • Technical context about the clicked element: its CSS selector and XPath, element attributes (such as id, class, href, alt, and aria attributes), a short snippet of nearby visible text, computed styles, its position and size on the page, and your viewport dimensions. This context is what lets your teammates find the exact element you meant.
  • A screenshot of the visible browser tab, if screenshot capture is enabled (it can be turned off in the extension popup). Screenshots are only taken at the moment you create an annotation, never in the background.
  • If you choose the “verbose” capture level, basic device information: browser name and version, operating system, screen dimensions, language, and color-scheme preference. This helps teammates reproduce visual bugs.

Nothing on this list is collected passively. If you never create an annotation on a page, Sidenote stores nothing about that page.

Team and organization data

Organization names, project names and descriptions, member lists and roles, invite emails, and activity records (such as when an annotation’s status changes) are stored so your team can collaborate.

Local extension storage

The extension stores your session token, your selected organization and project, the on/off state of annotation mode, and cached tag settings in your browser’s local extension storage. This data stays on your device and is cleared when you sign out or remove the extension.

What we do not collect

  • We do not track your browsing history or the pages you visit.
  • We do not read or transmit page content unless you annotate that page, and then only the element context described above.
  • We do not collect keystrokes, form input, passwords, or payment details from pages you visit.
  • We do not use advertising or third-party analytics trackers in the extension.

How we use your data

Your data is used solely to provide the Service:

  • Displaying annotations to you and members of your organization, on the page and in the dashboard.
  • Syncing new annotations and status changes to your teammates in real time.
  • Authenticating your account and sending sign-in codes and organization invites by email.
  • Exporting an annotation to a third-party tool when you explicitly request it (see below).

We do not sell personal data, use it for advertising, use it to determine creditworthiness, or allow humans to read it except as needed for security, legal compliance, or support you have requested.

Chrome Web Store limited use

Sidenote’s use of information received from Google APIs and Chrome browser interfaces adheres to the Chrome Web Store User Data Policy, including its Limited Use requirements. Data collected by the extension is used only to provide and improve the user-facing annotation features described in this policy.

Where your data is stored

Annotations, screenshots, and account data are stored with Supabase, our hosting and database provider, in a managed Postgres database and file storage. Data is encrypted in transit (TLS) and at rest. Access is scoped by row-level security so that annotations are only visible to members of the organization they belong to. Screenshots are stored in a private bucket and are not publicly listable.

When we share data

Your data is shared in exactly three situations:

  • With your team. Annotations and activity are visible to members of the organization the project belongs to. That is the point of the product.
  • With integrations you connect. If an organization owner connects Linear and you export an annotation, its comment, page URL, element selector, and screenshot are sent to Linear to create an issue. This only happens when a user clicks the export action. Linear API keys are stored server-side and are never exposed to non-owner members.
  • With service providers and the law. We use Supabase to host the Service as described above, and we may disclose data if required by law.

Extension permissions

The Chrome extension requests the following permissions:

  • Access to all websites, so you can annotate any page you choose. The annotation UI only activates when you turn it on; the content script is otherwise idle.
  • activeTab / tabs, to capture the screenshot of the tab you are annotating and to communicate with the page when you toggle annotation mode.
  • storage, to keep you signed in and remember your selected project and settings on your device.
  • offscreen, to detect your light or dark theme preference so the toolbar icon matches. Nothing is collected.

Data retention and deletion

Annotations and screenshots are retained until they are deleted by a member of your organization or the organization itself is deleted. If you delete your account, your authentication data and profile are removed; annotations you contributed to a shared organization may be retained for your team with your authorship intact, consistent with how shared workspaces generally behave.

To request deletion of your account or any personal data, email us at the address below and we will action it within 30 days.

Your rights

Depending on where you live (including under GDPR and CCPA), you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. You can exercise these rights by emailing us. You will never be discriminated against for doing so.

Children

Sidenote is a professional tool and is not directed at children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect data from children.

Changes to this policy

If we make material changes to this policy we will update the effective date above and, where appropriate, notify you by email or in the dashboard. Continued use of the Service after changes take effect constitutes acceptance of the revised policy.

Contact

Questions, concerns, or data requests: me@ibawad.com