# ThreadFlip — Privacy Policy

**Effective Date:** March 20, 2026
**Last Updated:** March 20, 2026

ThreadFlip is a Chrome extension that repurposes selected text into social media content. This policy explains what data ThreadFlip accesses, how it is used, and where it is stored.

---

## Summary

- ThreadFlip only processes text **you explicitly select** on a webpage.
- Your OpenAI API key is **encrypted locally** and never sent to ThreadFlip servers.
- ThreadFlip does **not** collect analytics, telemetry, or personal data.
- ThreadFlip does **not** read or scrape full page content.
- All user data stays in your browser via Chrome's built-in storage APIs.

---

## 1. Data We Access

### Selected Text

When you right-click and choose "Repurpose with ThreadFlip" (or use the keyboard shortcut), the extension reads **only the text you have highlighted** via the browser's `window.getSelection()` API. ThreadFlip does not access any other page content, DOM elements, cookies, passwords, form inputs, or browsing history.

### Current Page URL and Title

The URL and page title of the tab where you made a selection are captured alongside the selected text. This is used solely to:

- **Auto-detect the source platform** (Twitter, Reddit, YouTube, or Blog) for appropriate text cleanup
- **Store metadata** alongside saved library entries so you can trace content back to its origin

### User-Configured Settings

You provide the following voluntarily in the settings page:

- Display name
- Content role (e.g. B2B Founder, Newsletter Writer)
- Voice adjectives and target audience description
- OpenAI API key (if using BYO mode)
- Pro license key (if applicable)

---

## 2. Data Storage

### Where Data Is Stored

All data is stored **locally in your browser** using Chrome's built-in storage APIs:

| Data | Storage Location | Scope |
|---|---|---|
| Settings (name, role, audience, etc.) | `chrome.storage.sync` | Synced across signed-in Chrome devices |
| OpenAI API key (encrypted) | `chrome.storage.sync` | Synced across signed-in Chrome devices |
| Content library (saved generations) | `chrome.storage.local` | Local to this device only |
| Generation usage counter | `chrome.storage.sync` | Synced across signed-in Chrome devices |

### API Key Encryption

If you use the Bring Your Own Key (BYO) option, your OpenAI API key is encrypted before storage using:

- **Algorithm:** AES-256-GCM via the Web Crypto API
- **Key derivation:** PBKDF2 with SHA-256, 100,000 iterations
- **Storage format:** Encrypted ciphertext + initialization vector (IV)

The plaintext key is never stored. It is decrypted in-memory only at the moment an API call is made, then discarded.

### Content Library

Generated outputs can optionally be saved to a local content library. Each entry stores:

- The generated text
- Source URL and page title
- First 100 characters of the source text
- Timestamp, format, and role used
- User-added tags

The library retains a maximum of 200 entries. Older entries are automatically removed when the limit is reached. You can delete individual entries or clear the entire library from the settings page.

---

## 3. Data We Send to Third Parties

### OpenAI API

When you click "Generate" or "Rewrite", the selected text (after cleanup) is sent to OpenAI's API (`api.openai.com`) along with a system prompt that includes your configured role, audience, and voice adjectives.

- **If using BYO key:** The request is made directly from your browser to OpenAI using your own API key. ThreadFlip has no visibility into these requests.
- **If using ThreadFlip credits:** The request is routed through a ThreadFlip API proxy. The proxy forwards the request to OpenAI and does not log or retain the content of any prompts or completions.

ThreadFlip does not send your data to any other third-party service.

### License Verification

If you enter a Pro license key, ThreadFlip sends only the license key string to a Cloudflare Worker endpoint (`threadflip-license.workers.dev`) to verify its validity. No personal data, selected text, or generated content is included in this request.

---

## 4. Data We Do NOT Collect

ThreadFlip does **not** collect, transmit, or store:

- Browsing history or visited URLs (beyond the URL of the page where you make a selection)
- Full page content or DOM
- Cookies, authentication tokens, or session data
- Form inputs, passwords, or autofill data
- Device identifiers, IP addresses, or hardware information
- Analytics, telemetry, crash reports, or usage metrics
- Personally identifiable information beyond what you voluntarily enter in settings

---

## 5. Permissions Explained

| Permission | Why It's Needed |
|---|---|
| `contextMenus` | Register the "Repurpose with ThreadFlip" right-click menu item |
| `sidePanel` | Open and manage the persistent side panel UI |
| `storage` | Store settings, encrypted API key, and content library locally |
| `activeTab` | Read the current tab's URL to detect the source platform |
| `scripting` | Inject a lightweight script to capture your text selection when the context menu is clicked |
| `<all_urls>` (host permission) | Allow the content script to run on any page so selection capture works universally |

The `<all_urls>` permission is required because users select text on arbitrary websites. The content script (`selector.js`) does only one thing: listen for text selections and forward them to the side panel. It does not read, modify, or exfiltrate any other page data.

---

## 6. Data Retention and Deletion

- **Settings:** Persist until you change them or uninstall the extension.
- **API key:** Persists (encrypted) until you clear it in settings or uninstall.
- **Content library:** Persists until you delete individual items, clear the library, or uninstall.
- **Uninstall:** Removing the extension from Chrome automatically deletes all `chrome.storage.local` data. `chrome.storage.sync` data is removed when you sign out of Chrome or manually clear extension data.

You can export your content library as CSV or Markdown at any time from the settings page before deleting.

---

## 7. Children's Privacy

ThreadFlip is not directed at children under 13. We do not knowingly collect data from children.

---

## 8. Changes to This Policy

If this privacy policy changes, the updated version will be published with a new "Last Updated" date. Continued use of the extension after changes constitutes acceptance.

---

## 9. Contact

For privacy questions or data deletion requests, contact:

**Email:** privacy@threadflip.app

---

*This privacy policy is provided in compliance with the Chrome Web Store Developer Program Policies and applicable data protection regulations.*