Privacy Policy for OK Noted
Introduction
Your privacy is our priority. OK Noted is a Chrome extension that helps you take timestamped notes while watching YouTube videos, with automatic synchronization to your Google Drive. This privacy policy explains exactly what data we access, how we use it, and how we protect your information.
Core Privacy Principles
- Your notes belong to you - All content is stored directly in YOUR Google Drive account
- We never see your notes - All processing happens locally in your browser
- No external servers - We don't maintain servers that store your content
- No tracking or analytics - We don't monitor your browsing or viewing habits
- No data selling - We will never sell, trade, or rent your personal information
Data We Collect
User-Provided Information
When you use OK Noted, you provide:
- Notes content (text you type in the editor)
- YouTube video URLs and titles
- Timestamps marking moments in videos
- Optional screenshots from videos
- Formatting preferences (bold, italic, lists, etc.)
Automatically Collected Information
To provide our service, we automatically collect:
- Video metadata (YouTube video titles, URLs, playback timestamps)
- Basic Google profile information (email address, name)
- Local browser authentication tokens (stored in Chrome, never on our servers)
Information We Do NOT Collect
- Browsing history beyond YouTube pages where extension is active
- Video viewing habits or watch history
- Personal Google account data beyond basic profile info
- Analytics or usage statistics
- Advertising or tracking data
- Any data from Google services other than Drive and Docs
Google User Data We Access
When you authorize OK Noted, we access specific Google user data to provide note-taking functionality:
From Google Docs API (documents scope):
- Document content - Text, formatting, and structure of notes we create
- Document metadata - Title, creation date, modification date of our documents
- Rich text formatting - Bold, italic, underline, font styles you apply
- List structures - Numbered lists, bulleted lists, and their nesting
- Embedded images - Screenshots you capture and insert
- Document body structure - Paragraph elements, text runs, inline objects
From Google Drive API (drive.file scope):
- File metadata - File ID, name, location for documents we create
- Folder information - YouTube Notes folder and Screenshots subfolder we create
- Screenshot files - Image files we upload to your Drive
- File permissions - Ownership and access settings for our created files
From Google User Info API:
- Email address - To verify you own the documents we create
- Display name - For document creator attribution
What We DO NOT Access:
- Your existing Google Docs or Drive files
- Documents created by other applications
- Files outside the "YouTube Notes" folder we create
- Email content, Gmail data, or Google Calendar
- Photos, contacts, or other Google services
- Any personal documents, spreadsheets, or presentations you created
OAuth Permissions We Request
OK Noted requests two specific Google OAuth scopes. Here's exactly why we need each one:
1. Google Docs API Scope
Scope: https://www.googleapis.com/auth/documents
Google's Description: "See, edit, create, and delete your Google Docs documents"
Why We Need This:
A. Structured Content Reading (technical requirement, not preference)
- What we do: Read document body, lists, formatting, and embedded objects using Docs API
- Why Drive API fails: Drive API export returns simplified HTML that loses list structure, table formatting, and image metadata
- Impact if unavailable: Your formatting (bold, lists, tables) would be destroyed when reopening notes
B. Precise Text Insertion (technical requirement, not preference)
- What we do: Insert clickable timestamps at exact cursor positions using batchUpdate API
- Why Drive API fails: Drive API can only replace entire file content, cannot insert text at specific index
- Impact if unavailable: Core timestamping feature becomes impossible
C. Rich Formatting Preservation (technical requirement, not preference)
- What we do: Access Google Docs JSON schema (paragraphs, textRun, inlineObjects) for precise formatting
- Why Drive API fails: HTML export/import cycle degrades formatting quality for complex structures
- Impact if unavailable: Note-taking workflow breaks due to format loss
These are API-level technical limitations, not UI preferences or convenience features.
2. Google Drive API Scope
Scope: https://www.googleapis.com/auth/drive.file
Google's Description: "View and manage Google Drive files and folders that you have opened or created with this app"
Why We Need This:
- Creating note documents in your Google Drive
- Organizing notes in "YouTube Notes" folder
- Creating "Screenshots" subfolder for captured images
- Uploading screenshot images to your Drive
- Updating note content as you type (auto-save)
- Reading file metadata (titles, creation dates)
Important Security Feature: This scope restricts us to ONLY files our extension creates. We cannot access your existing Drive files.
How We Restrict Access to Your Files
This is the most important privacy protection in our extension.
Scope Combination for Security
Even though the documents scope appears to grant broad permissions, we use it ONLY in combination with the drive.file scope. This combination ensures:
- drive.file scope restricts us to ONLY files our extension creates in the "YouTube Notes" folder
- documents scope allows structured access to those specific files only
- Result: We have full editing capability ONLY on YouTube Notes, never on your existing documents
Technical Verification
How we ensure restricted access:
- All document IDs in our code come from our own file creation API calls
- We NEVER query for existing user documents using "list files" or "search files" APIs
- We NEVER attempt to access files outside the "YouTube Notes" folder
- All file operations use specific document IDs from documents we created
How you can verify:
- Visit Google Account → Security → Third-party apps with account access
- Click on "OK Noted" to see exactly which files we can access
- You'll see ONLY the YouTube Notes we created for you
- Revoke access anytime to immediately remove all permissions
What This Means for Your Privacy
Even though the Google Docs API permission appears broad in the OAuth consent screen, we are technically and programmatically restricted to accessing only the YouTube Notes documents we create for you.
We cannot and do not:
- See your existing Google Drive files
- Access documents in other folders
- Read your personal documents, spreadsheets, or presentations
- View files created by other applications
- Search through your Drive contents
How We Use Your Information
We use the data we collect solely to provide our note-taking service:
Core Functionality
- Creating notes: Generate Google Docs in your Drive for each YouTube video
- Organizing content: Maintain "YouTube Notes" folder structure
- Inserting timestamps: Add clickable links that jump to specific video moments
- Capturing screenshots: Save images from videos to your Drive and embed in notes
- Syncing edits: Auto-save your note changes to Google Drive
- Loading notes: Retrieve and display your existing notes when you return to videos
What We Do NOT Do
- Store your notes on external servers
- Analyze your note content for any purpose
- Use your data for advertising or marketing
- Share your data with third parties
- Track your browsing or viewing behavior
- Build user profiles or behavioral data
Data Storage and Security
Where Your Data Is Stored
- Notes and screenshots: Stored exclusively in YOUR Google Drive account
- Authentication tokens: Stored locally in Chrome browser storage (not on servers)
- Extension settings: Stored locally in Chrome sync storage
- Our servers: We have NO servers - all processing is client-side in your browser
How Long We Keep Your Data
- Forever (until you delete it): Your notes remain in your Google Drive indefinitely
- You control retention: Delete notes directly from Google Drive anytime
- Token expiration: Authentication tokens expire and refresh automatically per Google's security requirements
Security Measures
- HTTPS encryption: All communication with Google APIs uses secure HTTPS
- OAuth 2.0 authentication: Industry-standard secure authorization
- Client-side processing: All note processing happens in your browser, never on external servers
- No data transmission: Your note content never leaves your Google account
- Token security: Authentication tokens stored securely using Chrome's built-in storage APIs
User Rights and Controls
You maintain complete control over your data:
Access and Modify
- View all notes: Access via Google Drive → YouTube Notes folder
- Edit freely: Modify notes in Google Docs or our extension
- Export data: Download notes from Google Drive in any format (DOCX, PDF, HTML, etc.)
Delete Your Data
- Delete individual notes: Remove specific documents from Google Drive
- Delete all notes: Remove entire YouTube Notes folder from Drive
- No copies remain: We don't maintain backups - deletion is permanent
Revoke Permissions
- Immediate revocation: Visit myaccount.google.com/permissions
- Find OK Noted: Click "Remove Access"
- Effect: Extension immediately loses access to your Google account
- Your notes remain safe: Files stay in your Drive; only extension access is revoked
Data Portability
- Standard Google Docs format: Notes are standard Google Docs files
- No vendor lock-in: Works with any tool that reads Google Docs
- Easy export: Use Google Takeout or Drive export for backups
Data Sharing and Third Parties
We Do Not Sell or Share Your Data
We do not sell, trade, rent, or share your personal information with third parties for marketing purposes.
Third-Party Services We Use
Google (Google Drive API, Google Docs API):
- Purpose: Store and sync your notes in your Google account
- Data shared: Only the note content you create and authorize us to store
- Their privacy policy: https://policies.google.com/privacy
YouTube (Public API):
- Purpose: Extract video metadata (titles, URLs) from public YouTube pages
- Data shared: None - we only read publicly visible information
- No YouTube API authentication: We don't access private YouTube data
No Other Third Parties
- We do not use analytics services
- We do not use advertising networks
- We do not use tracking or monitoring tools
- We do not integrate with any other external services
Google API Services User Data Policy Compliance
OK Noted's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Our Commitments
- We only request the minimum scopes necessary for our core note-taking functionality
- We do not use Google user data for serving advertisements
- We do not allow humans to read user data except for specific user requests (e.g., support)
- We do not transfer Google user data to third parties (except as necessary to provide our service)
- We do not use or transfer Google user data for creditworthiness or lending purposes
- All use of Google user data is limited to practices disclosed in this privacy policy
Limited Use Compliance
Our use of Google user data is strictly limited to:
- Providing and improving our YouTube note-taking features
- Maintaining security and preventing abuse
- Complying with applicable laws and regulations
We do NOT use Google user data for any purpose beyond these explicitly stated functions.
Children's Privacy
OK Noted is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us immediately at oknotedextension@gmail.com.
Changes to This Privacy Policy
We may update this privacy policy periodically to reflect changes in our practices or legal requirements. When we make changes:
- We will update the "Last Updated" date at the top
- We will notify users through the extension interface for material changes
- Continued use of the extension after changes constitutes acceptance
International Data Transfers
Your data is stored in Google's cloud infrastructure, which may involve international data transfers. Google complies with applicable data protection laws including GDPR. For more information, see Google's privacy policy.
Your Privacy Rights
Depending on your location, you may have additional rights:
GDPR Rights (EU/EEA Users)
- Right to access your data
- Right to rectification (correction)
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object to processing
- Right to withdraw consent
CCPA Rights (California Users)
- Right to know what personal information is collected
- Right to know if personal information is sold or disclosed
- Right to say no to the sale of personal information
- Right to access your personal information
- Right to equal service and price
To exercise these rights: Contact us at oknotedextension@gmail.com
Contact Us
If you have questions, concerns, or requests regarding this privacy policy or our data practices:
- Email: oknotedextension@gmail.com
- Response Time: We aim to respond within 48-72 hours
- Privacy Concerns: Clearly mark subject line as "Privacy Inquiry"
For Google OAuth-related questions or to report security issues, please use the same email address.