/ privacy
privacy policy
tl;dr — the whitelabel extension is local-first. your todos, notes, team, settings, captures, and assets stay in your browser. we run zero analytics on you. the only data ever sent off your device is (a) requests to the ai providers you configure with your own api key, (b) a coarse-location lookup so the weather widget works, and (c) standard search-autocomplete queries when you type in the new tab search bar. that's it.
/01 who we are
whitelabel.dev ("whitelabel", "we", "us") publishes the whitelabel browser extension and the whitelabel.dev website. this policy explains what data those products handle, and what data they don't.
if anything in this policy is unclear, email privacy@whitelabel.dev and we'll explain it in plain english.
/02 what stays on your device
the extension stores all of your workspace data in your browser's local extension storage (chrome.storage.local). that includes, but isn't limited to:
- todos, notes, and pinned content you create inside the new tab page
- team members you add (name, optional email, avatar color)
- workspaces, brand info, and settings (your organization name, logo, toggles)
- screen captures and recordings saved to your operating system's download folder
- downloaded assets from the asset library and downloader tools
- ai chat history for the in-extension assistant
- your ai api keys, stored locally only — never transmitted to us
this data never reaches a whitelabel server. uninstalling the extension or clearing its storage permanently deletes it.
/03 what's sent off your device
the extension makes outbound network requests in exactly four categories. each request goes directly from your browser to the third party listed — we are never in the middle.
| endpoint | purpose |
|---|---|
| api.anthropic.com api.openai.com |
only when you invoke the ai chat or designer with your own api key. your prompt and any images you attach are sent directly to the provider per their api. whitelabel does not proxy, cache, or log these requests. |
| ipapi.co api.bigdatacloud.net |
when the weather widget is enabled, the extension performs a one-time coarse geolocation lookup to fetch your city. no precise location is requested. you can disable the widget in settings to stop these requests entirely. |
| suggestqueries.google.com duckduckgo.com |
search autocomplete suggestions while you type in the new tab search bar. requests go to the engine you've selected. |
| (content scripts on visited pages) | focus mode, ad blocking, and the downloader / insights overlays run as content scripts on sites you visit. they read the page you're on locally — they do not transmit page contents to us or to third parties. |
/04 what we never do
- no analytics, no telemetry. we don't run google analytics, mixpanel, amplitude, posthog, sentry, or anything like them inside the extension.
- no ad networks. we don't serve ads. we don't share data with ad networks.
- no selling data. ever. we have nothing to sell.
- no fingerprinting. we don't read your canvas, webgl, or audio context to identify you.
- no cross-site tracking. the extension does not link your activity across sites for any whitelabel purpose.
- no account required. the extension works fully without an account.
/05 chrome extension permissions, explained
the extension requests a small set of permissions. each one is here because a specific feature needs it. nothing is requested "just in case."
| permission | why we ask |
|---|---|
| storage / unlimitedStorage | saves your workspace, todos, captures, and assets locally in the browser. |
| downloads | lets you save captures, recordings, and downloaded assets to your operating system's download folder. |
| tabCapture | powers in-browser screen and tab recording. recordings are saved locally — they're never uploaded. |
| activeTab / scripting | required for one-click actions you trigger on the page you're currently looking at (capture region, audit, save asset). |
| declarativeNetRequest | powers the optional ad & tracker blocker. rules are bundled with the extension; no remote rule fetch. |
| host permissions (<all_urls>) | required for the focus mode, asset downloader, and audit tools to run on the sites you choose. the extension only acts on pages where you trigger it or on the specific social sites listed in the manifest. |
/06 the whitelabel.dev website
the website itself does not set tracking cookies. we use google translate for on-page language switching, which loads from google's cdn — google's own privacy policy governs that interaction. if you contact us by email, we keep your message and reply for as long as is reasonable to provide a response or follow-up.
/07 children
the extension and the website are not directed at children under 13. we don't knowingly collect data from anyone under that age. if you believe a minor has provided us information, email privacy@whitelabel.dev and we'll handle it.
/08 your rights
because the extension keeps your data locally, you exercise most data rights directly:
- access — open the extension or your browser's dev tools and read every value yourself.
- delete — remove items inside the extension, clear extension storage, or uninstall to wipe everything.
- export — most workspace data can be exported from inside the extension. for anything that can't yet, email us and we'll help.
gdpr / ccpa / equivalent rights apply where law gives them. write to privacy@whitelabel.dev with the right you want to exercise and we'll respond within 30 days.
/09 changes
when this policy changes in a way that affects you, we'll bump the version number at the top and update the "effective" date. material changes are also called out in the extension's release notes. continued use after a change means you accept the new version.
/10 contact
email privacy@whitelabel.dev for anything privacy-related. for general questions, hi@whitelabel.dev works too.