Privacy Policy

1. Overview

ScreenLeash (“we,” “our,” or “the service”) provides a Chrome extension and website that help you track screen time on chosen websites and enforce financial penalties when you breach limits you set. This privacy policy describes what data we collect, how we use and store it, and your rights. The Chrome Web Store requires a publicly accessible privacy policy for extensions that handle user data; this document fulfills that requirement.

2. Data We Collect

Account and authentication

When you sign up on the ScreenLeash website, we collect your email address and a password (stored in hashed form). This data is managed by Supabase Auth and is used solely to identify you and secure your account. We do not use your email for marketing unless you opt in separately.

Extension: goals and usage

The Chrome extension collects and syncs the following in order to provide the service:

• Goals you create: Website patterns (e.g. domain names or URLs), daily time limits or targets, penalty amounts, and related settings. These are stored on our servers and cached locally in the extension.
• Usage data: For each tab you have open, we record the URL and the time spent on that URL so we can attribute usage to the correct goal. We do not record page content, keystrokes, or form data. We only match URLs against the site patterns you configured.
• Breach events: When your usage exceeds a limit you set, we record the breach (goal, amount over, penalty) and may charge you via the payment method you authorized. Breach and payment records are stored on our servers.

The extension may store a local cache of your goals and session data in Chrome's storage APIs so it can work offline briefly and reduce repeated network calls. This data is tied to your account and is synced with our backend when online.

Payment and mandate data

To charge penalties when you breach, we use a payment provider (Razorpay). When you set up a mandate (e.g. UPI Autopay or card), you provide payment details directly to the provider. We store only the mandate identifier and status (e.g. active/cancelled) and a record of charges (amount, date, breach reference). We do not store your full card number or UPI PIN. Payment processing is subject to the provider's privacy policy (see Third parties below).

3. How We Use Your Data

We use the data described above only to:

• Authenticate you and keep your account secure.
• Sync your goals and usage between the extension and our servers.
• Calculate when you have breached a limit and apply the penalty rules you set.
• Charge penalties via the payment method you authorized (and, as stated elsewhere, donate 50% of penalty revenue as described on our About and Pricing pages).
• Show you your breach history, payment history, and mandate status in your account.

We do not sell your personal data. We do not use your data for advertising, profiling, or any purpose unrelated to providing and improving ScreenLeash.

4. Where Data Is Stored

Account, goals, usage aggregates, breaches, and payment records are stored in databases and backend services we use to run ScreenLeash:

• Supabase — authentication, user accounts, goals, breaches, mandates, and payment metadata. Data may be stored in regions chosen by Supabase (see their privacy policy).
• Vercel — hosting of the website and serverless API. Request logs and server-side processing may involve temporary handling of the data above.
• Razorpay — payment and mandate details you provide to them; we only store references and outcomes (e.g. payment id, amount, status).

The Chrome extension also uses Chrome's local storage (and similar APIs) on your device to cache goals and session data; this stays on your machine and is synced with our backend when the extension is used while online.

5. Third Parties

We rely on the following third-party services. Each has its own privacy policy governing how they process data:

• Supabase — authentication and database.
• Razorpay — payment processing and mandates.
• Vercel — hosting and serverless functions.

The extension only sends data to the ScreenLeash backend (and, when you complete mandate setup, to the payment provider's pages). We do not send your data to advertising networks, analytics providers, or other third parties for marketing.

6. Chrome Extension Permissions

The ScreenLeash Chrome extension requests certain permissions. We use them only as follows:

• activeTab / host access: To read the URL of the current tab so we can match it to your goals and attribute time to the correct site. We do not read page content or inject scripts for tracking beyond URL and time.
• storage: To cache your goals and session locally so the extension works with fewer requests and can show your status quickly.
• alarms: To run periodic checks (e.g. every few minutes) so we can compare usage to your limits and trigger breach handling when needed.
• idle: To detect when you are idle so we do not count that time toward your limits.

7. Data Retention and Deletion

We retain your account and associated data (goals, breaches, payment records) for as long as your account is active. If you wish to delete your account and associated data, contact us (see Contact below). We will process the request in a reasonable time, subject to any legal or operational requirements to retain certain records (e.g. for tax or dispute resolution). Data held by third parties (e.g. Razorpay) is subject to their retention policies.

8. Security

We use industry-standard practices to protect your data: HTTPS for all traffic, hashed passwords, and access to backend data restricted to what is necessary to operate the service. You are responsible for keeping your password and device secure. If you believe your account has been compromised, contact us and change your password immediately.

9. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, or delete your personal data, or to object to or restrict certain processing. To exercise these rights, contact us. If you are in the European Economic Area or the UK, you may also have the right to lodge a complaint with a supervisory authority.

10. Children

ScreenLeash is not intended for users under the age of 18. We do not knowingly collect personal data from children. If you believe we have collected data from a minor, please contact us so we can delete it.

11. Changes to This Policy

We may update this privacy policy from time to time. We will post the updated version on this page and update the “Last updated” date. Continued use of the service after changes constitutes acceptance of the revised policy. For material changes, we may provide additional notice (e.g. via email or a notice on the website).

12. Contact

For privacy-related questions, requests to delete your data, or concerns about this policy, contact us at: privacy@screenleash.com. You can also reach us via the contact or support channel listed on the ScreenLeash website or Chrome Web Store listing.