Privacy Policy for VimoAI Chrome Extension

Last Updated: 12.07.2025

1. Introduction & Scope

This Privacy Policy ("Policy") governs the collection, use, processing, and protection of personal information by VimoAI Chrome Extension ("VimoAI", "we", "our", or "us"), a productivity enhancement browser extension. This Policy applies to all users of the VimoAI Chrome Extension worldwide.

By installing, accessing, or using VimoAI, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with any part of this Policy, please do not install or use the extension.

Age Restriction: VimoAI is intended for users aged 13 and above. If you are under 13, please do not use our extension or provide any personal information.

2. Information We Collect

We collect information that is necessary for the core functionality of VimoAI. Our data collection is minimal and focused solely on providing you with productivity tracking and note-taking capabilities.

2.1 Account Registration Data

Username: A unique identifier for your account (required for authentication)
Email Address: Used for account verification, password recovery, and important service communications
Password: Stored using industry-standard hashing algorithms (SHA-256 or bcrypt) - never stored in plain text

2.2 Productivity & Usage Data

Focus Sessions: Duration of focus periods in seconds for productivity tracking
Break Sessions: Duration of break periods in seconds for healthy work-life balance
Session Count: Total number of completed Pomodoro sessions for progress tracking
User Balance: Points earned through the gamified productivity system
Session Timestamps: When productivity sessions were started and completed

2.3 User-Generated Content

Note Titles: Text titles for your notes (maximum 200 characters)
Note Content: Full text content of your notes (unlimited length)
Customization Preferences: Color schemes for notes (indexed 0-5) and other personalization settings

2.4 Technical & Security Data

Authentication Tokens: JWT tokens for secure session management
Unique Identifiers: User IDs and record IDs for data organization
Timestamps: Creation and modification dates for all user actions
Error Logs: Technical error information for debugging (no personal data included)

Information We Do NOT Collect

Geolocation data or IP addresses
Browser cookies for tracking purposes
Browsing history or visited websites
Device information (hardware, OS details)
Financial or payment information
Social media profiles or contacts
Any personal data not explicitly mentioned above

3. Legal Basis for Processing

We process your personal information based on the following legal grounds:

Consent: You have given explicit consent for specific processing activities
Contract Performance: Processing is necessary to provide the extension services you've requested
Legitimate Interests: For service improvement, security, and technical support

4. How We Use Your Information

4.1 Core Service Provision

Authenticate and maintain secure user accounts
Track and visualize your productivity metrics and progress
Store, organize, and retrieve your notes and content
Personalize your experience with custom themes and preferences
Synchronize data across multiple devices (if applicable)

4.2 Technical Operations & Security

Maintain secure user sessions using JWT token authentication
Prevent unauthorized access and protect against security threats
Troubleshoot technical issues and provide customer support
Analyze usage patterns to improve extension performance and features

4.3 Communication

Send important service updates and security notifications
Respond to user inquiries and support requests
Notify users of significant changes to this Privacy Policy

5. Data Storage, Security & Retention

5.1 Storage Infrastructure

Local Storage: All user data is stored locally in encrypted SQLite databases on your device
Data Residency: Your data remains on your device unless you explicitly enable synchronization features
Backup: Users are responsible for backing up their local data

5.2 Security Measures

            Encryption: Passwords are hashed using bcrypt with salt rounds
Token Security: JWT tokens with short lifespans (5 hours for access tokens, 7 days for refresh tokens)
Token Blacklisting: Revoked tokens are maintained in a secure blacklist system
Access Controls: No third-party access to your personal data
Secure Transmission: All API communications use HTTPS encryption
Data Minimization: We collect only data necessary for functionality

        

5.3 Data Retention

Active Accounts: Data is retained as long as your account remains active
Individual Deletion: You may delete specific notes or sessions at any time
Account Deletion: Complete account deletion permanently removes all associated data within 30 days
Automatic Cleanup: Expired tokens and temporary data are automatically purged

6. API Endpoints & Data Processing

Our extension communicates with the following secure API endpoints. All communications are encrypted and authenticated:

/api/register/ - Secure account creation with email verification
/api/login/ - Authentication with rate limiting and security monitoring
/api/vimo/create/ - Productivity session tracking and statistics
/api/notes/ - Note management (create, read, update, delete)
/api/delete-account/ - Complete account and data removal

7. Third-Party Services

VimoAI operates independently and does not integrate with third-party services for data collection or processing. We do not share your personal information with external parties, advertisers, or data brokers.

8. Your Privacy Rights

You have comprehensive rights regarding your personal data:

Right to Access: Request a copy of all personal data we hold about you
Right to Rectification: Request correction of inaccurate or incomplete data
Right to Erasure: Request deletion of your account and all associated data
Right to Data Portability: Request your data in a structured, machine-readable format
Right to Withdraw Consent: Revoke consent at any time by uninstalling the extension
Right to Lodge Complaints: Contact data protection authorities if you believe your rights have been violated

9. International Users & Data Transfers

Since VimoAI stores data locally on your device, international data transfers are minimal. Any API communications are secured with industry-standard encryption regardless of your location.

10. Changes to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or service features. Significant changes will be communicated through multiple channels:

Updated Chrome Web Store extension description
In-extension notifications for active users
Email notifications to registered users (if applicable)
Version history updates on our website

Continued use of VimoAI after policy changes constitutes acceptance of the updated terms.

11. Contact Information & Support

For privacy-related inquiries, data requests, or concerns:

Email: splantflower@gmail.com
Website: https://privacy-policy-vimoai.vercel.app
Response Time: We aim to respond to all inquiries within 72 hours

When contacting us, please include "VimoAI Privacy" in your subject line and provide detailed information about your request.

12. Compliance & Legal Framework

Legal Compliance: This Privacy Policy is designed to comply with:

General Data Protection Regulation (GDPR) for EU users
California Consumer Privacy Act (CCPA) for California residents
Chrome Web Store Developer Policy requirements
General privacy best practices and industry standards

Important: This policy provides general privacy protection. For specific legal compliance in your jurisdiction, we recommend consulting with qualified legal professionals.

Effective Date: This Privacy Policy is effective as of 12.07.2025, and supersedes all previous versions.