Privacy Policy
Effective date: June 22, 2026 Last updated: June 22, 2026
This Privacy Policy describes how LassoSnap (“we”, “us”, or “our”) collects, uses, and protects information when you use the LassoSnap Chrome extension and the byzanx.com website (collectively, the “Service”).
We built LassoSnap with privacy as a core design principle. Most of your data never leaves your device. This document explains exactly what does leave, and why.
1. Summary
- Your saved content stays on your device by default. Snippets, notes, topics, and tags are stored in your browser’s local storage. We never see them.
- Backup is optional and goes to your own Google Drive. If you turn on backup, your library is copied to a private, app-only folder in your Google Drive — never to our servers. You can turn it off any time.
- AI Summary is the only feature that sends your content to a third party. When you explicitly use AI Summary, the snippets you select are sent to OpenRouter (an LLM provider) through our server. We do not store them.
- Push to Obsidian works entirely on your device. No content leaves your browser.
- Push to Notion sends content through our server to Notion’s API. We do not store the content; we forward and discard.
- License validation sends only your license key. No content is associated.
- Usage statistics are aggregated counts only. No content, no personal identifiers. You can disable this in Settings.
If anything below contradicts this summary, the detail below governs.
2. What We Collect
2.1 Data stored on your device only (we never receive this)
- Saved snippets (the text you select on AI platforms)
- Notes you write
- Topics and tags you create
- Search history within the extension
- Your Obsidian vault name (for push)
- Your Notion API key and Database ID (for push)
- Your view preferences
This data is stored in chrome.storage.local. We have no access to it.
2.2 Data that leaves your browser
When you use AI Summary:
- The snippets you select (content, your note, topic name, tag names, platform name)
- The summarization mode you chose
- A device identifier (see §2.4)
- Your license key, if you have one
This data is sent to our Cloudflare Worker, which forwards it to OpenRouter. OpenRouter processes the data to generate the summary. Neither we nor OpenRouter store the content beyond what is needed to deliver the response. OpenRouter’s privacy practices are governed by their own policy: https://openrouter.ai/privacy.
When you enable Google Drive backup (optional, off by default):
- A copy of your library (snippets, notes, topics, tags, settings) is uploaded to a private application-data folder in your own Google Drive, using an access token you grant.
- We request only the narrow
drive.appdatascope: LassoSnap can read and write its own backup file and cannot see any other file in your Drive. The backup never passes through or is stored on our servers — it goes directly from your browser to Google. You can disable backup and delete the file at any time.
When you push to Notion:
- The snippet content and properties you push
- Your Notion API key (used once, not stored)
- Your Notion Database ID
- A device identifier
- Your license key, if you have one
We forward this to Notion’s API and discard. Notion stores the content per their terms.
When you push to Obsidian:
- Nothing leaves your browser. Push uses the
obsidian://URI scheme, which is handled locally by your Obsidian client.
When you validate or activate your license:
- Your license key
- A device identifier
- (No content of any kind)
When you opt to share usage statistics (default on, can be disabled):
- Aggregated counts (e.g., “12 snippets saved this day”, broken down by platform)
- Your tier (free / pro / pro_plus)
- A device identifier
- (No snippet content, no notes, no topic names, no tag names, no URLs)
This is sent at most once per day.
When you fill out the uninstall feedback form (voluntary):
- Your selected reasons
- Anything you typed in the “comment” field
- Metadata from the URL (extension version, days since install, total snippets count, breakdown by platform, tier, summaries used)
You can submit the form with no fields filled if you wish.
2.3 Information we never collect
- Your name
- Your IP address (beyond what Cloudflare needs to route the request, which is not stored by us)
- Your real email address (unless you upgrade to a paid plan, in which case Paddle collects it for billing — see §4)
- Browsing history outside of LassoSnap’s saved snippets
- Any data from non-supported sites
- Device fingerprints (User Agent, screen size, fonts, etc.)
2.4 The “device identifier”
When you install LassoSnap, the extension generates a random UUID and stores it locally. We call this your “device identifier” (or anonymousUserId).
Purpose: This identifier is used by our server to:
- Rate-limit API calls (to prevent abuse of free-tier AI Summary)
- Associate aggregated usage statistics with a single anonymous device
- Associate uninstall feedback with a session’s usage history
- Track multi-device limits for paid licenses (max 3 devices per license)
Important: The device identifier is not linked to your name, email, IP address, or any other personal information. It cannot be used to identify you as an individual. However, because it persists, we acknowledge it is not “completely anonymous” — it is “pseudonymous”.
You can reset it at any time by uninstalling and reinstalling the extension. Doing so will not affect your saved data, but will affect your license activation count (the old device record stays until automatically replaced).
3. How We Use Information
We use the information described in §2.2 only for the purpose stated alongside it. We do not:
- Sell your data to anyone
- Use your content to train AI models
- Share your content with advertisers
- Use your content for marketing
- Combine your content with data from third parties to build a profile
4. Paid Subscriptions
When you upgrade to a paid plan, Paddle.com Inc. (“Paddle”) acts as the Merchant of Record. Paddle handles all payment processing and collects information necessary for billing, tax compliance, and fraud prevention.
Data Paddle collects directly from you:
- Your email address
- Your billing address
- Your payment method (we never see your card details)
- Your country and tax information
Paddle’s privacy practices are governed by their own policy: https://www.paddle.com/legal/privacy.
After a successful payment, our server receives from Paddle:
- Your email address (used to send your license key)
- A Paddle customer ID
- A Paddle subscription ID
- Your subscription tier and renewal date
We store this in our database to:
- Generate and send your license key
- Validate your license on future use
- Manage renewals, cancellations, and refunds
We retain this data for as long as your subscription is active, plus up to 7 years after cancellation, to meet tax and accounting requirements imposed on Paddle.
5. Third Parties
LassoSnap uses the following third parties to deliver functionality:
| Provider | Purpose | What they receive |
|---|---|---|
| Cloudflare | Hosting our server (Workers + D1) | All data described in §2.2 passes through their infrastructure |
| OpenRouter | AI Summary generation | Snippet content you submit for summarization |
| Notion | Push destination | Snippet content you push, your Notion API key (transiently) |
| Paddle | Payment processing (Merchant of Record) | Billing data (see §4) |
| Resend | Sending license key emails | Your email and license key |
| Google (Chrome Web Store) | Distributing the extension | Standard CWS analytics; we receive aggregate install counts only |
We do not use any analytics that profile users (no Google Analytics, no Mixpanel, no Segment, no Facebook Pixel).
6. Data Retention
| Data | How long we keep it |
|---|---|
| Snippets, notes, topics, tags (on your device) | Until you delete them or uninstall |
| License records (in our database) | Active subscription + 7 years (tax requirements) |
| Aggregated usage statistics | 24 months |
| Uninstall feedback | 24 months |
| AI Summary feedback (thumbs up/down) | 24 months |
| Webhook events (Paddle) | 12 months |
| Server logs (Cloudflare) | 24 hours |
7. Your Rights
Depending on your jurisdiction, you may have rights including:
- Access: Request a copy of the data we hold about you
- Rectification: Request correction of inaccurate data
- Erasure (“right to be forgotten”): Request deletion of your data
- Portability: Request your data in a portable format
- Restriction: Restrict how we process your data
- Objection: Object to certain processing
- Withdrawal of consent: Withdraw consent for telemetry at any time (via Settings)
For data on your device (snippets, notes, etc.): you have full control — delete the extension or specific snippets at any time. The built-in JSON Export feature lets you download all your data.
For data on our servers (license records, aggregated stats): email hello@byzanx.com with your request. We will respond within 30 days. To verify your identity, we may ask you to provide:
- Your license key (if you have one), or
- Your
anonymousUserId(visible in Settings → Privacy section)
We do not require government ID to process these requests.
8. International Data Transfers
Our server runs on Cloudflare’s global edge network, which means your data may be processed in countries other than your own (typically the nearest Cloudflare edge to your location). Paddle, OpenRouter, Notion, and Resend each have their own data residency policies, generally including the United States and the European Union.
For users in the EU/UK: where required, we rely on Standard Contractual Clauses or equivalent safeguards.
9. Children’s Privacy
LassoSnap is not directed to children under 13 (or under 16 in jurisdictions where that is the threshold for digital consent). We do not knowingly collect data from children. If you believe a child has used LassoSnap, please contact us at hello@byzanx.com and we will delete any associated data.
10. Security
- Data on your device is protected by Chrome’s storage isolation.
- Data in transit uses HTTPS/TLS.
- Database access is restricted to our server.
- We use Cloudflare’s security infrastructure (DDoS protection, WAF).
- We do not store payment card information (Paddle handles this).
- API keys (OpenRouter, Paddle, Resend) are stored as Cloudflare Worker secrets, never in the extension code.
No system is perfectly secure. If we become aware of a breach affecting your data, we will notify you within 72 hours of confirmation, where required by law.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will:
- Update the “Last updated” date at the top
- Notify users of material changes via the extension Settings or by email (if you have an active subscription)
- Maintain previous versions in our public repository
Continued use of the Service after a change indicates your acceptance of the updated policy.
12. Open Source
LassoSnap’s source code is available at https://github.com/byzanx/lassosnap. You can verify our privacy claims by inspecting the code, particularly:
src/lib/telemetry/— what data is sent to our serversrc/lib/summary/summary-service.ts— what is sent to OpenRoutersrc/lib/push/notion-push.ts— what is sent to Notionworker/— our server-side code
13. Contact
For any privacy-related question, request, or complaint:
Email: hello@byzanx.com
For users in the EU: under GDPR Article 27, our representative for matters relating to GDPR can be reached at the same address.
LassoSnap is developed and operated by an independent developer based in China. By using the Service, you agree to the data practices described in this Policy.