Privacy Policy

PageRecall is built on a simple promise: your browsing history belongs to you, and only you. Every architectural decision — from client-side encryption to zero plaintext storage — exists to make that promise technically enforceable, not just a policy claim. This Privacy Policy explains what data we collect, why we collect it, how it is protected, and your rights over it. It applies to the PageRecall Chrome extension and the web application at pagerecall-webapp.vercel.app.

PageRecall uses AES-256-GCM encryption — the same standard used by banks and governments — applied entirely within your browser before any data is uploaded. Here is the exact flow: 1. When you first sign in, your browser generates a unique 256-bit secret key. 2. This key is shown to you once. You must save it — we do not store it. 3. Every session is encrypted in your browser using this key before upload. 4. Our servers receive only encrypted blobs (ciphertext + IV). The plaintext is mathematically inaccessible to us. 5. When you open your dashboard, your browser fetches the ciphertext and decrypts it locally using your key. This means: even if our database were breached, even if we were subpoenaed, even if a PageRecall employee wanted to — nobody can read your browsing data without your secret key.

Encrypted session data is stored in MongoDB Atlas (cloud-hosted), indexed by your Google account ID. Free plan users: encrypted data is retained for 14 days. Pro plan users: encrypted data is retained indefinitely until you delete it. Your Google account information (email, display name) is stored in our database to associate your encrypted data with your account. This is the only plaintext data we store about you. You can permanently delete all your data at any time from Settings → Delete My Data. Deletion is immediate and irreversible.

PageRecall does not sell, rent, trade, or transfer your personal data or browsing history to any third party for any purpose — advertising, analytics, data brokering, or otherwise. Our business model is simple and transparent: paid Pro subscriptions. Your data is not our product. You are not our product. We do not use your browsing data to show you ads. We do not allow advertisers to target you based on your PageRecall data. We do not share data with data brokers or marketing platforms.

You have the following rights over your data at all times: Access — You can view all your stored data through your PageRecall dashboard. Export — Pro users can export their full history as CSV or JSON at any time from Settings. Deletion — You can delete all your data instantly from Settings → Delete My Data. This permanently removes your encrypted data from our database. Because we don't hold your decryption key, deleted data is unrecoverable. Account closure — You can uninstall the extension and close your account at any time. Uninstalling stops all data collection immediately. If you are in the EU or UK, you have additional rights under GDPR/UK GDPR including the right to rectification, restriction of processing, and to lodge a complaint with your supervisory authority.

PageRecall requests the following Chrome permissions, each strictly necessary for its single purpose: storage — Saves encrypted session data locally before cloud sync. tabs — Reads page titles, URLs, and navigation timing. Required to record your browsing sessions. alarms — Schedules periodic background sync of encrypted data to the cloud. scripting — Injects a content script to read SEO metadata (meta tags, headings, canonical URLs) from pages you visit. host_permissions (<all_urls>) — Required for the scripting permission to operate across all websites. No data is collected from pages without user interaction. PageRecall does not use remote code. All extension JavaScript is bundled within the installed package.

PageRecall is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and notify you via the PageRecall extension popup if the changes are material. Continued use of PageRecall after changes are posted constitutes your acceptance of the updated policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or your data, please contact us at: privacy@pagerecall.com We aim to respond to all privacy-related requests within 48 hours.