Privacy Policy

1. Who we are & what this covers

Listr is a Chrome extension and web app that helps you capture, organize, and ship work — projects, tasks, and more. This policy describes what information the extension and its companion web app at this domain collect, why we collect it, how we store and share it, and your rights over it. If you contact us using the details at the bottom of this page and something here is unclear, we’ll always prefer clarity over legalese.

2. Local-first by default

Listr stores your projects, settings, and preferences in your browser using chrome.storage.local. If you never sign in, no task data leaves your device. Uninstalling the extension removes everything stored by chrome.storage.local.

3. Google account & user data

Sign-in is via Google OAuth. When you sign in, we receive only the fields Google returns for the scopes you authorize. We request the following scopes:

Spreadsheet exports are generated entirely on your device — we download an .xlsx file straight to your computer and request no Drive or Sheets access. Open it in Excel, Numbers, or drag it into Sheets yourself if you want a live spreadsheet.

4. Chrome extension permissions

5. What we capture from webpages

Listr does not run any content script or read pages in the background. It only sees what you actively select and right-click. When you use “Add to Listr” from the context menu, the selected text, the tab URL, and the tab title are written to chrome.storage.local so the popup can pick them up next time you open it. Nothing is transmitted to our servers by this action — it reaches the cloud only if you’re signed in and your project is a synced one.

6. Cloud sync (signed-in only)

When you’re signed in, your projects and settings sync to Google Firebase Firestore under a document path scoped to your user ID. Firestore security rules enforce that only you (or collaborators you’ve explicitly added) can read your data. Sign out any time — your local copy stays intact.

7. File attachments

If you attach files (images, PDFs, documents) to a task, they’re uploaded to Firebase Storage under your user folder for personal projects, or under the project owner’s folder for shared projects. Files stay there until you delete the attachment, the task, or the project. We do not scan, index, or analyze the contents of your attachments. Executable files (.exe, .js, etc.) are blocked at upload time.

8. Collaboration

When you share a project, you enter a collaborator’s email. That email is stored (lowercased) in a sharedWith array on the project document. Anyone signed in with that email address can read and edit the entire project — tasks, descriptions, attachments, and due dates. We never send an invitation email or otherwise notify the collaborator on your behalf; you share the fact that the project exists out-of-band.

9. “Organize with AI” feature

This feature is Pro/Elite only. When you trigger it, the text you’ve typed is sent to our Cloud Function and forwarded to OpenAI’s API (gpt-4o-mini) to produce the structured output. We do not store your AI inputs or outputs on our server beyond the request lifecycle — only a counter (5/day for Pro) is kept, with no text content attached. OpenAI’s own data-handling terms cover the processing step. Don’t submit data to this feature that you wouldn’t be comfortable with OpenAI receiving.

10. Billing data

Payments are processed by Razorpay. We receive and store the order ID, payment ID, amount, currency, and paid-at timestamp — never your card number, UPI PIN, or bank credentials. These identifiers are kept so you can see your order history inside the app and so we can reconcile refund/support requests. Razorpay’s privacy policy governs their handling of payment details.

11. Slack integration (optional)

If you install the Slack action, right-clicking a Slack message and choosing “Add to Listr” sends the message text, a permalink, channel name, and your Slack user/team IDs to our server so the extension can pick it up. The record is deleted once the extension claims it. This integration is off by default.

12. PIN reset email

The Hidden Projects feature protects projects with a 6-digit PIN. The PIN itself is hashed (SHA-256 with per-user salt) on your device before it ever reaches our servers; we never see it in plaintext. If you request a reset, we send a one-time code to your Google account email via Brevo. We don’t use your email for anything else.

13. What we don’t do

• No analytics. No Google Analytics, no Mixpanel, no Segment, no Sentry — none.
• No advertising. We do not sell, rent, or share your data for marketing.
• No behavioral profiling. We do not build shadow profiles from your activity.
• No training ML models on your data. In particular, no Google user data, no project content, and no attachments are used to train any model we operate.
• No tracking cookies on the marketing site beyond what’s strictly necessary for the pages to function.

14. Retention & deletion

We keep your account data for as long as your account exists. You can:

• Delete individual projects and attachments from inside the extension.
• Sign out to stop all cloud sync; local data stays with you.
• Email ferrousdesigner@gmail.com to request full deletion of your account, synced projects, attachments, and order history. We’ll confirm when it’s done — typically within 7 days.
• Revoke Listr’s access to your Google account any time at myaccount.google.com/permissions.

Billing records (order ID, amount, date) are retained for up to 7 years to satisfy tax and accounting obligations, even after account deletion.

15. Security

• Transport: HTTPS/TLS everywhere.
• Auth: Google OAuth; we never handle your password.
• Database: Firestore security rules restrict access to the owner (and collaborators you’ve added by email).
• Billing-sensitive fields (plan, period, AI quota) are only writable by a server-side Razorpay webhook that verifies the payload signature; user clients cannot self-grant paid plans.
• PINs for Hidden Projects are salted and hashed on-device before transmission.

No system is bulletproof. If we become aware of a breach affecting your data, we’ll notify affected users promptly and take remediation steps.

16. Children’s data

Listr is not directed at children under 13 and we do not knowingly collect personal data from them. If you believe a child under 13 has given us personal information, contact us and we’ll delete it.

17. International transfers

Our infrastructure providers (Google Cloud / Firebase, Razorpay, OpenAI, Brevo) operate across multiple regions, primarily the United States and India. By using Listr you consent to your data being processed in those regions. We rely on the providers’ own transfer mechanisms (SCCs, adequacy decisions) where applicable.

18. Your rights

Depending on where you live, you may have rights to access, correct, delete, or port your personal data, or to object to certain processing (under GDPR, DPDP, CCPA, and similar laws). Write to us at ferrousdesigner@gmail.com and we’ll honor the request within the timeframes required by the applicable law.

19. Changes to this policy

We may update this policy. If a change materially reduces your privacy protections or expands how we use your data, we’ll notify active users by email or an in-app banner before it takes effect.

20. Contact

Privacy questions, deletion requests, or anything else: email ferrousdesigner@gmail.com. We read everything.