Text From Image Extractor – Privacy Policy

Effective date: 2024-09-01

This policy explains how the Text From Image Extractor Chrome extension and its companion server handle data. By using the extension or associated website, you agree to this policy.

Information we collect and why

• Selected page content and screenshots (extension): When you drag to capture a region, the extension reads visible text on the page locally and captures a cropped screenshot of that region. The cropped image is sent to our server and to OpenAI’s Vision API only to generate OCR text for you. We do not store these images or the extracted text after completing the request.
• Account data (server): If you create an account, we collect your email address, hashed password (Argon2id), or Google account ID/email when you sign in with Google. We generate session tokens stored in an HTTP-only cookie to keep you signed in.
• Subscription/billing data (server): If billing is enabled, payments are processed by Stripe. We receive your Stripe customer ID, subscription status, and trial dates. We do not receive or store full payment card numbers.
• Service metadata: Our server keeps minimal logs (timestamp, IP, user agent, error details) to operate the service securely and prevent abuse.
• Extension settings: The extension stores configuration (e.g., backend URL, auth settings) in `chrome.storage.sync` so it can reach your deployed server. No browsing history is collected.

How we use data

• Provide the OCR and clipboard functionality you request.
• Authenticate you, maintain sessions, and show your entitlement/subscription status.
• Process payments and manage trials/subscriptions when billing is enabled.
• Secure the service, prevent fraud/abuse, and debug reliability issues.

Sharing and disclosure

• OpenAI receives the cropped region image solely to return OCR text; inputs and outputs are not used to train OpenAI models.
• Stripe processes payments; card data never touches our servers.
• Google is used for OAuth if you choose Google sign-in.
• We do not sell user data or use it for advertising. We disclose information only if required by law or to protect the service and users.

Data retention

• Cropped images and OCR results are discarded after the response is returned.
• Session cookies expire after roughly 30 days or when you sign out.
• Account and subscription records are kept while your account is active; you can request deletion.
• Server logs are retained for a limited period for security and troubleshooting.

Cookies and local storage

• An HTTP-only session cookie (`rtc_session`) keeps you signed in.
• A CSRF cookie (`rtc_csrf`) protects form submissions.
• Extension settings are stored in `chrome.storage.sync` to remember your backend URL and auth config.

Your choices

• Uninstall the extension to stop all data flow from the browser.
• Sign out from the extension or revoke Google access in your Google account settings.
• Contact us to delete your account and associated data.

Security

• Passwords are hashed with Argon2id; session tokens are stored in HTTP-only cookies.
• Transport is protected with HTTPS, and sensitive endpoints include CSRF protection and server-side validation.
• Access to production systems is limited to authorized maintainers.

Contact

If you have questions or want to request data deletion, email support@textfromimageextractor.app.