To use these add-ons, you'll need to download Firefox.

Log in
Add-on icon

Privacy policy for Neatlink

Neatlink by Neatlink

0 Stars out of 5
5
0
4
0
3
0
2
0
1
0
Privacy policy for Neatlink

Neatlink Privacy Policy

Effective date: 2026-05-22
Last updated: 2026-05-26

Introduction

Neatlink is a browser extension developed by George (individual developer). This policy covers Neatlink across Chrome, Firefox, Safari, Edge, Brave, Arc, Opera, Vivaldi, and other Chromium-based browsers, the Neatlink macOS companion app, and the neatlink.app website.

Contact: contact@neatlink.app

Data that stays on your device

The following data never leaves your device (stored in your browser's local extension storage):

  • Bookmarks, folders, tags, notes, and settings you create in Neatlink
  • Favicon images extracted from websites you bookmark
  • Your preferences and UI state

We have no access to this data.

Data stored in your own Google Drive (Cloud Sync)

When you enable Cloud Sync, your bookmarks and folders are encrypted on your device using AES-GCM-256 before being uploaded directly to your own Google Drive account (appDataFolder). Favicon images are also encrypted and uploaded directly to your Drive. Backups are stored in a "Neatlink Backups" folder in your Drive as standard HTML bookmark files.

This data goes directly from your browser to Google's servers. It does not pass through our infrastructure. We cannot read, access, or decrypt it.

Data our servers process

Our server (oauth.neatlink.app) handles two things:

A. OAuth authentication. Your Google OAuth refresh token passes through our server to exchange it for new access tokens. We act as a proxy between your browser and Google's token endpoint. This is required because browser extensions cannot securely store OAuth client secrets.

B. Shared collections (optional, user-initiated). When you choose to share a folder via a shareable link, the following is sent to our Cloudflare infrastructure:
  • Encrypted: the actual bookmark content, folder structure, and favicon images (AES-GCM-256 encrypted; the decryption key is in the share URL fragment, which our server never receives).
  • Plaintext metadata: collection title, description, bookmark count, timestamps, and a SHA-256 hash of your Google User ID.

We cannot decrypt the shared bookmark content. The plaintext metadata is stored to display collection previews and enforce expiration. Shared collections auto-delete after a fixed period (currently 30 days).

Data we do NOT collect
  • Email addresses, names, or personal identity information
  • Browsing history (we only know about pages you explicitly bookmark)
  • Cookies or tracking data
  • Analytics or telemetry of any kind
  • Passwords or payment information

Google API Services - Limited Use Disclosure

Neatlink's use of information received from Google APIs adheres to the Google API Services User Data Policy (https://developers.google.com/terms/api-services-user-data-policy), including the Limited Use requirements. We only use Google API access to:
  • Store and retrieve your encrypted bookmark data in your Google Drive
  • Authenticate your identity for Cloud Sync

We do not transfer, sell, or use this data for advertising, analytics, or any purpose other than providing Neatlink's core functionality.

Permissions and why we need them
  • storage: store your bookmarks, folders, and settings locally
  • bookmarks: import bookmarks from your browser (Browser Sync feature)
  • tabs / activeTab: detect the current page when you save a bookmark
  • alarms: schedule periodic Cloud Sync operations
  • scripting: extract favicon images from pages you bookmark
  • identity: authenticate with Google for Cloud Sync
  • host permissions (all URLs): extract favicons from any website you bookmark, and follow redirects for favicon resolution
  • downloads: export backup files
  • contextMenus: provide the right-click "Save to Neatlink" menu item
  • nativeMessaging (Safari): communicate with the macOS companion app

Data security
  • All Cloud Sync data is encrypted client-side with AES-GCM-256 before leaving your device.
  • Encryption keys are derived from your Google User ID using PBKDF2-SHA256. The key never leaves your device.
  • Shared collection content is encrypted with a random per-collection key embedded in the share URL fragment, never sent to our server.
  • All network communication uses HTTPS/TLS.

Data retention and deletion
  • Local data: deleted when you uninstall the extension or clear browser data.
  • Google Drive data: stored in your own account; you can delete it anytime from Google Drive.
  • Shared collections: auto-deleted after a fixed period (currently 30 days). You can delete them manually at any time.
  • OAuth tokens: cleared from our server when you disconnect Cloud Sync.

Your rights

You can request access to, correction of, or deletion of any data associated with your use of Neatlink by contacting contact@neatlink.app.

Children's privacy

Neatlink is not directed at children under 13. We do not knowingly collect data from children.

Changes to this policy

We may update this policy from time to time. Changes will be posted with an updated effective date.