We don't want your data.

Last updated · May 15, 2026

That's not a slogan. It's the architecture. This policy explains exactly what data Mindlatch collects, how we use it, where it's stored, who it's shared with, and how to delete it.

Summary

Mindlatch is a Chrome extension that lets you save and organize web pages, highlights, and notes — all stored locally in your browser. We do not have servers that hold your library. The only personal data we collect is from people who choose to subscribe to Mindlatch Pro: their email address and the license key we generate for them.

1. What data we collect, and why

The Chrome Web Store classifies user data into categories. Here is exactly which apply to Mindlatch and which do not.

Authentication information

Collected and stored locally on your device: Your Mindlatch Pro license key and, if you use the Ask feature, your Anthropic or OpenAI API key. Both are stored in chrome.storage.local on your computer. We do not transmit them anywhere. We use them only to (a) unlock Pro features locally and (b) authenticate your own AI requests to your chosen provider.

Stored on our server: The Mindlatch Pro license key we generate for you is also stored on our Cloudflare KV store, paired with your email address, so we can re-send the key if you ask. We do not store your API keys server-side.

Web history

Collected and stored locally on your device: URLs, page titles, page favicons, and timestamps of pages you explicitly choose to save (via the Latch shortcut or the Liberate Tabs feature). Stored in your browser's IndexedDB. We do not have access. The extension does not record general browsing history — only pages you opt to save with a deliberate action.

Sensitive URL parameters (tokens, passwords, OAuth codes, JWTs, session IDs, API keys) are automatically stripped from URLs before they are stored. The stripping happens in your browser; the credentials never reach storage.

Website content

Collected and stored locally on your device: Text you select and choose to save as a highlight, notes you type yourself, and (with the Voice feature) transcripts of audio you choose to record. Stored in your browser's IndexedDB. We do not have access.

If you use the Ask feature, the most relevant excerpts of your saved content are sent — along with your question — directly from your browser to the AI provider you selected (Anthropic or OpenAI). The request uses your own API key. The traffic does not pass through any Mindlatch server. We never see the question, the excerpts, or the answer.

Personally identifiable information (Pro subscribers only)

Collected and stored on our server: Your email address, supplied by you during Stripe checkout when you subscribe to Mindlatch Pro. Used only to send your license key by email and to identify your account if you contact support. Stored in Cloudflare KV.

If you do not subscribe to Pro, we do not collect your email or any other personally identifiable information.

Financial and payment information (handled by Stripe)

If you subscribe to Mindlatch Pro, payment is processed by Stripe. Stripe collects the data needed to charge a card — your name, email, billing address, country, and payment method details. We do not see your full card number or CVV. Stripe's privacy policy governs that data. We receive only confirmation that the payment succeeded, plus the email associated with the purchase.

What we do NOT collect

Mindlatch does not collect: health information, location data, personal communications (emails, texts, chats), user activity (mouse movement, keystrokes, clicks, scrolling), passwords for other services, or any data from web pages you have not explicitly chosen to save.

2. How we use your data

• License key + email (Pro subscribers): to deliver your key by email, to resend it if you lose it, and to identify your account for support.
• Saved library data (local only): to display and search your library inside the extension. We have no access; this happens entirely on your device.
• Payment information: processed by Stripe to charge your subscription. Used only to bill you.

We do not use any of this data for advertising, behavioral profiling, or training AI models. We do not analyze, aggregate, or anonymize-and-sell user data. We have no analytics product.

3. How we handle and store your data

• Library data (saves, highlights, notes, sessions, decisions, trash): Stored exclusively in your browser's IndexedDB. Never transmitted to Mindlatch.
• Local settings (license key, API key, preferences): Stored in chrome.storage.local on your device. Never transmitted to Mindlatch.
• Pro subscriber records (email, license key, Stripe session ID): Stored in Cloudflare KV (the Cloudflare network, US region). Transmitted over HTTPS.
• Payment data: Stored by Stripe, governed by Stripe's policy.

4. Who we share your data with

We share data only with the following service providers, only to the extent required for the service they provide:

• Stripe — payment processing.
• Cloudflare — hosts our license-issuing Worker and our KV store of Pro records, and serves the mindlatch.app website.
• Resend — sends the transactional email containing your license key.
• Anthropic or OpenAI — only if you use the Ask feature. Requests go directly from your browser, using your own API key. We do not relay them.

We do not sell your personal data. We do not transfer your data to third parties for any purpose other than the ones listed above. We do not use your data to determine creditworthiness or for lending.

5. How long we keep your data

• Library data: as long as you choose to keep it. Uninstalling Mindlatch wipes the IndexedDB.
• Pro subscriber records: kept for as long as you have an active Pro account, plus a reasonable period afterward for support and accounting. You can email us at any time to request deletion (see Section 6).
• Payment records: retained by Stripe per their policy and applicable law.

6. Your rights — access, export, deletion

• Access and export your library: the extension has a built-in Export feature that produces a file (Markdown, HTML, or JSON) of everything in your library, on your device.
• Delete your library: uninstall the extension, or use the Settings → Reset option. This wipes IndexedDB and chrome.storage.local.
• Delete your Pro record: email hello@mindlatch.app and we will remove your email, license key, and Stripe session ID from our KV store within 7 days, and confirm by reply.
• Cancel your subscription: use the cancellation link in your Stripe receipt email, or email us.

7. Security

All connections to mindlatch.app and to our Cloudflare Worker use HTTPS/TLS. Pro subscriber records on Cloudflare KV are encrypted at rest by Cloudflare. API keys and license keys stored locally on your device are protected by Chrome's storage isolation. We never log or display API keys.

8. Cookies, trackers, fingerprints

None. The extension loads no third-party scripts and sets no cookies. The mindlatch.app website is a static page with no analytics, no cookies, and no fingerprinting.

9. Children

Mindlatch is not designed for or directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please email hello@mindlatch.app and we will delete it.

10. International users

Mindlatch is operated from the United States. By using Mindlatch, you understand that any Pro subscriber data (email, license key) will be stored on Cloudflare's network, which may process data in the United States and other regions.

11. Changes to this policy

If we change this policy materially, we will update the "Last updated" date at the top and add an entry to the changelog. Continued use of Mindlatch after a change means you accept the updated policy.

12. Contact

Questions, requests, or concerns? Email hello@mindlatch.app. We reply within 24 hours on business days.