To use these add-ons, you'll need to download Firefox.

Log in
Add-on icon

Privacy policy for Cyclone

Cyclone by Marco Calderon

0 Stars out of 5
5
0
4
0
3
0
2
0
1
0
Privacy policy for Cyclone

Privacy Policy

Product: Cyclone — cross-platform link saver (browser extension, mobile, and desktop apps)



1. Summary

Cyclone lets you save links from your browser, phone, and desktop, organize them into
collections with tags and notes, and sync them across your devices. To do this we store the
links and notes you create, manage your account, and generate preview images and short
AI-written summaries of the pages you save.

We collect only what is needed to provide the service. We do not sell your personal data,
and we do not use it for advertising.

Because the browser extension can read the page you are viewing in order to save it, the
Firefox listing declares the following data-collection categories:

  • Browsing activity — the URLs you choose to save.
  • Website content — content of pages you save, fetched to build previews and summaries.
  • Authentication information — your sign-in session.
  • Personally identifying information — your account email and (for social sign-in) profile.

Details are below.

2. Who is responsible for your data

[PROVIDER LEGAL NAME] is the data controller for personal data processed through Cyclone.
For questions or requests, contact us at [privacy@yourdomain.com].

3. What data we collect

3.1 Account data

When you create an account we process, via our authentication provider (Supabase Auth):
  • Email address and password (passwords are hashed by the provider; we never store them in plain text); or
  • If you sign in with Google or GitHub (OAuth), the basic profile your provider returns — typically name, email address, and avatar URL.

3.2 Content you create ("Saved Links")

When you save or edit a link, we store:
  • The link URL and our normalized form of it.
  • Title and description (entered by you or fetched from the page).
  • Tags, notes, and the collection it belongs to.
  • Collection names and descriptions you create.
  • Timestamps and a client-generated identifier for each record.

3.3 Data derived from the pages you save

After you save a link, our background services fetch the target page to enrich it:
  • Preview image — we retrieve the page's Open Graph/preview image, or capture a
    screenshot of the page if no preview image exists, and store the image file.
  • Page text & summary — we extract readable text from the page, generate a short
    semantic description using an AI text model, and create a numeric vector embedding of that
    text to power search.

The original full page HTML is not retained as a stored document; we keep the preview image,
the extracted/summarized metadata, and the embedding.

3.4 Browser extension access

To let you save the page you are on, the extension uses browser permissions (activeTab,
tabs, contextMenus, storage, identity). It accesses a tab's URL and content only in
connection with a save action you initiate. It does not run continuous background tracking
of your browsing.

3.5 Data stored on your device

Cyclone is offline-first. Your links and your authentication session are cached locally on
each device (browser extension storage, mobile secure storage, and IndexedDB on
web/desktop) so the app works without a network connection.

3.6 What we do not collect

We do not intentionally collect advertising identifiers, precise geolocation, or analytics
profiles for ad targeting. We do not sell personal data.

4. How we use your data

| Purpose | Data used |
|---------|-----------|
| Provide core features (save, organize, sync) | Account data, Saved Links |
| Authenticate you and keep you signed in | Account data, session tokens |
| Generate previews and AI summaries | Saved URLs, fetched page content |
| Power search across your library | Summaries and vector embeddings |
| Sync your library across your devices | Saved Links, account identifier |
| Keep the service secure and debug issues | Technical/session data |
| Comply with legal obligations | As required by law |

Legal bases (GDPR/UK GDPR, where applicable)
  • Performance of a contract — to provide the service you sign up for.
  • Legitimate interests — to secure, maintain, and improve the service.
  • Consent — where required (e.g. optional features); you may withdraw it at any time.
  • Legal obligation — to comply with applicable law.

5. Where your data is stored and who processes it

Cyclone relies on the following third-party "sub-processors". Each only processes data to
provide its part of the service:

| Sub-processor | Role | Data handled |
|---------------|------|--------------|
| Supabase | Authentication and primary database | Account data, Saved Links metadata |
| Cloudflare | Background workers, object storage (R2), vector index, AI inference, headless rendering | Page URLs/content, preview images, summaries, embeddings |
| Vercel | Hosting for the web application | Requests to the web app |
| Google / GitHub | OAuth sign-in (only if you choose social login) | Your profile data from that provider |
| Mozilla Add-ons / Chrome Web Store | App distribution | Store-side install/usage data per their policies |

Data may be processed in data centers outside your country (including the United States).
Where required, transfers rely on appropriate safeguards such as Standard Contractual Clauses.
Please update this table to reflect your actual deployment and provider regions before publishing.

6. Sharing and disclosure

We do not sell your personal data. We disclose data only:
  • to the sub-processors listed above, to operate the service;
  • when required by law, subpoena, or to protect rights, safety, and security;
  • in connection with a merger, acquisition, or asset sale, subject to this policy.

7. Data retention
  • Account and Saved Links — retained while your account is active.
  • Preview images, summaries, embeddings — retained while the related link exists.
  • Local device cache — retained until you sign out, clear app data, or uninstall.
  • When you delete a link or your account, the associated records are deleted from our primary
    store; derived artifacts (preview images, embeddings) are deleted on the same basis. Backups
    and provider-side logs may persist for a limited period before rotation.

Specify exact retention periods for your deployment here: [RETENTION PERIODS].

8. Your rights

Depending on where you live, you may have the right to:
  • access, correct, or delete your personal data;
  • export/port your data;
  • object to or restrict certain processing;
  • withdraw consent; and
  • lodge a complaint with a supervisory authority.

To exercise these rights, contact [privacy@yourdomain.com]. You can also delete individual
links, collections, or your entire account from within the app.

9. Security

We use authentication, row-level access controls so users can only access their own records,
encrypted transport (HTTPS/TLS), and server-side secrets that are never shipped to client
apps. No system is perfectly secure; we cannot guarantee absolute security.

10. Children's privacy

Cyclone is not directed to children under [13/16, per your jurisdiction]. We do not knowingly
collect personal data from children. If you believe a child has provided us data, contact us
and we will delete it.

11. Changes to this policy

We may update this policy from time to time. Material changes will be reflected by the
"Last updated" date and, where appropriate, in-app notice. Continued use after changes take
effect constitutes acceptance.