Last updated: April 27, 2026
WindoM is a Chrome extension that replaces your new tab page with a personal productivity dashboard. This policy explains exactly what data we collect, what stays entirely on your device, and how we use it. We do not advertise, track, or sell data.
The following is stored only in your browser using chrome.storage and is never sent to any server:
Creating an account is entirely optional. The dashboard works fully without signing in. If you choose to create an account, we store the following on our servers:
You can delete your account and all associated server-side data at any time from Settings → Account → Delete account. All data is deleted permanently and immediately.
If you connect your Google account, WindoM requests the following read-only scopes in a single OAuth consent:
calendar.readonly, gmail.readonly, openid, email, profile.
You can connect Calendar alone (which uses only calendar.readonly) or both Calendar and Gmail together.
Your Google OAuth access token is stored encrypted at rest on our servers using AES-256-GCM and is used only to make API requests on your behalf. We never share it with third parties.
Disconnecting Google from Settings → Apps immediately revokes our stored token and deletes all cached data.
WindoM uses a Bring Your Own App (BYOA) model for Spotify. You register a free Spotify Developer app and provide its Client ID in WindoM's settings. This means your music data flows between your browser and your own registered Spotify app - WindoM does not operate a shared Spotify client.
Your Spotify OAuth token is stored encrypted on our servers and is used only to fetch your currently-playing track (artist, title, album art, playback state). We do not access your library, playlists, listening history, or follower data. Disconnecting Spotify immediately deletes the stored token.
WindoM requests the following Chrome permissions and uses them as described:
| Permission | Why it is used |
|---|---|
storage / unlimitedStorage |
Save your settings, todos, links, cached images, and finance watchlist in your browser. unlimitedStorage is required only for locally uploaded background images. |
tabs |
Open, close, and pin tabs from the tab sidebar. Tab titles and URLs are used only locally to populate the sidebar and are never sent anywhere. |
history |
Read your recent browsing history to display recent sites in the tab sidebar and provide search suggestions. Only the last 7 days are read, deduplicated by hostname, limited to 10 entries. This data never leaves your device. |
identity |
Launch the Spotify PKCE OAuth flow via chrome.identity.launchWebAuthFlow. |
The following services are contacted directly from your browser. WindoM's servers are not involved in these requests, and we do not share personal data with these services.
| Service | What is sent | Purpose |
|---|---|---|
Unsplash (api.unsplash.com) |
Search query / category | Fetch background images for the dashboard |
Open-Meteo (api.open-meteo.com) |
Latitude & longitude | Fetch current weather data. No API key, no account. |
Open-Meteo Geocoding (geocoding-api.open-meteo.com) |
City name search string | Resolve a typed city name to coordinates for weather |
Nominatim / OpenStreetMap (nominatim.openstreetmap.org) |
Latitude & longitude | Reverse-geocode coordinates to a human-readable city name |
| ipapi.co | Your IP address (implicit) | IP-based location fallback - only used if browser geolocation is denied or unavailable |
Quotable (api.quotable.io) |
Nothing | Fetch an inspirational quote. No personal data involved. |
Yahoo Finance (query1/query2.finance.yahoo.com) |
Stock ticker symbols you added | Fetch real-time stock prices for the Finance widget |
CoinGecko (api.coingecko.com) |
Crypto coin IDs you added | Fetch real-time cryptocurrency prices |
Google Favicons (google.com/s2/favicons) |
Domain name | Fetch favicon icons for quick links |
DuckDuckGo (duckduckgo.com) |
Domain name | Fallback favicon source for quick links |
Each of these services has its own privacy policy. We recommend reviewing them if you have concerns about a specific service.
We do not sell, rent, or share your personal data with any third party for marketing, advertising, or any other commercial purpose. Data is used solely to provide the features you have explicitly enabled in WindoM.
All communication between the extension and our servers uses HTTPS.
OAuth tokens (Google, Spotify) are encrypted at rest using AES-256-GCM with a server-side key.
Passwords are hashed with bcrypt (cost factor 12).
Authentication uses short-lived JWT access tokens (15-minute TTL) and rotating refresh tokens stored as HttpOnly; Secure; SameSite=None cookies.
Refresh token reuse is detected and triggers automatic session revocation.
WindoM is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
We may update this policy as features change. When we do, we will update the "Last updated" date at the top of this page. Continued use of WindoM after a policy update constitutes acceptance of the new policy.
If you have any questions about this policy or want to request data deletion, reach out at yehudabriskman@windom.app.