Privacy Policy

What History Sync is

History Sync is a Chrome extension plus a hosted server that captures pages you dwell on, stores them in your account, and exposes the captured history to your AI agents over MCP (Model Context Protocol). It is operated as a personal alpha by a single individual; there is no company, no analytics vendor, and no advertising.

What we collect

• Page captures. For every tab you spend 10+ seconds on (with the window focused, not idle, not incognito, not a chrome:// page), the extension records: full URL, page title, basic page metadata (description, OpenGraph fields where present), the timestamp you visited, and how long you dwelled.
• Account info. Your Google email and Google account ID, used solely to identify you between the extension and the server.
• Connected agent grants. When you authorize an MCP client (Claude, Cursor, etc.) to read your history, we store the client's registered name and callback URL via Stytch Connected Apps.
• Disallow rules. Patterns you mark as blocked are stored against your account and applied retroactively + going forward.

What we do NOT collect

• Incognito browsing (the extension declares incognito: not_allowed)
• chrome://, chrome-extension://, and other privileged URLs (filtered at capture time)
• Form contents, passwords, cookies, or any page-body text beyond title + metadata
• Tabs you don't dwell on for 10+ seconds
• Anything from sites matching your disallow patterns

Where it goes

• Server: Vercel (US), running a Next.js app at history-sync.vercel.app.
• Database: Neon Postgres (US), reached only by the Vercel app.
• Auth: Google OIDC for the web app sign-in. Stytch Connected Apps handles MCP client OAuth tokens (no client secrets are stored on our server).
• No analytics, telemetry, ad networks, or third-party trackers embedded in the extension or web app.

Data at rest is stored in plaintext (no client-side or server-side encryption beyond what the cloud provider applies at disk level). End-to-end encryption is a stated non-goal for the alpha — only install if you trust the single operator with the data you would otherwise leave in Google Chrome's built-in history.

Who can see your data

• You, signed in to the web dashboard.
• MCP clients you explicitly authorize via the Connected Agents page. Each client gets a scoped token; revoking the client immediately invalidates its access on next call.
• The single operator of the server (incidental, for operational reasons — e.g., debugging a failed sync). No routine inspection.

We do not sell, rent, share, or transfer your data to anyone else, ever, for any purpose.

How to delete your data

• Stop capturing: open the extension popup and toggle “Capturing new pages” off. The queue is cleared and no new entries are sent.
• Delete specific entries: add a disallow pattern matching the host you want removed — already-synced entries are deleted retroactively on the server within seconds.
• Delete everything: email the operator at asaf.atzmon@gmail.com with the Google account you used to sign in, and your row + history will be fully removed from the database within 7 days.
• Uninstall the extension to stop capture immediately. Server-side data remains until you request deletion as above.

Changes

This policy changes when the product changes. Any time we expand what is collected, change where it's stored, or share with a new party, this page will be updated and the “Last updated” date above will move. If you signed up before the change, you keep the privacy guarantees of the version in force when you signed up unless you opt in to the new terms.

Contact

Questions, deletion requests, or anything else: asaf.atzmon@gmail.com