Privacy Policy
What data we collect
1. Text you choose to analyze
When you highlight text on a webpage and trigger TOK Lens, that selected text is sent to our backend server for AI analysis via Google Gemini. We do not store analyzed text beyond what you explicitly save to your Evidence Vault. Text is processed transiently and discarded after the response is returned.
2. Account information (if you sign in with Google)
If you choose to sign in, we receive your Google account email address, display name, and profile photo URL via OAuth. We store these in Firebase Firestore to:
- Track your subscription tier (Free or Premium)
- Maintain your credit balance
- Provide support if you contact us
We never receive or store your Google password.
3. Evidence Vault clips
Text clips you save to the Evidence Vault are stored locally in your browser via chrome.storage.local. They are not synced to our servers unless you use the Google Docs export feature, which writes directly to your own Google account.
4. Payment information
Payments are processed by Stripe. We never see or store your credit card number. Stripe provides us with a customer ID and subscription status only.
5. Anonymous usage statistics
We collect aggregated, anonymous event counts using a randomly generated, non-linked ID. This data cannot be linked back to you or your Google account.
What we do not collect NEVER
- Your browsing history or visited URLs
- Passwords or any credentials
- Text from pages you have not explicitly selected and analyzed
- Any data from private/incognito windows
- Device fingerprint, precise location, or IP address
- Analytics or tracking cookies
How we use your data
- To provide the service — AI analysis of selected text via Google Gemini
- To manage your account — track tier, credits, and subscription status
- To process payments — via Stripe (subscriptions and credit packs)
- To improve the service — aggregated, anonymous usage statistics only
We do not sell, rent, or share your personal data with third parties for marketing.
Third-party services
- Google Gemini AI — processes your selected text. Subject to Google AI terms.
- Firebase / Firestore — stores account data. Subject to Firebase privacy policy.
- Stripe — handles payments. Subject to Stripe privacy policy.
- Vercel — hosts our API. Subject to Vercel privacy policy.
- Google OAuth — handles sign-in. Subject to Google privacy policy.
Data storage and retention
Account data is stored in Firebase Firestore (Google Cloud infrastructure). Evidence Vault clips are stored locally in your browser and never leave your device unless you explicitly export them to Google Docs.
We retain account data for as long as your account is active. If you request account deletion, all Firestore data is deleted within 30 days.
GDPR & COPPA compliance
GDPR (EU/UK users): You have the right to access, correct, or delete your personal data at any time. Email privacy@toklens.com to exercise these rights. We will respond within 30 days.
COPPA (users under 13): TOK Lens is designed for IB students (typically 16–19 years old). We do not knowingly collect data from children under 13.
How to delete your data
Delete local Evidence Vault clips
- Open the TOK Lens sidebar and delete clips individually, or
- Go to
chrome://extensions→ TOK Lens → “Clear site data”
Delete your account (Firestore data)
- Email privacy@toklens.com with subject “Delete my TOK Lens account”
- We will confirm deletion within 30 days
Cancel your subscription
- Open the TOK Lens popup → Pricing page → “Cancel subscription”
Security
All data is transmitted over HTTPS. Firebase Firestore access is controlled by security rules that ensure users can only access their own data. Stripe handles all payment data in a PCI-DSS compliant environment.
Changes to this policy
We may update this policy as the product evolves. Significant changes will be announced in the Chrome Web Store update notes.
Contact us
For privacy questions, data requests, or GDPR enquiries:
privacy@toklens.com