◆ HighlightIQ

Privacy Policy

Effective Date: March 14, 2026 | Last Updated: March 14, 2026

      Our Core Promise: We do not sell, share, rent, or trade your personal data or highlighted content to any third parties. We do not use your data to train any AI models or large language models (LLMs). Your data belongs to you, period.
    

1. Introduction

HighlightIQ ("we," "our," or "us") is a browser extension that enables you to highlight, annotate, tag, and organize text across websites. This Privacy Policy explains how we collect, use, store, and protect your information when you use HighlightIQ (the "Service").

By installing and using HighlightIQ, you agree to the practices described in this Privacy Policy. If you do not agree with this policy, please uninstall the extension.

2. Information We Collect

2.1 Information You Provide

Highlighted text and annotations: Text you highlight on web pages, notes you add, and tags you create.
Page metadata: URLs and page titles of pages where you create highlights, used solely to organize and display your highlights.
Google account information (optional): If you choose to sign in with Google, we receive your name, email address, and profile picture from Google OAuth 2.0. This is used only for authentication and account identification.
Feedback: Messages you voluntarily submit through the feedback feature.

2.2 Automatically Collected Information

Anonymous installation ID: A randomly generated UUID created at installation, used to identify your data on our sync server. This ID is not linked to your real identity unless you sign in with Google.
Extension version: The version number of HighlightIQ you are running.

2.3 Information We Do NOT Collect

We do not collect your browsing history.
We do not collect data from pages where you do not actively create highlights.
We do not use cookies, tracking pixels, or any analytics or advertising trackers.
We do not collect keystroke data, form inputs, or passwords.
We do not collect device fingerprints or IP-based geolocation data for profiling.

3. How We Use Your Information

We use the information we collect exclusively for the following purposes:

Providing the Service: Storing, syncing, restoring, and displaying your highlights across your devices.
Authentication: Verifying your identity when you sign in with Google to enable cross-device sync.
AI Define feature: When you use the "Define" feature, the selected text and surrounding context are sent to our server to generate a contextual definition. This data is processed in real time and is not stored after the response is returned.
Service improvement: Aggregate, non-identifying statistics (e.g., total number of highlights across all users) may be used to improve the Service. Individual highlight content is never reviewed or analyzed.

      No AI Training: Your highlighted text, annotations, tags, and any other user-generated content are never used to train, fine-tune, or improve any artificial intelligence model, machine learning system, or large language model (LLM). This applies to both our own systems and any third-party systems.
    

4. Data Storage and Security

4.1 Local Storage

All your highlights, annotations, and tags are stored locally on your device using Chrome's encrypted storage API (chrome.storage.local). Your data is encrypted at rest using AES-GCM encryption before being written to local storage.

4.2 Server-Side Storage

When you are signed in and sync is enabled, your data is transmitted to our servers over HTTPS (TLS 1.2+) and stored in a secure database. Server-side security measures include:

All API requests are signed with HMAC-SHA256 to prevent tampering.
Data is stored in an encrypted database with access controls.
Server infrastructure is hosted on secure, reputable cloud providers.
Access to production data is restricted to essential personnel only.

4.3 Data Retention

Your data is retained for as long as your account is active.
Deleted highlights are moved to a local trash folder and permanently purged after 30 days.
If you delete your account, all data associated with your account is permanently deleted from our servers within 30 days.

5. Data Sharing and Third Parties

      We do NOT sell your data. We do not share, rent, lease, or trade your personal information or user-generated content with any third party for marketing, advertising, analytics, or any other commercial purpose.
    

We may share limited data only in the following circumstances:

Google OAuth: When you sign in, authentication tokens are exchanged with Google's servers solely for identity verification. Google's use of this data is governed by Google's Privacy Policy.
AI Define (third-party AI provider): When you use the AI Define feature, the selected text snippet (not your full highlights database) is sent to an AI provider for processing. This data is transmitted securely and is not retained by the provider after generating the response.
Legal obligations: We may disclose information if required by law, regulation, legal process, or enforceable governmental request.

6. Your Rights and Controls

You have full control over your data at all times:

Access: You can view all your highlights, annotations, and tags within the extension at any time.
Export: You can export all your data in JSON, TXT, or clipboard format at any time.
Delete individual items: You can delete any highlight, annotation, or tag at any time.
Delete all data: You can use the "Delete Account" feature in Settings to permanently delete all your data from our servers.
Uninstall: Uninstalling the extension removes all locally stored data. To also remove server-side data, use the "Delete Account" feature before uninstalling.
Sign out: You can sign out at any time to stop syncing data to the server. Your existing server-side data remains until you explicitly delete it.

7. Children's Privacy

HighlightIQ is not intended for use by children under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will take steps to delete such information promptly.

8. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure that appropriate safeguards are in place to protect your data in compliance with applicable data protection laws, including the GDPR (for EU/EEA users) and CCPA (for California residents).

9. Compliance with Laws and Regulations

We are committed to complying with applicable privacy and data protection laws, including but not limited to:

GDPR (General Data Protection Regulation) — EU/EEA
CCPA/CPRA (California Consumer Privacy Act / California Privacy Rights Act) — California, USA
PIPEDA (Personal Information Protection and Electronic Documents Act) — Canada
IT Act, 2000 and DPDP Act, 2023 — India
Chrome Web Store Developer Program Policies

If you are a resident of the EU/EEA, you have additional rights under GDPR, including the right to access, rectification, erasure, restriction of processing, data portability, and the right to object. To exercise these rights, please contact us at the email address below.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page and, for significant changes, may notify you through the extension. Your continued use of HighlightIQ after any changes constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your data, please contact us:

Email: privacy@enigmaxtech.com
Website: https://enigmaxtech.com

We will respond to all legitimate requests within 30 days.