Privacy policy
Last updated: 23 May 2026
This policy describes what data CollectionsDock collects, where it lives, and how
to delete it. It applies to the CollectionsDock browser extension and to the sync
service at collectionsdock.postreality.no. CollectionsDock is operated
by Post Reality AS, a company registered in Norway.
The short version. If you only use CollectionsDock locally, nothing leaves your computer. If you sign in with Google to sync, the contents of your collections are stored on our server so other devices you sign into can fetch them. We don't run third-party trackers, advertising, or analytics. You can delete your server data at any time.
1. What data we collect
Locally on your device
Everything you save in CollectionsDock - collections, page URLs, page titles,
favicons, notes, and ordering - is stored in your browser's local extension
storage (chrome.storage.local). This data does not leave your
device unless you choose to sync.
When you sign in with Google (Pro)
To enable sync, the extension uses Google Sign-In to identify your account. We receive and store:
- Your Google account's email address
- Your Google account's display name
- An opaque Google user identifier (the OAuth "sub" claim)
We do not receive your Google password, and we do not have access to anything
else in your Google account (Drive, Mail, Calendar, etc.). The OAuth scopes we
request are openid, email, and profile.
When you sync
The contents of your collections are sent over HTTPS to our server and stored there so other devices you've signed into can fetch them. We do not inspect, mine, or share this data.
When you pay for Pro
Payments are processed by Stripe. We receive a customer identifier and subscription status from Stripe (so we know whether your account is on the Pro tier). We never see your card number or other payment details - those are handled entirely by Stripe under their own privacy policy.
What we don't collect
- Your browsing history
- The content of pages you visit
- Analytics or telemetry from the extension
- Anything via third-party trackers on this website
2. Third parties
CollectionsDock relies on a small number of third parties to function:
- Google - for sign-in and identity verification. See Google's privacy policy.
- Stripe - for payment processing on the Pro tier. See Stripe's privacy policy.
- Hetzner - hosts our sync server in Germany. See Hetzner's privacy policy.
3. Where data is stored
Local extension data lives in your browser, on your device.
Server-side data (sync blob + account info) is stored on a server in Falkenstein, Germany, operated by Hetzner Online GmbH. Connections to it are encrypted in transit with TLS (Let's Encrypt).
4. How long we keep it
Locally: as long as the extension is installed (uninstalling clears local storage).
On our server: while your account is active. If you request deletion (see below), we wipe your sync data within 7 days. If your Pro subscription ends, your data stays available for a 30-day grace period in case you resubscribe, then is deleted.
5. Your rights
You have the right to access, correct, or delete the data we hold about you. You can:
- Access: the contents of your sync are visible inside the extension itself; this is exactly what the server holds.
- Delete server data: request deletion via email. (A "Delete server data" button is on the roadmap; for now email is the path.)
- Uninstall: removing the extension clears local data immediately.
- Withdraw consent: sign out from the extension's options page. Your local data stays; no further sync happens until you sign in again.
EU/EEA users have rights under the GDPR including the right to lodge a complaint with a supervisory authority (in Norway: the Datatilsynet).
6. Security
All connections to our server use HTTPS. The Google ID token you sign in with is verified against Google's published keys on every request - there's no long-lived session token we could leak. Per-IP and per-user rate limits protect against abuse.
7. Cookies
This website (the marketing pages) does not set cookies or use analytics. The extension itself does not use cookies - it uses the browser's extension storage, which is bound to the extension, not to a website.
8. Children
CollectionsDock isn't directed at children under 13 and we don't knowingly collect data from them. If you believe a child has signed up, please contact us.
9. Changes
We may update this policy as the product evolves (e.g. when Pro launches with Stripe). Material changes will be flagged on this page with a clear updated date and, for Pro subscribers, via email.
10. Contact
Questions about this policy or about data we hold about you: extensions@postreality.no.
Data controller: Post Reality AS, Norway.