Privacy Policy
This policy describes how SprintBrain collects, uses, and protects information when you use our Chrome Extension and web application at sprintbrain.com.
01 Overview
SprintBrain is a text-snippet expansion tool that operates primarily on your local device. We are committed to data minimization: the extension stores your snippet library locally using Chrome's sandboxed storage APIs and only transmits data when you explicitly trigger a synchronization.
Key principle: SprintBrain does not monitor your browsing activity, does not read page content passively, and does not sell or share your personal data with any third party for advertising or commercial purposes.
02 Data Controller
Product name: SprintBrain
Data controller: Alessandro Verdicchio
Operating as: Self-employed individual (libero professionista), Italy
Registered address: Via San Francesco d'Assisi, 154, Maddaloni (CE), 81024, Italy
Contact: sprintbrainapp@gmail.com
As the data controller, Alessandro Verdicchio is responsible for the lawful processing of your personal data in compliance with Regulation (EU) 2016/679 (GDPR) and the Italian Legislative Decree 196/2003 (Codice Privacy) as amended by D.Lgs. 101/2018.
03 Extension Permissions
The SprintBrain Chrome Extension declares the following manifest permissions. Each is used exclusively for the stated purpose — no permission is used beyond its declared scope.
| Permission | Purpose | Data accessed |
|---|---|---|
| storage | Persist your snippet library, settings, and Notion sync configuration between browser sessions | Your snippet data and config, stored locally in chrome.storage.local only — never synced to external servers |
| activeTab | Inject the snippet expansion script into the active tab when you invoke a shortcut | Current tab context at the moment of invocation; no page content is read passively |
| contextMenus | Add a right-click menu entry to insert snippets into editable fields | Selected text, only when you right-click and choose a SprintBrain action |
| scripting | Execute snippet expansion into editable DOM fields on the active page | The target editable element only; no surrounding page content is read |
04 Data Collected
A. Data you provide directly
- Snippets and templates — the shortcut triggers and expansion text you create and store.
- Account credentials — your email address and hashed password used to authenticate with Supabase. Passwords are never stored in plain text.
- Notion integration token — if you connect Notion, your personal integration token and database ID are stored encrypted in
chrome.storage.localon your device only.
B. Data collected automatically
- Extension version identifier — used for compatibility verification during Notion sync operations.
- Sync timestamps — the last successful Notion sync time, stored locally on your device.
- Error logs — technical error messages written to the extension's internal log for debugging; these do not contain personal data or browsing history.
C. Data we do NOT collect
- Your browsing history or visited URLs.
- Content of web pages you visit.
- Keystrokes outside of explicit SprintBrain snippet trigger invocations.
- Device identifiers, IP address, or geographic location.
- Any data transmitted to AI or machine learning systems (no AI integration is currently active).
05 Processing Purpose
All data processing is initiated solely via your explicit user action — invoking a keyboard shortcut, selecting a context menu option, clicking a button in the extension popup, or triggering a Notion sync. SprintBrain runs no background processes that read or transmit data without your knowledge.
Specific processing purposes:
- Snippet expansion — matching your typed trigger against the local library and inserting the expansion into the active field.
- Notion synchronization — when you trigger a sync, your snippet library is fetched from your designated Notion database using your personal integration token and written to
chrome.storage.local. - Authentication — your email and password are transmitted over HTTPS to Supabase to verify your identity and retrieve your account configuration.
The legal basis for processing under GDPR is performance of a contract (Art. 6(1)(b)) for service delivery, and legitimate interests (Art. 6(1)(f)) for error logging and security.
06 Data Storage Architecture
The extension uses chrome.storage.local exclusively — never chrome.storage.sync — for all local data including credentials, snippets, and configuration. Your data is stored only within your local Chrome profile and is never transmitted to Google's sync servers.
Account data (email address, session tokens, subscription status) is stored on Supabase infrastructure within the European Economic Area (EEA). Supabase encrypts data at rest (AES-256) and in transit (TLS 1.3).
No snippet content is stored on SprintBrain's own servers. Alessandro Verdicchio does not operate independent server infrastructure for this product.
07 Third-Party Services
SprintBrain currently integrates with the following two third-party services. Each integration is opt-in and strictly purpose-limited.
Supabase manages user authentication and stores account-level configuration (email address, session token, account preferences). Supabase is GDPR-compliant, operates under a Data Processing Agreement, and hosts EU user data in the eu-central-1 (Frankfurt) region. Privacy policy: supabase.com/privacy.
If you connect your Notion workspace, SprintBrain reads snippet content from your designated Notion database using the Notion API and your personal integration token. This connection is optional, configured by you, and uses only the specific database you designate. SprintBrain does not write data back to Notion. Privacy policy: notion.so/privacy.
Planned future integration: SprintBrain may in the future integrate AI-powered text generation via the Anthropic Claude API. If and when this feature is activated, this Privacy Policy will be updated accordingly and users will be notified before the integration goes live.
08 Data Retention
Local extension data stored in chrome.storage.local is retained on your device until you uninstall the extension or manually clear extension storage via your Chrome settings.
Supabase account data is retained for the duration of your active account plus 30 days following a deletion request. You may request immediate deletion at any time by contacting us (see Your Rights below).
09 Your Rights
Under GDPR (EU/EEA residents) and CCPA (California residents), you have the following rights regarding your personal data:
Request a copy of all personal data we hold about you.
Correct inaccurate or incomplete personal data.
Request deletion of your personal data ("right to be forgotten").
Receive your data in a structured, machine-readable format.
Object to processing activities based on legitimate interests.
Request that we limit how we process your data in specific circumstances.
To exercise any of these rights, contact Alessandro Verdicchio at sprintbrainapp@gmail.com. We will respond within 30 days. California residents: we do not sell personal data. EU residents have the right to lodge a complaint with the Italian data protection authority: Garante per la protezione dei dati personali.
10 Children's Privacy
SprintBrain is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us immediately at sprintbrainapp@gmail.com and we will delete it without delay.
11 Policy Changes
We may update this Privacy Policy to reflect changes in our data practices, new integrations (such as future AI features), or legal requirements. When we make material changes, we will update the "Last Updated" date at the top of this page and notify registered users by email at least 14 days before the changes take effect.
12 Contact
Alessandro Verdicchio — Data Controller, SprintBrain
Email: sprintbrainapp@gmail.com
Address: Via San Francesco d'Assisi, 154, Maddaloni (CE), 81024, Italy