Privacy Policy

Last updated: August 2, 2025

1. Introduction

This Privacy Policy describes how Cerevolt ("we," "our," or "us") collects, uses, and shares information when you use our browser extension and desktop application (collectively, the "Services"). We are committed to protecting your privacy and ensuring transparency about our data practices.

2. Information We Collect

2.1 Browser Extension

Our browser extension collects the following information:

  • Website Domains: We collect the domain names of websites you visit to determine if they should be blocked or allowed according to your blocking preferences.
  • Tab Information: We access tab URLs and navigation events to enforce blocking rules and manage temporary blocks.
  • Local Storage Data: We store your blocking preferences, whitelisted domains, blocked domains, and temporary blocks locally in your browser using Chrome's storage API.
  • Extension Interaction Data: We log extension usage events such as blocking/unblocking sites and configuration changes for functionality purposes.

2.2 Desktop Application

Our desktop application processes and stores:

  • Authentication Data: JWT tokens, refresh tokens, and user credentials stored locally in ~/.cerevolt/auth.json for platform integration.
  • Work Session Data: Session goals, durations, categories, start/end times, and productivity metrics stored both locally and synchronized with our cloud platform.
  • Website Classification Requests: Domains sent from the browser extension for AI-powered content analysis and blocking decisions, transmitted to our cloud platform for processing.
  • Category and Blocklist Data: User-created productivity categories, custom blocklists, and whitelists synchronized between the desktop app and cloud platform.
  • System Integration Data: Native messaging communication data between the extension and desktop app via Socket.IO connections.
  • Application Monitoring Data: System performance metrics, app usage patterns, and blocking enforcement statistics.
  • Log Files: Detailed operational logs stored locally in ~/.cerevolt/ including authentication events, API requests, and system operations.

2.3 Cloud Platform (Supabase Database)

Our cloud platform stores comprehensive user data including:

  • User Account Data: Email addresses, subscription status, subscription plans, and Stripe customer/subscription IDs.
  • Work Sessions: Complete work session records including goals, durations, categories, start/end times, and completion status.
  • Productivity Categories: User-created categories with names, descriptions, and associated blocklists and whitelists.
  • Blocklist and Whitelist Items: Website domains, applications, and other items organized by category or session with timestamps.
  • Session-Specific Lists: Dynamic blocklists and whitelists created during specific work sessions.
  • AI Classification Data: Website classification results and AI-generated category suggestions based on user goals.
  • Analytics and Usage Data: Aggregated productivity metrics, session statistics, and usage patterns for dashboard features.

2.4 Web Dashboard

Our web dashboard collects:

  • Authentication Sessions: Login sessions, session tokens, and authentication state via Supabase Auth.
  • Dashboard Interactions: User interactions with analytics, settings, and configuration features.
  • Billing Information: Payment processing data handled securely through Stripe integration.

3. How We Use Information

We use the collected information for the following purposes:

  • Core Functionality: To provide website blocking, content filtering, and productivity management features across all components.
  • AI-Powered Classification: To analyze website content using Google's Gemini AI and automatically categorize sites as productive or distracting based on your work goals.
  • Work Session Management: To create, track, and manage productivity work sessions with custom goals, categories, and time tracking.
  • Personalized Blocking: To maintain your custom blocking lists, whitelists, categories, and temporary blocking settings synchronized across devices.
  • Real-time Synchronization: To sync your preferences, sessions, and blocking lists between the browser extension, desktop app, and web dashboard.
  • Authentication and Security: To provide secure user authentication, session management, and API access using JWT tokens.
  • Analytics and Insights: To generate productivity analytics, session statistics, and usage insights displayed in your personal dashboard.
  • Subscription Management: To manage your account subscriptions, billing, and access to premium features via Stripe integration.
  • Service Communication: To enable real-time communication between the browser extension and desktop application via Socket.IO.
  • Service Improvement: To analyze usage patterns and improve our features while maintaining user privacy.

4. Data Storage and Security

4.1 Local Storage

Certain data is stored locally on your device for performance and offline functionality:

  • Browser Extension: Basic blocking preferences, domain lists, and temporary blocks are stored locally in your browser using Chrome's storage API.
  • Desktop Application: Authentication tokens (JWT and refresh tokens), configuration files, session cache, and operational logs are stored locally in your user directory (~/.cerevolt/).
  • Session Data Cache: Recent work session data is cached locally for offline access and performance optimization.

4.2 Cloud Storage (Supabase)

Comprehensive user data is stored in our secure cloud database for synchronization and advanced features:

  • User Account Data: Email addresses, authentication information, subscription status, and Stripe billing integration.
  • Work Session Records: Complete work session history including goals, durations, categories, timestamps, and completion status.
  • Productivity Categories: User-created categories with descriptions and associated blocking rules.
  • Blocklist and Whitelist Data: All user-defined blocking and allowing rules, organized by categories and sessions.
  • AI Classification Results: Website classification decisions and AI-generated category suggestions.
  • Analytics Data: Aggregated productivity metrics and usage statistics for dashboard features.
  • Application Monitoring: System performance metrics and usage patterns to improve service quality.

4.3 Data Processing Locations

  • Supabase (Primary Database): User data stored in secure PostgreSQL database with encryption at rest.
  • Google AI (Gemini): Website classification requests processed by Google's AI services for content analysis.
  • Stripe: Payment and subscription data processed through Stripe's secure payment infrastructure.

4.4 Security Measures

  • Encryption: All cloud data is encrypted in transit using HTTPS/TLS and at rest using industry-standard encryption.
  • Authentication: Secure JWT-based authentication with refresh token rotation and proper session management.
  • Access Controls: Row-level security (RLS) policies in Supabase ensure users can only access their own data.
  • API Security: All API endpoints require authentication and use unified authentication handling for multiple access methods.
  • Local Security: Authentication tokens and sensitive data stored locally use secure file permissions and are isolated per user.
  • Third-party Security: We rely on security-audited services (Supabase, Google AI, Stripe) with their own robust security measures.

5. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share information only in the following circumstances:

  • Essential Service Providers: We share data with trusted service providers who help us operate our services:
    • Supabase: User accounts, work sessions, categories, and productivity data for database storage and authentication
    • Google AI (Gemini): Website domains and classification requests for AI-powered content analysis
    • Stripe: Payment information and subscription data for billing and subscription management
  • Inter-Component Communication: Data is shared between your browser extension, desktop application, and web dashboard to provide synchronized functionality.
  • Legal Requirements: When required by law, court order, or government request.
  • Safety and Security: To protect the rights, property, or safety of our users or others.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (with user notification).

Important: All third-party service providers are bound by strict confidentiality agreements and data processing agreements that limit their use of your data to providing services on our behalf.

6. Data Retention

We retain information for different periods based on the type of data and its purpose:

  • Local Extension Data: Retained until you uninstall the extension or clear browser data.
  • Local Desktop Data: Authentication tokens, session cache, and logs retained until you uninstall the application or manually clear data from ~/.cerevolt/
  • Account Information: Retained while your account is active and for 30 days after account deletion to allow for account recovery.
  • Work Session Data: Complete session history retained indefinitely while account is active to provide analytics and historical insights.
  • Category and Blocklist Data: Retained while account is active as these are essential user preferences.
  • AI Classification Results: Cached results retained for performance optimization, automatically cleaned up after 90 days.
  • Analytics Data: Aggregated usage statistics retained for service improvement, automatically anonymized after 1 year.
  • Log Files: Local logs automatically deleted after 30 days; server logs retained for security monitoring for 90 days.
  • Payment Data: Stripe retains payment information according to their data retention policies for regulatory compliance.
  • Temporary Data: Classification requests, temporary blocks, and session tokens are automatically cleaned up based on expiration settings (typically minutes to hours).

7. Your Rights and Choices

You have the following rights regarding your information:

  • Access: You can access your locally stored data through the extension interface and your account data through our web platform.
  • Deletion: You can delete your local data by uninstalling the extension or clearing browser data, and delete your account through our website.
  • Modification: You can modify your blocking preferences, domain lists, and account information at any time.
  • Data Portability: You can export your blocking lists and preferences from the extension interface.
  • Opt-out: You can stop data collection by uninstalling our software.

8. Third-Party Services

Our services integrate with the following third-party providers:

  • Supabase: Database storage, user authentication, and real-time synchronization. Subject to Supabase's privacy policy and data processing agreements.
  • Google AI (Gemini): AI-powered website classification based on user work goals. Subject to Google's AI/ML services privacy policies.
  • Stripe: Payment processing, subscription management, and billing. Subject to Stripe's privacy policy and PCI DSS compliance.
  • Browser APIs: We use standard browser APIs (tabs, storage, webNavigation, nativeMessaging) as documented in our extension manifest.
  • Socket.IO: Real-time communication between browser extension and desktop application for synchronized blocking enforcement.

We carefully vet our third-party providers and ensure they meet appropriate privacy and security standards. Each provider is bound by data processing agreements that limit their use of your data to providing services on our behalf.

Data Minimization: We only share the minimum necessary data with each third-party provider to deliver the specific functionality they support.

9. Children's Privacy

Our services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we learn that we have collected personal information from a child under 13, we will delete such information promptly.

10. International Data Transfers

Our services are operated from the United States. If you are accessing our services from outside the United States, your information may be transferred to, stored, and processed in the United States. We ensure appropriate safeguards are in place for such transfers.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically for any changes.

12. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us at:

  • Email: team.cerevolt@gmail.com
  • Website: https://cerevolt.com