Last updated: 4 July 2026
Anchored Notes is a browser extension that lets you attach sticky notes to web pages, sites, and tabs. This policy explains what data the extension handles, why, where it is stored, and how to have it deleted. The data controller is Anchored Notes.
| Data | Purpose |
|---|---|
| Your Google account email | Identifying your account so notes sync to you and only you. Collected via Google OAuth sign-in when you choose to sign in. |
| Note content | The text you type into your notes, stored so it can sync across your devices. Content is encrypted on your device (AES-256-GCM) before upload; our servers store only the encrypted form. See “Encryption” below. |
| Note metadata | The page URL, site, or tab a note is anchored to, plus timestamps, so each note reappears in the right place. |
We do not collect browsing history, analytics, advertising identifiers, or any data from pages you visit beyond the notes you explicitly create. If you never sign in, your notes stay in your browser's local storage and are never sent to our servers.
Note content never leaves your device in readable form: it is encrypted in the extension with AES-256-GCM before syncing, and decrypted only on your devices. The encryption key is derived (PBKDF2) on your device and is never sent to our servers.
By default the key is derived automatically from your account identifier, so encryption works without any setup. For stronger protection you can set a personal encryption password in the extension's options: your notes then become end-to-end encrypted — we have no way to read them. This also means we cannot recover your synced notes if you forget that password.
Note metadata (the anchored page URL or site, position, color, and timestamps) is not encrypted, because the sync service needs it to deliver each note to the right place.
Authentication and note records are stored in our PocketBase instance and
mediated by the anchored-notes-backend service, both hosted
under puhulab.com. Data is transmitted over HTTPS.
Your data is used solely to provide the sync feature: authenticating you and storing/retrieving your own notes. We do not sell your data, share it with third parties, or use it for advertising.
Notes and account data are retained until you delete them. You can delete individual notes at any time from the extension. To delete your entire account and all associated notes, email [email protected] from the address tied to your account, or use the in-app account-deletion action where available. We will action verified deletion requests promptly.
The extension requests the identity permission for Google
sign-in and host access to place notes on the pages you visit. These
permissions are used only to deliver the features described above.
Questions about this policy or your data: [email protected].