Privacy Policy

Last updated: 2026-05-01

Readback is a Chrome extension that helps you find things you've already read. It captures readable text from pages you spend real time on, indexes them on your own machine, and lets you search and ask questions across your reading. This document explains, in plain English, what stays on your computer, what leaves it, and what we never see at all.

We wrote this so you can read it once and understand it. If anything is unclear, email us at support@getreadback.com.

What we collect and where it lives

Readback captures the readable text of web pages you actually read. "Actually read" means a page passed all three engagement gates: at least 25 seconds of dwell time, at least 25% scroll, and at least 1,500 characters of body text. Pages that don't pass these gates are ignored. You can also manually save a page we missed using Alt+Shift+M, the right-click menu, or the sidebar button.

Every captured page is stored locally on your computer, inside Chrome's extension storage. The same is true for the vector embeddings we generate to make semantic search work — those are produced on your machine using a small open-source model (Xenova/all-MiniLM-L6-v2) running through transformers.js inside the extension. The model itself runs in your browser. No page text, no embeddings, and no search queries are transmitted to us during normal capture and search.

If you uninstall Readback, Chrome deletes the local storage and everything in it goes with it.

What we don't capture by default

We maintain a built-in denylist of sites that are sensitive by default and are never captured, even if they pass the engagement gates. This currently includes:

• Email: Gmail, Outlook
• Chat: Slack, Discord, WhatsApp, Telegram
• Social feeds: Twitter/X, Facebook, Instagram, TikTok, Reddit, LinkedIn, YouTube
• Banks and brokerages: Chase, Bank of America, Wells Fargo, Citi, Capital One, Fidelity, Schwab, Vanguard, E*Trade, Robinhood
• Payments: Plaid, PayPal, Venmo, Cash App
• Personal docs: Google Docs, Notion, Figma
• Health: MyChart

You can extend this list. You cannot, currently, shrink it below this default — these categories are off-limits regardless of settings.

What we send to our servers

The only time anything leaves your machine is when you click Ask. When you do, we send:

1. The question you typed.
2. The relevant excerpts ("chunks") from your captured pages that the local search picked as context.

These are sent to a small backend we operate on Vercel, which forwards the request to Anthropic's Claude API to generate the answer. The answer is sent back to you and shown in the extension. We do not store these requests on our servers, and we do not log the content for analytics. They exist on the server only for as long as the request takes to complete.

If you never click Ask, nothing about your reading ever touches our infrastructure.

What we do not collect

• No analytics on what you read, what you search for, or what you capture.
• No location data.
• No advertising identifiers.
• No browsing history beyond the pages you actually engage with, and that history stays on your device.
• No usage tracking that leaves your machine. We keep simple counters locally (e.g., your monthly AI action count, to enforce plan limits), but those counters live in your local storage.

Cookies and tracking

The extension does not set cookies. It does not embed third-party trackers, pixels, or analytics SDKs.

Your rights and controls

• Export: You can export your captured corpus at any time from the extension's settings.
• Delete: You can delete individual pages or wipe the entire local index from settings. Deletion is immediate and local.
• Uninstall: Removing the extension from Chrome deletes all stored data. There is no server-side copy to clean up because there isn't one.
• Pause capture: You can pause capture entirely or per-domain.

Children

Readback is not intended for use by anyone under 13. We don't knowingly collect data from children. If you're a parent and believe a child has installed the extension, uninstalling it will remove the local data.

Future cloud sync

We plan to offer optional cloud sync as a paid feature after the beta. When we do, it will be end-to-end encrypted: your data will be encrypted on your device with a key we never see, so the synced copy is unreadable to us. We'll update this policy before that feature ships, and sync will always be opt-in.

Changes to this policy

If we change this policy, we'll update the "Last updated" date at the top and post the new version at getreadback.com/privacy. For material changes (anything that expands what we collect or send), we'll notify you in the extension before the change takes effect.

Contact

Questions, concerns, or requests: support@getreadback.com.

We follow data protection best practices and try to be honest about what we do and don't do. If you spot something in this policy that doesn't match how the extension actually behaves, please tell us — we'll fix it.