Effective Date: January 14, 2026
Last Updated: July 10, 2026
1. Introduction
Welcome to Readdit Later, a Chrome extension designed to help you save, organize, and enhance your Reddit experience.
This Privacy Policy explains how we collect, use, store, and protect your information when you use our extension and its features.
Transparency First: Readdit Later uses both local browser storage and secure server storage.
This policy clearly explains what data is stored where, why we store it, and how you can control or delete it at any time.
2.1 Account Information
When you use Readdit Later, we collect:
- Email Address: Used for subscription management and account recovery
- Reddit Username: To identify your account and enable cross-device data sync
- OAuth Tokens: Access and refresh tokens for Reddit API authentication (stored locally only)
2.2 Reddit Content
We access and process:
- Saved Posts: Titles, content, URLs, subreddit names, scores, and metadata
- User Labels: AI-generated or custom labels you assign to posts
- Personal Notes: Notes you add to saved posts
- Read Status: Which posts you have marked as read or unread
2.3 Subscription Information
- Subscription status, tier, and expiration dates
- Payment provider IDs (Dodo Payments customer/subscription IDs)
- Trial usage tracking
- First installation date
2.4 Usage Analytics (First-Party Only)
To understand which features are used and improve the product, the extension sends feature-usage events
(for example, which feature was opened and when) to our own server, associated with your Reddit username.
These events describe how you use the extension — they do not include the content of your saved posts, notes,
or searches. We do not use any third-party analytics or tracking services (no Google Analytics, no external trackers).
2.5 What We Do NOT Collect
- Your Reddit password or login credentials
- Private messages or direct communications
- Posts you have not explicitly saved
- Your browsing history outside of Reddit
- Location data or device fingerprinting
- Credit card or payment information (handled by Dodo Payments)
3. Server-Side Data Storage
Important: Server Storage Disclosure
Unlike purely local extensions, Readdit Later stores certain data on our secure servers (Supabase)
to enable premium features like cross-device sync and persistent data storage.
3.1 What Data is Stored on Our Servers
The following data is stored in our Supabase database:
User Accounts Table:
- Email address (unique identifier)
- Reddit username (for cross-device sync)
- Subscription status, tier, and expiration dates
- Dodo Payments customer and subscription IDs
- Trial usage tracking (whether trial was used)
- Account creation and update timestamps
- First installation date
User Labels Table:
- Reddit username (to link labels to your account)
- Reddit post IDs
- AI-generated or custom labels (stored as JSON array)
- Creation and update timestamps
User Notes Table:
- Reddit username
- Reddit post IDs
- Your personal notes for each post
- Creation and update timestamps
User Read Status Table:
- Reddit username
- Reddit post IDs
- Read/unread status (boolean)
- Creation and update timestamps
Usage Analytics Table:
- Reddit username
- Feature-usage event names and timestamps
- No saved-post content, notes, or search queries
AI Tools Sync Table (opt-in only):
- Randomly generated token (not linked to your Reddit identity)
- Post titles, subreddits, authors, URLs, and scores
- Labels, notes, and read status
- Post text content (truncated to 2,000 characters)
- Collection names and post assignments
- Last sync timestamp
3.2 Why We Store Data on Servers
Server storage enables:
- Cross-Device Sync: Access your labels, notes, and read status across multiple browsers and computers
- Data Persistence: Retain your organization data even if you reinstall the extension
- Account Recovery: Automatically restore your data when signing in with your Reddit username
- Subscription Management: Verify premium features and manage billing
3.3 What is NOT Stored on Servers
These remain local to your browser only:
- Reddit OAuth tokens (access/refresh tokens)
- Cached Reddit posts content (unless you opt in to AI Tools sync, described in Section 4)
- Extension settings and preferences
- AI embeddings cache
- Local search history
Readdit Later supports MCP (Model Context Protocol), an open standard that lets AI assistants connect to
external tools. There are two separate ways to connect your saves to AI tools, with very
different privacy characteristics: a remote connector (uses our server, opt-in sync) and a
local MCP server (runs entirely on your own computer, no server involved).
Opt-in Feature: The remote AI Tools sync feature is entirely optional. No data is synced to the server
until you explicitly enable it by clicking "Enable AI Tools Access" in the extension.
4.1 Remote Connector — What It Does
The remote connector lets AI tools that support remote MCP servers — such as Claude (web, desktop, and mobile)
via custom connectors — search and read your saves from anywhere. When enabled, the extension periodically
syncs a lightweight copy of your saved posts to our server so these AI tools can access them on your behalf.
4.2 How It Works
- You click "Enable AI Tools Access" in the extension settings
- A randomly generated token is created locally (not linked to your Reddit username or email)
- The extension syncs your post metadata to our server every 5 minutes
- You copy a unique URL and paste it into your AI tool's configuration
- The AI tool connects to our server using that URL to read your saves
4.3 What Data is Synced
When remote AI Tools sync is enabled, the following data is sent to our server:
- Post titles, subreddit names, author names, URLs, and scores
- Post text content, truncated to a maximum of 2,000 characters
- Your labels, notes, and read/unread status
- Collection names and which posts belong to them
Your Reddit username, email address, and OAuth tokens are never included in the sync.
4.4 Data Security
- Encrypted in transit: All sync data is transmitted over HTTPS/TLS
- Encrypted at rest: Server data is stored on Supabase (AWS infrastructure with encryption at rest)
- Anonymous token: Your sync token is randomly generated and cannot be traced back to your Reddit account
- Read-only access: AI tools connecting through the remote URL can only read your data; they cannot modify, delete, or write to your extension. (The local MCP server, described in Section 4.7, supports read-write actions — on your own machine only.)
4.5 Data Retention and Auto-Deletion
- Synced data that has not been updated in 30 days is automatically and permanently deleted from the server
- A weekly automated cleanup runs to enforce this retention policy
- If you stop using the extension, your synced data will be removed within 30 days without any action required
4.6 Disconnect and Delete
You can disconnect from AI Tools at any time by clicking "Disconnect and delete server data" in the extension.
This immediately and permanently deletes all your synced data from the server, revokes the sync token,
and stops all future data syncing. No residual data remains on the server after disconnection.
4.7 Local MCP Server (No Server Involved)
Separately from the remote connector, Readdit Later offers a local MCP server
(npx readdit-later-mcp) for AI tools that run on your computer, such as Claude Desktop and Cursor.
- Runs entirely on your machine: The local server connects to the extension through a local
connection on your own computer (127.0.0.1). Your data is read directly from your browser and is never
sent to our servers or any external service through this connection.
- Read-write by design: Unlike the remote connector, the local MCP server can also act on your
library when your AI tool requests it — applying labels, managing collections, adding notes, marking posts
read, deleting posts from your library, and exporting to CSV or Markdown. These actions run locally and only
when you ask your AI tool to perform them.
- Fully under your control: Stop the local server or close your AI tool at any time to end access.
Nothing persists outside your own machine.
5. AI Features and Data Processing
AI Features Information: Our AI-powered features process your post content
to provide summaries, sentiment analysis, and auto-labeling. Post content is sent to our server
and then to AI providers (OpenRouter/OpenAI) for processing.
5.1 AI-Powered Features
- AI Summaries: Automatic post summarization using GPT-4o-mini
- Sentiment Analysis: Emotion and tone detection
- Auto-Labeling: Automatic categorization
- Natural Language Search: Semantic search using embeddings
- Subreddit Analysis: Community insights
- AI Chat Agent: Conversational assistant for searching, organizing, and managing saved posts using Anthropic's Claude model
5.2 AI Data Flow
When you use AI features:
- Post content is sent from your browser to our server (reddit-later-server.vercel.app)
- Our server sanitizes and processes the request
- Content is sent to OpenRouter API (using OpenAI's GPT-4o-mini model)
- AI response is returned through our server to your browser
- No data is permanently stored by AI providers or our processing server
5.3 Data Minimization
To protect your privacy:
- Long posts are truncated (max 2000-4000 characters depending on feature)
- Personal identifiers are removed when possible
- Only necessary context is sent (title, subreddit, content)
- Your Reddit username is sent to our server for credit tracking and subscription verification, but is not forwarded to third-party AI providers
5.4 AI Chat History
Conversations with the AI Chat Agent are temporarily stored in your browser's local storage for up to 24 hours to maintain chat continuity.
This data is automatically deleted after 24 hours or when you clear the chat history. It is never sent to our servers for storage.
6. How We Use Your Information
6.1 Core Extension Functions
- Display and organize your saved Reddit posts
- Synchronize labels, notes, and read status across devices
- Provide search and filtering capabilities
- Manage subscription and premium features
6.2 Subscription Management
- Verify premium subscription status
- Process trial activations
- Handle subscription renewals and cancellations
- Link accounts for automatic restoration after reinstall
6.3 AI Enhancement
- Generate summaries of lengthy posts
- Analyze sentiment and emotional tone
- Automatically categorize and label posts
- Provide semantic search capabilities
6.4 Product Improvement
- Analyze first-party feature-usage events to understand which features are valuable
- Identify and fix errors and performance issues
7. Third-Party Services
7.1 Reddit
We interact with Reddit in two ways:
OAuth 2.0 Authentication
- Used to verify your Reddit identity and link your account
- Enables background sync when you are not actively browsing Reddit
- OAuth tokens are stored locally in your browser only and never sent to our servers
Browser-Native Capture
- When you visit your Reddit saved posts page, the extension reads the data your browser already loads — no separate API calls are made to Reddit on your behalf
- The extension automatically scrolls your saved posts page to capture your full history, including posts beyond Reddit's 1,000-item display limit
- This method uses your existing logged-in browser session and is functionally equivalent to you manually scrolling through your saved posts
- No additional Reddit credentials or API keys are required for this feature
All Reddit interactions are governed by Reddit's Privacy Policy.
7.2 Supabase (Database Storage)
We use Supabase for secure database storage:
- PostgreSQL database for user accounts and synced data
- Encrypted connections (HTTPS/TLS)
- Row-level security policies
- Regular automated backups
Governed by Supabase's Privacy Policy.
7.3 AI Services
- OpenRouter API: Gateway for accessing AI models
- OpenAI (GPT-4o-mini): Text analysis, summarization, and generation
- Anthropic (Claude): AI Chat Agent conversations and tool-assisted post management
- Processing: Via our secure server (reddit-later-server.vercel.app)
Governed by OpenAI's Privacy Policy and Anthropic's Privacy Policy.
7.4 Payment Processing
- Dodo Payments: Handles all payment processing
- We never see or store your credit card information
- We only receive customer/subscription IDs for verification
7.5 Notion Integration (Optional)
If you enable Notion integration:
- OAuth authentication with Notion required
- Data exported directly from your browser to Notion
- No data passes through our servers during export
- Revocable through Notion's integration settings
7.6 Crisp (Support Chat, Optional)
The extension dashboard includes an optional support chat provided by Crisp, loaded as an embedded frame.
It is only active when you open the chat panel. Any information you type into the support chat is processed by Crisp
and governed by Crisp's Privacy Policy.
We do not send your saved posts, labels, or notes to Crisp.
8. Data Storage and Security
8.1 Security Measures
- Encryption in Transit: All data transmission uses HTTPS/TLS
- Database Security: Supabase provides encrypted storage and row-level security
- OAuth 2.0: Secure authentication without password storage
- Content Security Policy: Prevents unauthorized script execution
- Rate Limiting: API request throttling prevents abuse
- Minimal Permissions: Only necessary browser permissions requested
8.2 Data Access Control
- Server access restricted to service roles only
- No manual access to user data without explicit request
- All database operations logged for security auditing
- Regular security updates and monitoring
9. Your Rights and Data Control
9.1 Access Your Data
- View Locally: All stored information accessible through extension interface
- Export Data: Download your labels, notes, and posts in JSON/CSV format
- Server Data: Request complete copy of your server-stored data
9.2 Modify Your Data
- Edit or remove labels and notes at any time
- Change privacy and feature preferences
- Update account email or disconnect Reddit account
- Delete specific posts or categories
9.3 Control Third-Party Access
- Reddit: Revoke extension access via Reddit's authorized apps
- Notion: Disconnect integration through Notion settings
- AI Features: Can be disabled in extension settings
- AI Tools (MCP): Disconnect the remote connector and delete synced data from the extension at any time; stop the local MCP server whenever you choose
10. Data Deletion and Account Removal
Right to Erasure (GDPR Article 17): You have the right to request complete deletion
of all your personal data from our servers at any time, for any reason.
10.1 How to Delete Your Data
You can delete your data in two ways:
Option 1: Through the Extension
- Open Readdit Later extension
- Go to Settings → Privacy & Data
- Click "Delete My Data" button
- Confirm deletion (irreversible action)
- All server-stored data will be permanently deleted within 24 hours
Option 2: Contact Us Directly
- Email: sanjhaiprakash18@gmail.com
- Subject: "Data Deletion Request - Readdit Later"
- Include your Reddit username or email address
- We will process your request within 30 days
10.2 What Gets Deleted
When you delete your data, we permanently remove:
- Your user account record (email, Reddit username)
- All subscription information
- All synced labels, notes, and read status
- All AI Tools (MCP) synced data and tokens
- All usage analytics events linked to your username
- Any server logs containing your identifiable information
10.3 What Remains
- Local Data: Data stored in your browser remains until you uninstall the extension or clear browser data
- Anonymized Analytics: Aggregate usage statistics (no personal identifiers)
- Legal Records: Minimal billing records may be retained for tax/legal compliance (typically 7 years)
10.4 Data Export Before Deletion
Before deleting your data, you can:
- Export all your labels and notes as JSON/CSV
- Download a complete copy of your server-stored data
- Save your data locally or transfer to another service
11. Data Retention
11.1 Active Account Data
- User Accounts: Retained while your subscription is active or for 1 year after cancellation
- Synced Data: Labels, notes, and read status retained indefinitely while account is active
- AI Tools (MCP) Sync Data: Automatically deleted after 30 days without a sync
- Inactive Accounts: Accounts inactive for 2+ years may be deleted after email notification
11.2 Temporary Data
- OAuth Tokens: Stored locally until logout or expiration
- AI Processing: No permanent retention by AI services
- Server Logs: Automatically purged after 30 days
- Cache Data: Cleared periodically based on usage patterns
11.3 Legal Retention
- Financial Records: Subscription payment records retained for 7 years (tax compliance)
- Legal Disputes: Data may be retained if involved in legal proceedings
12. Children's Privacy
Readdit Later is not intended for children under 13 years of age. Since the extension requires a Reddit account,
users must meet Reddit's minimum age requirements (13+ in most jurisdictions, 16+ in some regions).
We do not knowingly collect personal information from children. If you believe we have inadvertently
collected data from a child, please contact us immediately.
13. Policy Updates
We may update this Privacy Policy to reflect:
- Changes in our data practices
- New features or services
- Legal or regulatory requirements
- Industry best practices
13.1 Notification of Changes
- The "Last Updated" date will be revised
- Significant changes highlighted in extension update notes
- In-app notification for material privacy changes
- Email notification for major changes (if email provided)
13.2 Your Consent
- Continued use after updates constitutes acceptance
- Material changes may require explicit re-consent
- You can always request clarification via email
Technical Details
Chrome Permissions Explained
Our extension requests these specific Chrome permissions:
- storage: Store your data and preferences locally
- unlimitedStorage: Allow large save libraries to be cached locally without hitting browser storage caps
- tabs: Open Reddit links and manage extension interface
- alarms: Schedule background synchronization and auto-export
- identity: Handle secure Reddit OAuth authentication
- sidePanel: Display extension interface in Chrome's side panel
- notifications: Show completion notifications for sync and auto-export
- downloads: Save your exported files (CSV, JSON, Markdown, etc.) to your computer
Host Permissions
We request access to these domains:
- https://www.reddit.com/*: Interact with Reddit website
- https://oauth.reddit.com/*: Reddit OAuth authentication
- https://api.reddit.com/*: Access Reddit's API
- https://gql.reddit.com/* and https://gateway.reddit.com/*: Read the saved-posts data Reddit's own interface loads (used by browser-native capture)
- https://reddit-later-server.vercel.app/*: Our server for AI processing and data sync
- https://api.notion.com/*: Optional Notion integration
- https://api.openai.com/*: AI features (via our server)
- https://openrouter.ai/*: Alternative AI models (via our server)
- https://www.redditstatic.com/*: Load Reddit static assets and images
- https://styles.redditmedia.com/*: Load Reddit stylesheets and media
- https://preview.redd.it/*: Display Reddit image previews
- https://i.redd.it/*: Display Reddit-hosted images
- https://imgur.com/* and https://i.imgur.com/*: Display Imgur images embedded in saved posts
- http://127.0.0.1:52849/*: Local connection between the extension and the optional local MCP server — this traffic never leaves your computer
Legal Compliance
GDPR Compliance (European Users)
Under the General Data Protection Regulation (GDPR), you have:
- Right to Access: Request copies of your personal data
- Right to Rectification: Correct inaccurate data
- Right to Erasure: Request deletion of your data
- Right to Restriction: Limit how we process your data
- Right to Data Portability: Receive your data in a structured format
- Right to Object: Object to certain processing activities
CCPA Compliance (California Users)
Under the California Consumer Privacy Act (CCPA), you have:
- Right to Know: What personal information we collect
- Right to Delete: Request deletion of your information
- Right to Opt-Out: Opt out of data "sales" (we do not sell data)
- Right to Non-Discrimination: Equal service regardless of privacy choices
Data Processing Legal Basis
We process your data based on:
- Contract Performance: Providing the extension service and premium features
- Legitimate Interest: Improving service quality and security, including first-party usage analytics
- Consent: AI features, AI Tools (MCP) sync, and optional integrations
- Legal Obligation: Compliance with tax and financial regulations
Transparency Commitment: We believe in complete transparency about data collection.
This policy honestly discloses all data we collect, where it is stored, and how you can control it.
We will never sell your personal data to third parties.
Acknowledgments
By using Readdit Later, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.
Your use of premium features (AI processing, cross-device sync) constitutes consent for the server-side data storage
described in this policy. If you disagree with any part of this policy, you may discontinue use and request data deletion.