Privacy Policy

Last updated: 2025-10-20

1. Introduction

Omnipost helps you move content from Notion to Substack quickly while preserving formatting. This policy explains what data we process across the Omnipost web app (Next.js) and the Chrome extension, how we use it, and your choices.

2. Scope

This policy applies to: (a) the Omnipost website and dashboard hosted at https://omnipost.dev, and (b) the Omnipost Chrome extension distributed through the Chrome Web Store.

3. Data We Process

  • Account data: Email address for authentication via Supabase.
  • Integration tokens: Your Notion access token, stored in our database to fetch your page blocks when you explicitly request a conversion.
  • Diagnostics (copy logs): Minimal metadata about conversions (e.g., user ID, page ID, block count/length, processing duration, error messages). No page content is stored in these logs.

What we do NOT collect

  • Browsing history
  • Full Notion page contents for analytics or advertising
  • Precise location, advertising identifiers

4. How We Use Data

  • Authenticate users and maintain sessions (Supabase Auth).
  • Connect your Notion account and fetch page blocks on demand.
  • Generate Substack‑friendly HTML and Markdown for pasting.
  • Improve reliability with anonymized/aggregated diagnostics.

5. Browser Permissions (Extension)

  • activeTab: Read the current Notion tab URL to extract a page ID when you click “Copy”. We do not read the page body.
  • clipboardWrite: Copy the converted HTML/text to your clipboard on button click.
  • Host permissions: https://www.notion.so/* (extract page ID), https://omnipost.dev/* (authenticate and call APIs).
  • Remote code: We do not evaluate remote code. The extension runs bundled scripts and only receives data (JSON/HTML) from our API for pasting.

6. Storage & Retention

  • Auth/profile/connection tokens are stored in Supabase and removed when you delete your account.
  • Diagnostic logs are retained for a limited period (e.g., 90 days) to troubleshoot quality issues, then purged per policy.

7. Sharing & Selling

We do not sell your data. We do not share data for advertising. Service providers (e.g., Supabase) process data under our instructions to deliver authentication and storage.

8. Security

  • TLS in transit; Supabase storage with Row‑Level Security (RLS).
  • Least‑privilege, environment separation, and audit logging for diagnostics.

9. Your Choices

  • Disconnect Notion anytime from the dashboard.
  • Request account/data deletion via the contact below.

10. Cookies

We use cookies to maintain sessions and provide secure authentication in the web app.

11. Children’s Privacy

Omnipost is not intended for children under 13. We do not knowingly collect information from children.

12. Changes to This Policy

We may update this policy as our product evolves. Material changes will be posted on this page with an updated date.

13. Contact

If you have questions or requests about this policy, contact us at kimrotti6239@gmail.com.