Privacy Policy

Last updated: February 25, 2026

Overview

Web2MD ("we", "us", "our") provides a browser extension and web application that converts web pages to Markdown format. This privacy policy explains how we collect, use, store, and share your data when you use the Web2MD Chrome extension and the web2md.org website.

Data We Collect

1. Web Page Content (Processed Locally)

When you convert a page, the extension reads the HTML content of the active tab to generate Markdown. For PRO users, this conversion happens entirely in your browser — page content is never sent to our servers. For free-tier users, HTML is sent to our API for server-side conversion and is not stored after processing.

2. Account Information

If you create an account, we collect:

  • • Email address (for authentication and service communications)
  • • Display name and profile image (if you sign in with Google)
  • • Subscription plan and payment status

3. Usage Data

We collect anonymized usage statistics, including:

  • • Number of conversions performed (daily count, not content)
  • • Feature usage (which tools you use, e.g. batch convert, export)
  • • Extension version and browser locale
  • • Error reports (error type and message, not page content)

4. Local Storage Data

The extension stores the following locally on your device via chrome.storage.local:

  • • Your conversion settings and preferences
  • • Selected AI platform and prompt templates
  • • Obsidian vault configuration (local path only)
  • • Installation date and conversion count
  • • Authentication token (if logged in)

This data stays on your device and is not transmitted to our servers unless you explicitly sync settings.

5. Conversion History (PRO Only)

PRO users may opt into cloud-synced conversion history. This stores the converted Markdown, page URL, title, and metadata (word count, token count) on our servers. You can delete individual entries or all history at any time.

How We Use Your Data

  • Provide the service: Authenticate your account, process conversions, enforce usage limits
  • Improve the product: Analyze aggregated, anonymous usage patterns to prioritize features and fix bugs
  • Communicate with you: Send transactional emails (login links, receipts) and occasional product updates (you can unsubscribe anytime)
  • Process payments: Manage subscriptions and billing through our payment processor

Data Sharing & Third Parties

We do not sell your personal data. We share data only with the following service providers, strictly to operate the service:

Google Analytics (GA4)

We use Google Analytics to collect anonymized usage statistics (feature usage, error rates, extension version). No page content or personal data is sent to Google Analytics. You can opt out via your browser's privacy settings.

Resend (Email Delivery)

We use Resend to deliver transactional and marketing emails. Resend receives your email address solely to deliver emails on our behalf.

Creem (Payment Processing)

Subscription payments are processed by Creem. We store only your Creem customer ID — we never see or store your credit card number.

Google OAuth

If you choose to sign in with Google, we receive your name, email, and profile picture from Google. We do not access any other Google data.

Notion (Optional Integration)

If you connect Notion, we store an OAuth access token to export Markdown to your Notion workspace. We only access workspaces and pages you explicitly authorize. You can disconnect Notion at any time.

Neon (Database Hosting)

Your account data and conversion history are stored in a PostgreSQL database hosted by Neon. All data is encrypted in transit and at rest.

We do not share your data with any parties beyond those listed above. We will never sell, rent, or trade your personal information.

Data Storage & Security

  • • All data transmission uses HTTPS/TLS encryption
  • • Database is encrypted at rest
  • • Authentication tokens are securely hashed
  • • Unsubscribe links use HMAC-signed tokens to prevent tampering
  • • API access is rate-limited to prevent abuse

Data Retention

  • Page content: Never stored for free-tier conversions (processed in memory only). PRO conversion history is retained until you delete it.
  • Account data: Retained while your account is active. Deleted upon account deletion request.
  • Usage analytics: Aggregated and anonymized; retained indefinitely for product improvement.
  • Email logs: Retained for up to 12 months for deliverability analysis, then deleted.

Chrome Extension Permissions

The Web2MD extension requests the following browser permissions:

  • activeTab: Read the content of the page you're currently viewing, only when you activate the extension
  • storage: Save your settings and preferences locally
  • clipboardWrite: Copy converted Markdown to your clipboard
  • contextMenus: Add a right-click menu option for quick conversion
  • scripting: Inject conversion scripts into web pages and inject content into AI chat platforms (Send to AI feature)
  • Host permissions: Required to convert pages on any website you visit

Your Rights

  • Access: View all data associated with your account from your dashboard
  • Delete: Delete your conversion history or request full account deletion
  • Opt out of emails: Unsubscribe from marketing emails via the link in any email, or from your account settings
  • Disconnect integrations: Remove Notion or other third-party connections at any time
  • Export: Download your data in standard formats

Children's Privacy

Web2MD is not directed at children under 13. We do not knowingly collect data from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it.

Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via email or a notice in the extension. Continued use of the service after changes constitutes acceptance of the updated policy.

Contact

If you have questions about this privacy policy or your data, email us at privacy@web2md.org