AffinityPlus

Privacy Policy

Effective Date: 11th of August, 2025

1. Overview

AffinityPlus (“we,” “us,” or “our”) is a browser extension that enhances Affinity.co with features such as Tinder‑style review, API usage tracking, pinned comments, and multiplayer collaboration. This policy explains how data is collected, used, and stored within the extension.

2. Information We Collect

Category	Description	Source & Storage
Authentication Data	User ID, name, organization ID, and a session token to establish authenticated connections.	Retrieved via Clerk and used to connect sessions and APIs.
API Keys	Personal or organization API keys supplied by the user or shared within a workspace.	Stored securely in Cloudflare Workers KV namespaces (`USER_KEYS`, `ORG_KEYS`) and never exposed to the client bundle.
User Content	Pinned comment note IDs, review‑session votes, comments, and filter settings.	Stored in Cloudflare Durable Objects for PinComments and ReviewSessions.
Local Preferences & Session Info	Multiplayer view preferences, item comments, statuses, and session reconnection data.	Persisted in browser `localStorage` until cleared or the extension is removed.
Telemetry	Performance metrics, error traces, and structured logs.	Sent to Honeycomb; personal data and secrets are sanitized or excluded.

We do not intentionally collect sensitive personal data beyond what is necessary to provide extension functionality.

3. How We Use Information

Authentication & Authorization – Verify user identity and secure API requests via Clerk tokens.
API Proxying – Route extension requests through a Cloudflare Worker that injects stored API keys and enforces access control.
Feature Enablement – Store user settings, pinned comments, multiplayer votes, and similar data so features function properly.
Observability – Send anonymized performance and error telemetry to Honeycomb to diagnose issues and improve stability.

4. Data Storage & Retention

Cloudflare Workers KV / Durable Objects – Hold API keys, pinned comments, and multiplayer session data until the user revokes keys or requests deletion.
Browser localStorage – Persists UI preferences, comments, and session data until cleared by the user or removed when the extension is uninstalled.
Honeycomb Telemetry – Retained according to Honeycomb’s policies (60 days); contains no personal user data.

6. Security

API keys remain server‑side and are never shipped in client bundles, minimizing exposure risk.
Access to stored data is protected through Clerk session JWT validation before any proxying or key management.
Telemetry sanitization ensures URLs and secrets are not logged.
Communication between the extension and backend services occurs over encrypted channels (HTTPS/WebSocket TLS).

7. Your Rights & Choices

Access, correct, or delete stored API keys and pinned comments (available through extension UI or by contacting support).
Clear local storage via browser settings to remove cached preferences and session data.
Opt out of telemetry by not supplying a Honeycomb API key or disabling the feature in your build configuration.

For any requests, contact us at the contact email listed below..

8. Children’s Privacy

The extension is not directed to individuals under 13, and we do not knowingly collect information from children.

9. Changes to This Policy

We may update this policy from time to time. The “Effective Date” reflects the latest revision. Continued use of the extension after changes indicates acceptance.

10. Contact Us

Email us

moc.tuohrednavdrawe@sulpytiniffa