Skip to content
Myellin

Legal

Myellin Clipper — Privacy Policy

Last updated: June 28, 2026

1. What the extension is

The Myellin Clipper is a browser extension (Chrome, Edge, and Firefox) that lets a signed-in Myellin user save webpages, YouTube videos, single tweets, PDFs, screenshots, and selection quotes to their notebook with one click. This policy describes how the extension handles your data. It complements the main Myellin Privacy Policy, which governs the underlying account and notebook.

2. The short version

  • The extension only reads a page when you explicitly invoke it — clicking the toolbar icon, choosing a right-click menu item, or pressing a keyboard shortcut.
  • It does not run on every page you visit.
  • It sends the page content you chose to save (and only that) to your own Myellin account.
  • It does not share data with any third party, advertiser, or analytics provider.
  • You can revoke access at any time from Settings → Connected apps in Myellin, which signs the extension out instantly.

3. What the extension accesses

When you save a clip, the extension reads, on the active tab only:

  • The page URL, title, favicon, and OpenGraph / Dublin Core metadata.
  • The article body, extracted by Mozilla's Readability library, when you save a webpage.
  • The text you selected, when you choose “Save selection”.
  • The href of a link, or the src of an image, when you use the right-click menu on a link or image.
  • On YouTube tabs: the video title, description, channel, and (when available) the public transcript.
  • On Twitter / X tabs: the tweet you right-clicked — its text, author, timestamp, and media URLs.
  • On PDF tabs: the URL of the PDF.
  • When you choose “Screenshot”: a PNG of the visible area, or a scroll-stitched full-page PNG when you explicitly select full-page capture.

The extension does not read your browsing history, cookies, form inputs, saved passwords, or any other tab's contents.

4. What gets sent and where

The data above is sent over HTTPS to https://www.myellin.com (or to your own self-hosted Myellin instance, if you configured one). It is stored on Supabase Postgres infrastructure operated by Myellin, inside the row-level-security boundary of your notebook account. No clip is ever exposed to other Myellin users unless you explicitly choose to share the resulting page.

We do not transmit any clip data to advertising networks, analytics providers, or any third-party AI provider. AI features that may operate on a clipped page (summarisation, flashcard generation) only run when you trigger them inside the Myellin app — never automatically at clip time.

5. Authentication tokens

The extension authenticates by holding a bearer token that you authorize when you click “Sign in to Myellin”. The plaintext token is generated by the Myellin server, returned to the extension exactly once via the OAuth-style callback, and stored in your browser's local extension storage (chrome.storage.local). On the server only the SHA-256 hash of the token is retained — we cannot read the plaintext after it is issued. Revoking a token from Settings → Connected apps deletes it server-side immediately; the next request from that extension will be rejected.

6. Storage of images and screenshots

Screenshots and other image bytes are uploaded to a Supabase Storage bucket (notebook-uploads) under a path scoped to your user id. The bucket is public-read, which means anyone with the exact URL can fetch the image — this is the same model Myellin uses for inline notebook images. URLs are long random paths and are not indexed publicly. Do not screenshot content you would not embed in a notebook page you might share.

7. Permissions explained

  • activeTab: read the page you are currently looking at, only when you click Save.
  • contextMenus: register the right-click “Save to Myellin” items.
  • storage: keep your bearer token and preferences locally in the browser.
  • scripting: inject the on-demand extractor for the source type (webpage / YouTube / Twitter / PDF) when you trigger a save.
  • identity: open the Myellin Connect sign-in flow and receive the extension callback without collecting your Myellin password inside the extension.
  • tabs: required by chrome.tabs.captureVisibleTab for the screenshot feature.
  • notifications: show save success or failure confirmations after an explicit capture.
  • host_permissions: <all_urls>: allows the on-demand extractor to read whichever site you chose to clip. It does not mean the extension is always reading every site; the content scripts are registered as runtime and injected only when you act.

8. Data retention

Clippings live inside your notebook until you delete them. The extension itself stores nothing on our servers beyond the bearer token record (name, prefix, hash, last-used timestamp, optional user-agent string) shown to you in Settings → Connected apps. You may export or delete your notebook content at any time via the existing Data & Export controls in Settings.

9. Changes to this policy

If we make material changes to how the extension handles data, we will update this page and the “Last updated” date above. Substantive changes will also be noted in the Myellin Clipper store listing changelog.

10. Contact

Questions, concerns, or data requests: privacy@myellin.com.