Indiwave

Privacy Policy

Last updated: March 4, 2026

Introduction

This policy explains how Indiwave collects, uses, stores, and protects data for both:

  • The Indiwave website and account features
  • The IndiTrack browser extension used to sync reading/watching activity

By using Indiwave and/or the extension, you agree to this Privacy Policy.

Information We Collect

A. Account and Profile Data

  • Email address and authentication details (via Supabase Auth)
  • Profile information you set, such as display name, avatar, bio, preferences, and privacy settings
  • Optional social and interaction content such as comments, favorites, and profile activity

B. Library and Usage Data

  • Series in your list, progress, statuses, favorites, and viewing/reading history
  • Personal source links you choose to sync from supported websites

C. Extension Authentication Data

  • Short-lived one-time auth codes used to complete extension login
  • Short-lived access tokens and rotating refresh token sessions
  • Device identifier used to manage and secure extension sessions
  • Fallback manual API key only when you explicitly use API-key login

D. Technical and Security Data

  • Basic logs for reliability, abuse prevention, and security auditing
  • Session metadata such as last-used timestamps and revocation status

How We Use Your Information

  • Provide and operate your account and library features
  • Sync progress from the extension to your account
  • Allow extension login only for eligible users (beta + extension access enabled)
  • Protect your account and enforce session security (token rotation and revocation)
  • Improve feature quality and reliability

Extension Permissions and Data Flow

The extension reads active page context on supported websites to detect title/progress and sync data to your Indiwave account. Extension data is used only for your account features (tracking, history, and related sync functionality).

Data Sharing and Sale of Data

We do not sell your personal data. We do not share your data with third parties for advertising resale. We use trusted infrastructure providers only to operate the service (for example, Supabase for backend services and Vercel for hosting/deployment).

Retention and Deletion

We retain account and usage data as long as your account remains active, or as needed for security, legal, and operational obligations. You can request deletion by deleting your account in settings.

User Controls

  • You can update profile and privacy settings at any time.
  • You can enable/disable extension access with the account setting extension_access_enabled.
  • You can log out of the extension, and disabling extension access blocks future token refresh and new extension sessions.
  • You can use token-based extension login or a manual API-key fallback path.
  • You can delete your account from settings.

Security Measures

We apply technical and organizational safeguards to protect data, including short-lived extension access tokens, rotating refresh sessions, and revocation controls. No internet service is completely secure, but we work to reduce risk and respond quickly to security issues.

Children and Regional Privacy Rights

If required by applicable law (including GDPR/UK GDPR/CCPA-style rights), you may request access, correction, or deletion of your personal data. We do not knowingly target children under the minimum legal age in applicable jurisdictions.

Policy Updates

We may update this Privacy Policy when product features or legal requirements change. We will post updates on this page and revise the “Last updated” date.

Contact Us

If you have privacy questions or requests, contact us at support@indiwave.io.

Chrome Web Store Policy URL

The public privacy policy URL for extension listing is https://indiwave.io/privacy.