Privacy Policy

We don't collect
your data.
Full stop.

At PencilCard, every extension is designed around a single principle: your data belongs to you. All 7 of our tools are local-first by default. No servers, no tracking, no profiles.

The Core Promise

PencilCard extensions run locally on your device. Your notes, files, emails, meeting transcripts, screenshots, and writing stay in your browser — not on our servers. When you optionally enable a cloud feature (Google Drive sync, BYOK AI, subscription billing), that data goes directly to the provider you chose, under your account. It never passes through PencilCard infrastructure. We don't track behavior, we don't build profiles, and we don't sell data — because we don't have it.

What we collect

Nothing. PencilCard collects no personal data, usage data, or telemetry of any kind.

We do not collect:

  • Your name, email address, or any other identifying information
  • IP addresses or device identifiers
  • Usage patterns, clicks, keystrokes, or session data
  • Contents of your clipboard, files, emails, or transcripts
  • Crash reports or error logs

Local processing

Every PencilCard extension is local-first. All core features process data on your machine:

  • Pinodock — todos, habits, journal, bookmarks, clipboard, and tab history stay in chrome.storage.local or IndexedDB.
  • PinoDrive — file listings are fetched from your local desktop agent over 127.0.0.1. No file paths or names leave your machine unless you configure a cloud connector.
  • PinoCoach — documents, flashcards, quiz history, and your TF-IDF study index all live in IndexedDB on your device.
  • PinoMeet — meeting transcripts are stored in IndexedDB and never sent to PencilCard. Transcription happens via the browser's Web Speech API (audio is handled by your browser, not us).
  • PinoMail — email threads are fetched directly from the Gmail API and cached locally. No email content reaches PencilCard servers.
  • Pinogrammer — writing is analysed in memory using Gemini Nano (on-device). Text is never stored or transmitted by default.
  • PinoSnap — screenshots and annotations are stored in IndexedDB. GIF encoding and OCR run locally via WebAssembly (Tesseract.js, ffmpeg.wasm).

Optional external calls

Some features contact external services only when you explicitly enable them:

  • BYOK AI (all products) — if you supply your own API key for OpenAI, Claude, Gemini, or DeepSeek, queries go to that provider under your key and their privacy policy. A PII filter strips sensitive patterns before transmission. PencilCard never receives this traffic.
  • Google Drive sync (Pinodock Pro) — your data goes directly to your own Google Drive. Not routed through PencilCard.
  • Web Speech API (PinoMeet) — Chrome routes microphone audio to Google's speech recognition service for transcription. PencilCard does not receive audio.
  • Gmail API (PinoMail) — email is fetched using your OAuth token directly from Google. PencilCard never sees your email.
  • Subscription check (Pro features) — if you subscribe, your subscription status is verified via Firebase using only your user ID. No browsing data, email content, file names, or AI queries are included.
  • Public feeds (Pinodock widgets) — Hacker News, Reddit, GitHub, weather, currency are fetched directly by your browser with no personal identifiers.

Browser permissions

Each extension requests only the permissions required for its features. All permissions are justified in the per-app policy pages linked below. As a summary:

  • storage — used by all extensions to save your local settings and data.
  • identity — used by PinoMail, PinoMeet, PinoCoach, PinoSnap, and Pinogrammer to sign in via Google OAuth for Pro subscription verification or Google API access.
  • tabs / scripting / activeTab — used to inject overlays, detect meeting pages, or read visible content when you trigger an action. Read-only. No data transmitted.
  • tabCapture / desktopCapture — PinoSnap only, for screen recording. Used only when you initiate a capture.
  • host_permissions (all_urls) — Pinogrammer and PinoSnap require this so their overlays can activate on any page.
  • Optional permissions — granted per user action and can be revoked from Chrome's extension settings at any time.

Third parties

PencilCard does not share, sell, or transfer any user data to third parties — because we have no user data to share.

Our extensions do not include advertising networks, analytics SDKs, or tracking pixels. Optional integrations (Google Drive, Gmail, BYOK AI providers) contact their respective services directly from your browser only when you enable them. This website uses Google Fonts, which are subject to Google's own privacy policy.

Free & Pro tiers

All PencilCard products are freemium. The free tier is genuinely useful and has no time limit. Core local features — grammar checking, document study, screenshot capture, new tab productivity, file browsing, meeting transcription, email reading — work without creating an account.

Pro features (unlimited BYOK sessions, cloud sync, advanced AI, priority support) require a subscription verified through Firebase. The only data stored for subscription purposes is your Firebase user ID and entitlement status — no payment data is handled by PencilCard directly (Stripe processes payments).

Children

PencilCard extensions are not directed at children under 13. Since we collect no personal information from any user, this policy applies equally to all users regardless of age.

Changes to this policy

If we make material changes — such as any new data collection or new external connections — we will update this page, note the effective date, and include a notice in the relevant extension's changelog. Our core commitment (no collection of user data) will not change.

Last updated: June 24, 2026

Per-application policies

Each extension has its own detailed policy covering exactly what it accesses, every permission it requests, and what (if anything) may leave your device.

Pinodock

New-tab productivity hub. Todos, habits, journal, bookmarks, tabs, clipboard — all local. Optional Google Drive sync goes to your Drive, not our servers.

Read Pinodock Policy →

PinoDrive

Local file manager and NAS browser. The desktop agent binds to 127.0.0.1 only. No file names or paths reach external servers.

Read PinoDrive Policy →

PinoCoach

AI study assistant. PDFs, flashcards, quizzes, and your RAG index stay in IndexedDB. Gemini Nano runs entirely on-device.

Read PinoCoach Policy →

PinoMeet

Meeting transcription for Google Meet, Zoom, and Teams. Transcripts stored locally. Audio handled by the browser's Web Speech API — never by PencilCard.

Read PinoMeet Policy →

PinoMail

Smart Gmail overlay. Email is read via the Gmail API using your OAuth token and cached locally. Email content never reaches PencilCard servers.

Read PinoMail Policy →

Pinogrammer

Privacy-first writing assistant. Grammar checking runs on-device via Gemini Nano. Text is analysed in memory — never stored or transmitted by default.

Read Pinogrammer Policy →

PinoSnap

Screenshot, annotation, GIF, and OCR tool. All processing (Tesseract.js OCR, WASM GIF encoding, smart redact) runs locally. Captures stay in IndexedDB.

Read PinoSnap Policy →

Contact

If you have questions about this privacy policy or our data practices, please reach out. We're a small team and respond to everything.

Email: [email protected]