MAGPIE

What we know about you, and what we can't know.

The short version

The extension: local by default

Everything you capture — images, screenshots, text snippets, links, boards, tags, notes — is stored in your browser's local database (IndexedDB) on your machine. With no account, nothing is transmitted to us or anyone else. There is no usage tracking, no telemetry, and no analytics inside the extension. The optional "mirror to files" feature writes copies to your own disk, with no network involved.

These claims are checkable: open your browser's devtools and watch the network panel.

AI with your own key (optional)

If you enter your own OpenRouter API key in the extension, AI features (captioning, tagging, text recognition, search embeddings) send the item being processed — an image thumbnail or snippet text — directly from your browser to OpenRouter under your account, governed by OpenRouter's privacy policy. None of that traffic passes through our servers. No key, no AI traffic.

If you create an account and sync

Sync is opt-in and exists so your collection can follow you across devices and into the web app. To provide it (our legal basis: performing our contract with you), we store:

We don't browse, analyze, or monetize your collection. It is stored to be given back to you.

Search on the web app

When you search in the web app, your query text is sent to OpenRouter (under our key this time) to compute an embedding for ranking your own items. We don't store your queries.

Payments

Paid plans are sold through Stripe acting as merchant of record. Stripe collects and processes your payment details, billing address and applicable taxes under Stripe's privacy policy. Card numbers never touch our servers; we receive and keep only your plan, its status, and Stripe's reference IDs.

Sign-in and email

Signing in with an email code sends that one-time code through Resend, our transactional email provider. We send no marketing email. Signing in with Google uses Google's OAuth; we receive your email address and basic profile, nothing more.

Analytics & cookies (website only)

magpie.ee — the landing page and the web app — uses Google Analytics to understand aggregate usage (pages viewed, rough geography, how people find us). This sets Google cookies and shares usage signals with Google per Google's privacy policy. The web app also sets strictly-necessary session cookies to keep you signed in. The extension contains no analytics of any kind.

Retention and deletion

Your rights

We're an Estonian company, so the GDPR applies in full. You have the right to access, correct, export, and erase your personal data, and to object to or restrict processing. Most of these are built in: "export everything" gives you your data as ordinary files; account deletion is self-service. For anything else, email hey@undefined.ee. If you're unhappy with us, you can complain to the Estonian Data Protection Inspectorate (aki.ee) or your local supervisory authority.

Who processes data for us

The small print

Magpie isn't directed at children under 16. If this policy changes in ways that matter, we'll say so on this page and, for account holders, by email. Questions: hey@undefined.ee.