Privacy Policy

1. Who this policy applies to

This policy describes the data handling practices of Filemark, a free, open-source Chrome browser extension (Manifest V3) published by the Filemark project, maintainer khanakia. It applies to the extension distributed via the Chrome Web Store and the equivalent source build available at github.com/thesatellite-ai/filemark.

This policy also covers the marketing website at khanakia.com/apps/filemark, which is a static single-page application served from Cloudflare Workers Static Assets. The website has no analytics, no cookies, no forms, and no backend.

2. What personal data we collect

None. Filemark does not collect, transmit, log, observe, infer, sell, share, profile, or otherwise process any personal information from any user.

This includes — but is not limited to — names, email addresses, IP addresses, geolocation, device identifiers, browsing history, search queries, file contents, file names, file paths, folder structure, authentication tokens, analytics, telemetry, crash reports, performance metrics, A/B-test variant assignments, or behavioral usage statistics.

We are unable to identify, contact, recognize, count, or remarket to any user of Filemark, because we have no information about any user. There is no account system, no signup, no login.

3. Local-only data Filemark stores on your device

To make the extension work across browser restarts, Filemark stores the following on your device only, inside the browser's IndexedDB and chrome.storage APIs:

• Your file library: recently opened files, open tabs, and File System Access folder handles you have granted Filemark access to
• Theme + typography preferences: mode (light / dark / sepia), font family, font size, line height, content width
• Per-file UI state: task-checkbox state, datagrid sort and filter choices, sidebar / panel collapse state, scroll position
• Settings: which file formats are enabled, JSON-viewer options (theme, depth, formatting), keyboard-shortcut bindings, sidebar width

This data never leaves your browser. We have no way to read it. Uninstalling the extension or clearing extension data through chrome://extensions removes it completely.

4. The files you open

When you point Filemark at a local file or folder — by dragging it into the viewer, picking it through the OS folder picker, or opening a file:// URL with the content script — the extension reads the file bytes directly from your disk through the browser's File System Access API, FileReader, or (for intercepted file:// URLs) Chrome's native file-system access.

Filemark uses the bytes only to render the file inside your browser tab. The file contents are never sent to any server controlled by Filemark, the website, the maintainer, or any third party. There is no upload step, no cloud sync, no background transmission.

When you navigate away from a file or close its tab, the file contents are released by the browser. Only the small metadata described in section 3 (filename, scroll position, etc.) persists locally so that the file can be re-opened later.

5. Permissions Filemark requests, and exactly why

The full Manifest V3 manifest is public source at apps/chrome-ext/public/manifest.json. Each permission is requested for the single, narrow purpose described below; nothing else is done with it.

• storage

  Required to persist your file library, preferences, and per-file UI state across browser sessions using Chrome's local storage and IndexedDB APIs. Data is written to and read from your browser only.

• declarativeNetRequest

  Required to register dynamic redirect rules that intercept navigations to local .csv and .tsv files. Without this permission, Chrome triggers a file download when you visit a CSV; with it, Filemark redirects the navigation to its built-in datagrid renderer. The declarativeNetRequest API is a declarative rule system — Filemark cannot observe, log, or modify network traffic itself. Rules are scoped to local file:// URLs only.

• host_permissions: <all_urls>

  Required by the Chrome platform to register declarativeNetRequest redirect rules whose target is a chrome-extension:// URL inside the extension. This is a platform constraint of MV3 dynamic redirects, not a data-collection mechanism. Filemark does not read, scrape, or modify the content of any web page, does not inject scripts into pages you visit, and does not observe any cross-site browsing behavior. You can verify this in Chrome DevTools: Filemark issues zero outbound network requests during normal use.

• Allow access to file URLs (user-toggled, not declared in the manifest)

  This toggle lives on each extension's details page in chrome://extensions; you choose whether to enable it. When enabled, it allows the content script to read the bytes of a local file you have actively navigated to (e.g. you double-click a .md file in Finder and Chrome opens file:///…/notes.md), so Filemark can render it in place. Without this toggle, Filemark still works for files you explicitly drag in or open through the folder picker.

Filemark does not request the tabs, history, cookies, activeTab (beyond MV3 defaults), identity, webRequest, scripting (other than the file-URL content script), bookmarks, downloads, or any other sensitive permission.

6. Single purpose

Filemark has a single purpose: render local files (Markdown, MDX, JSON, JSONC, CSV, TSV, SQL, Prisma schema, DBML) that Chrome would otherwise download or display as plain text. Every feature in the extension — the file library sidebar, search palette, themes, tabs, kanban from tasks — exists to make rendering those files more useful. The extension does not do anything outside that purpose.

7. Things we explicitly do not do

• We do not run analytics or tracking scripts.
• We do not include third-party SDKs, telemetry libraries, or any code that contacts a remote server.
• We do not download or execute remote code at runtime. The Manifest V3 Content Security Policy is strict (no unsafe-eval) by design.
• We do not read, scrape, modify, or observe the content of any web page outside the extension's own viewer pages.
• We do not transmit your file contents, file names, file paths, folder structure, search queries, settings, preferences, or behavior to any server.
• We do not use Google user data, Google account information, or any data covered by the Google API Services User Data Policy / Limited Use rules. We do not integrate with Gmail, Drive, Calendar, Photos, or any other Google service.
• We do not set cookies. We do not use localStorage for tracking.
• We do not share, rent, sell, license, or otherwise disclose any information about any user to anyone, because we have no such information to disclose.

8. Sub-processors and third parties

Filemark uses no sub-processors and no third-party services that receive your data. The Chrome Web Store listing itself, and the website hosting (Cloudflare Workers Static Assets), receive only the standard web-server request metadata (IP address, user-agent, requested URL) generated by your browser when it loads the page — Filemark and its maintainer do not collect, store, or have access to those logs beyond what Cloudflare's standard edge logging retains for its own operational purposes. Cloudflare's privacy practices are described at cloudflare.com/privacypolicy.

9. Data retention

Because Filemark collects no personal data, there is no data to retain. The local-only data described in section 3 is retained on your device until you uninstall the extension or clear its data, at which point it is removed by the browser. We have no copy anywhere.

10. Security

Filemark is shipped as a Manifest V3 extension with a strict Content Security Policy that forbids inline scripts and unsafe-eval. All rendering libraries are bundled at build time; no code is fetched from a remote origin at runtime. Local-only data is stored using the browser's native, sandboxed storage APIs (IndexedDB and chrome.storage) and is isolated to the extension's own origin.

The full source code is open source under the MIT license and available for audit at github.com/thesatellite-ai/filemark. You can verify the network behavior in Chrome DevTools' Network tab: during normal use Filemark produces zero outbound requests.

11. Children's privacy

Filemark is a developer-oriented tool and is not directed at children under 13 (or under 16, where the higher EU age applies). Because Filemark does not collect any personal information from any user, it does not collect any personal information from children, and no parental consent mechanism is required or applicable.

12. GDPR (EU / UK) and CCPA (California)

GDPR / UK GDPR: Filemark does not process personal data within the meaning of the EU GDPR or UK GDPR, so there is no controller, no processor, no lawful basis to declare, and no data-subject rights (access, rectification, erasure, portability, restriction, objection) that can be exercised against Filemark — because Filemark holds no personal data to access, rectify, erase, port, restrict, or object to.

CCPA / CPRA (California): Filemark does not collect, sell, or share personal information of California residents as defined by the CCPA / CPRA. We have no consumer information to disclose, delete, correct, or limit the use of. Filemark does not engage in cross-context behavioral advertising.

If, in the future, Filemark adds an optional feature that processes personal data (e.g. an opt-in cloud sync), this policy will be updated to describe the lawful basis, retention, rights, and data-handling practices for that specific feature before it ships, and the feature will be off by default.

13. Open source and verifiability

Filemark is open source under the MIT license. Every claim in this policy is independently verifiable by reading the source at github.com/thesatellite-ai/filemark, reviewing the manifest, or watching the network panel in Chrome DevTools while using the extension.

14. Changes to this policy

If this policy changes substantively — for example, if Filemark adds a feature that handles data in a new way — the updated policy will be published on this page with a new "Effective" date, and the change will be called out explicitly in the extension's release notes (/changelog) before the new behavior reaches users. Cosmetic edits to wording without substantive change will bump only the "Last updated" date.