Privacy Policy

Last Updated: April 2026

Transparency Disclosure

This policy outlines how ClassCharts Improver collects, uses, handles, and shares user data. We are committed to full transparency and ensuring you understand exactly what happens to your information when using our extension. This policy should be read alongside any in-product disclosures presented within the extension itself.

1. Data We Collect

The extension processes the following categories of information:

  • ClassCharts Website Content (DOM Data): The extension reads the Document Object Model (DOM) of the ClassCharts student portal. This data is processed entirely locally on your device and is never transmitted to our servers or any third party.
  • Account Credentials & Identifiers: When you create an account or sign in, we collect your email address and password. This information is transmitted securely via encrypted HTTPS POST requests directly to our authentication provider.
  • User Preferences & Settings: Custom configuration choices such as theme selections and layout preferences.
  • Custom Profile Photos: If you choose to upload a custom profile photo, that image is stored as a direct asset linked to your account.

2. Secure Data Transmission & POST Calls

For users who opt to use our account synchronization features, the extension performs network communication (POST requests) to interact with our backend services:

  • Encrypted Transmission: All login credentials (email and password) are sent using TLS/SSL encryption (HTTPS). This ensures your data cannot be intercepted in transit between your browser and our servers.
  • Direct Authentication: POST calls containing credentials are sent directly to the Supabase Auth API. ClassCharts Improver does not log or store your password locally in plain text.
  • Token-Based Access: After a successful login POST request, the extension uses secure session tokens to authenticate subsequent requests, rather than resending your password.

3. How We Use Your Data

Your data is used solely for the following purposes:

  • UI Customisation: Applying visual styles based on your preferences.
  • Account Management: Authenticating your identity and managing your account settings.
  • Cross-Device Sync: Maintaining a consistent experience across multiple browsers.
  • Security: Protecting your account from unauthorized access through secure login protocols.

4. Legal Basis for Processing

  • Contractual Necessity: Processing your email and password is necessary to provide the account and sync features you have requested.
  • Legitimate Interests: Local processing of ClassCharts content is carried out to provide the extension's core functionality.
  • Consent: The upload of profile photos is based on your explicit consent.

5. Data Storage & Infrastructure

Local Storage

Non-account users have all settings stored within the browser's local storage only.

Supabase (Account Holders Only)

Account data, including email and hashed passwords, is managed by Supabase. The data is stored in Stockholm, Sweden (EU-North-1). Supabase handles authentication security following industry standards.

6. Security Disclosure

Password Security: While passwords are transmitted via POST requests, they are hashed by our infrastructure provider before being stored. We never have access to your plain-text password in the database.

Sync Data: Preference data and profile photo links are stored in plain text (encrypted at rest by the provider). Users are advised not to store sensitive information in custom settings.

7. Parties With Access to Your Data

James Theakston (Developer)

Sole developer with administrative access for support and maintenance.

Supabase, Inc. (Data Processor)

Infrastructure provider for authentication and database services. See: supabase.com/privacy.

No Third-Party Selling

We do not sell data to advertisers or brokers. All network calls are strictly for functional purposes.

8. Your Rights

You have the right to access, rectify, or erase your data. You may delete your account at any time, which triggers the permanent removal of your email and preferences from our cloud database.

Contact

For any privacy concerns or data requests, contact: jamestheakston.pages.dev