Privacy Policy
Effective date: 2026-06-22
Who we are
BNOD is a Chrome extension that lets you record, build, schedule, and run browser workflows on sites you choose, with optional AI assistance. This Privacy Policy explains what data BNOD handles, where it goes, and what choices you have.
Questions or requests: support@bnod.app.
Data we collect
We keep the collected surface as small as we can. The categories below are the complete list.
Account data
If you sign in, we receive your email address, your Google account display name, and your Google account profile picture URL via Google Sign-In. These come from the standard openid email profile scopes — nothing more. You can use BNOD without signing in; in that case no account data is collected.
Session data
When you sign in, we issue a session token stored as an HTTP cookie scoped to our authentication backend. Sessions are managed by Better Auth on top of Convex and exist only to keep you logged in across devices.
OAuth tokens (ChatGPT Plus, optional)
If you connect a ChatGPT Plus account through the optional OAuth flow, the resulting access and refresh tokens are encrypted with AES-GCM using a key generated locally on your device and stored in your browser's IndexedDB. These tokens are never uploaded to BNOD servers. They live only in your browser and are sent directly to OpenAI when your workflows call the API.
Analytics
We collect anonymous product analytics through PostHog, hosted in the EU at eu.i.posthog.com. Events contain:
- An anonymous
install_idgenerated on first launch. - Action names (e.g. "workflow_started", "template_installed").
- Coarse environment data (Chrome version, extension version, locale).
We do not send page contents, DOM data, workflow contents, or text you type into AI prompts. Analytics events are retained for 90 days, then deleted.
Workflow data
Your workflows, recordings, variables, environment values, saved tools, and templates live in local IndexedDB inside your browser. They are not synced to BNOD servers. They leave your browser only when:
- You explicitly export a workflow as JSON.
- A workflow you wrote sends data over the network to an endpoint you configured (for example, an
http_requeststep you added).
Data we do not collect
To make this explicit:
- We do not collect the contents of pages your workflows visit or interact with.
- We do not collect DOM data captured by the recorder or by scrape steps.
- We do not collect prompts or completions exchanged with your AI providers. Those requests go directly from your browser to the provider you configured.
- We do not sell or share your personal data with advertisers.
Third-party services
BNOD relies on the following third parties. Each one only sees the data described.
| Service | Purpose | Data shared |
|---|---|---|
| Google Sign-In | Authentication | Your Google email, name, profile picture (scopes: openid, email, profile) |
| Convex | Stores your account record and session token | Email, account metadata, session token |
| PostHog (EU) | Anonymous product analytics | install_id, action names, environment data |
| OpenAI (BYOK API key) | AI features when you provide an OpenAI key | Your prompts and tool definitions — sent directly from your browser to OpenAI |
| Anthropic (BYOK API key) | AI features when you provide an Anthropic key | Your prompts and tool definitions — sent directly from your browser to Anthropic |
| Google Gemini (BYOK API key) | AI features when you provide a Gemini key | Your prompts and tool definitions — sent directly from your browser to Google |
| OpenAI ChatGPT Plus (optional OAuth) | AI features powered by your ChatGPT Plus subscription | Your prompts; OAuth tokens stay encrypted on your device |
"BYOK" means bring your own key: you paste your provider API key into BNOD settings, the key is stored locally in your browser, and the requests go from your browser directly to the provider. We do not proxy these calls and we do not see the key or the traffic.
The optional ChatGPT Plus OAuth uses OpenAI's official Codex CLI authorization flow. We follow OpenAI's published redirect and PKCE protocol.
Where data lives
- In your browser (IndexedDB): workflows, recordings, variables, environment values, saved tools, templates, your API keys, encrypted OAuth tokens.
- On Convex (our backend): your account record and session.
- On PostHog (EU): anonymous analytics events.
- On the AI provider you choose: the prompts and tool calls your workflows send, per that provider's privacy policy.
Retention
- Account data: kept while your account exists. When you delete your account, we delete the corresponding records on Convex.
- Session data: cleared when you sign out or when the session expires.
- Encrypted OAuth tokens: kept locally until you sign out of that provider or uninstall BNOD.
- Analytics events: 90 days, then deleted by PostHog.
- Local workflow data: kept until you delete it inside BNOD or uninstall the extension.
Your rights
You can, at any time:
- Export your workflows as JSON from inside BNOD.
- Delete individual items (workflows, recordings, providers, tools) from inside BNOD.
- Delete your account by signing in and using the account deletion option in Settings, or by emailing support@bnod.app.
- Uninstall BNOD — Chrome will remove all local IndexedDB data along with the extension.
- Ask for a copy or deletion of any account-side data by emailing support@bnod.app. We respond within 30 days.
If you are in a jurisdiction that grants additional rights (such as the EU under GDPR or California under CCPA), those rights apply to you and you may exercise them through the same email.
Children
BNOD is not directed to children under 13 (or under 16 in the EU). We do not knowingly collect data from children. If you believe a child has provided us data, email support@bnod.app and we will delete it.
Security
We use HTTPS for all network traffic. Session cookies use Secure and SameSite=None flags. OAuth tokens stored locally are encrypted with AES-GCM-256 using a per-install key. No system is perfectly secure — if we discover a breach affecting your data, we will notify you within 72 hours.
Jurisdiction
This Privacy Policy is governed by the laws of JURISDICTION. Disputes will be resolved in the competent courts of that jurisdiction.
Changes
If we change this policy, we will update the effective date at the top and post the new version at this URL. Material changes will be announced in the extension's release notes. Continued use of BNOD after a change means you accept the updated policy.