# Privacy Policy for Mastodex **Last updated: March 18, 2026** ## Overview Mastodex is a browser extension that helps you find your Twitter/X follows on Mastodon. Your privacy matters — this extension is designed to work entirely locally on your device. ## Data Collection Mastodex does **not** collect, transmit, or store any personal data on external servers. There is no analytics, tracking, or telemetry of any kind. ## Data Stored Locally The extension stores the following data locally in your browser's extension storage: - **Mastodon OAuth credentials** (access token, instance URL, client ID, client secret) — used to authenticate with your Mastodon instance. These are stored securely in Chrome's extension storage and are never transmitted anywhere other than your Mastodon instance. - **Scan results** (detected Mastodon accounts matched to your Twitter follows) — stored temporarily in local storage so you can view results. This data is cleared each time you start a new scan. - **App registration data** (client ID and secret per Mastodon instance) — cached locally so you don't have to re-authorize on every login. ## Third-Party Services Mastodex communicates only with: - **Your Mastodon instance** — to authenticate, search for users, and perform follow/unfollow actions. Only the instance URL you provide is contacted. - **Twitter/X** — the extension reads publicly visible profile data (usernames, display names, bios, avatars) from the Twitter pages you visit. This data is processed locally and never sent to any external server. No data is ever sent to the extension developer, any analytics service, or any other third party. ## Permissions - **`identity`** — used to handle the Mastodon OAuth login flow via `chrome.identity.launchWebAuthFlow`. No Google account data is accessed. - **Host permissions for twitter.com/x.com** — required to read user profile data from Twitter pages you visit. - **Host permissions for Mastodon instances** — required to communicate with your Mastodon instance's API. ## Data Deletion All locally stored data can be removed at any time by: - Logging out within the extension (revokes the OAuth token and clears stored credentials) - Uninstalling the extension (removes all extension storage data) ## Changes to This Policy If this privacy policy changes, the updated version will be published in this repository. ## Contact If you have questions about this privacy policy, reach out on Mastodon: [@m1guelpf@mastodon.social](https://mastodon.social/@m1guelpf)