Anori logo

Privacy practices

Last updated: 11th of August 2023

This page explains which data is collected and transmitted by Anori to remote servers. In contrast to traditional privacy policies, this page explains everything as clearly and simply as possible and is made to be read by humans, not lawyers.

Analytics

Anori contains code to collect behavioral data and send it to remote servers. However, it's disabled by default. For Anori to actually start sending any analytics, you need to explicitly enable this option at settings or in the end of onboarding. Nothing is collected or sent before you enable this option.

When enabled, Anori tracks these events:

  • Selected option in command menu (includes only plugin name, doesn't contain text of selected command or any other info)
  • Hotkey used (includes info which hotkey was used)

And once a day, it sends these usage statistics:

  • Number of folders you have
  • Number of custom icons you added
  • Is compact mode enabled
  • Current color scheme
  • [As of v1.10.0] Current extension's language
  • [As of v1.10.0] Is bookmarks bar enabled
  • [As of v1.10.0] Browser name (e.g. Chrome/Opera/Firefox)
  • [As of v1.10.0] Operating system
  • [As of v1.11.0] Extension version
  • How many widgets of each kind you added (doesn't include any info from widget itself)

Each user is assigned a random ID, which is attached to the data and sent to Mixpanel's EU server. Mixpanel is an web analytics service that I use to better understand users behavior. Besides the data mentioned above, Mixpanel automatically attaches the user's IP address to tracked data. This data isn't sold or transmitted anywhere else.

3rd-party services and APIs

Anori interacts with a few 3-rd party APIs.

ipinfo.io

Anori will call the ipinfo.io/json endpoint if you select 'Just give me a productive setup' in the onboarding. This API provides an estimated location and timezone based on your IP. We use this information to pre-configure weather and date-time widgets with the correct location and timezone.

Open Meteo

If you added weather widgets, those widgets communicate with Open Meteo's geocoding (to convert city names into geographical coordinates) and weather APIs. Anori sends the location you selected when configuring the weather widget to this API.

RSS feeds

You can add an unlimited number of RSS feeds to Anori. Anori will then request those feeds. Requests are made without cookies attached.

Access to sites

Anori doesn't have access to any sites by default. However, Anori may request access to sites if this is required for widget to function. Examples of such widgets are RSS widgets and embedded page widget. You will be asked to grant missing permissions after adding such a widget to a folder. Until then, Anori doesn't have access to any sites.

Required permissions

Anori comes with a few permissions enabled by default (which are either critical for Anori to work or considered harmless for privacy):

  • alarms is used to schedule regular data processing in the background (e.g., an update of the weather or RSS feeds).
  • storage gives extension access to storage. This storage is totally isolated and doesn't contain any user data. It's intended for the extension to save its data. Anori stores your settings and widget configurations in this storage.
  • unlimitedStorage — the browser's storage is limited to 5 MB per extension. Since you can add an unlimited number of folders, it's possible for Anori to exceed this limit and stop working. To avoid that, Anori requires unlimited storage.
  • sessions — this API lets Anori get recently closed tabs and windows. It doesn't expose sensitive data by default (like a tab's URL or title). To get that data, extensions should also have tabs permission.
  • system.cpu — gives the extension access to CPU load data (only on Chrome and chrome-like browsers).
  • system.memory — gives the extension access to RAM load data (only on Chrome and chrome-like browsers).

Optional permissions

Depending on which widgets you add, Anori might also ask for those permissions. Until you explicitly grant those permissions, Anori doesn't have access to them.

  • tabs — gives the extension access to sensitive data about tabs (currently open tabs, their titles, and URLs). Used in 'Recently closed pages' widget to display page titles
  • favicon — gives the extension access to the site icon, used in 'Recently closed page' widget or when you try to import bookmarks from your browser in 'Bookmark' widget (only on Chrome and chrome-like browsers)
  • topSites — gives the extension access to sites frequently visited by user. It's used in 'Top sites' widget
  • bookmarks — this permission allows the extension to get bookmarks from your browser, Anori uses it to let you import bookmarks from browser into 'Bookmark' widget
  • tabGroups — this permission allows the extension to create tab groups and used in 'Bookmarks group' widget (only on Chrome and chrome-like browsers)
  • declarativeNetRequestWithHostAccess — this permission used to remove X-Frame-Options and Content-Security-Policy headers for sites added in 'Embedded page' widget, to allow showing them in iframe.
  • browsingData — this permission is used in conjunction with previous one to allow Anori unregistering service workers for requested site which might interfere with headers removing.

Check it for yourself

Anori is open-source software and its source code is available at GitHub. Production builds are compiled using GitHub actions and each version is saved as separate release. The compiled version is then uploaded to stores.

You can check that the code matches by downloading Anori from the store (for example, using this extension) and comparing its source code against one stored on GitHub. This way, you can be sure that the extension was built from sources stored on GitHub and doesn't contain any malicious code.