Privacy Policy for Cynon Chrome Extension

Last Updated: May 30, 2025

This Privacy Policy explains how the Cynon Chrome Extension collects, uses, stores, and shares your information when you use our extension. Cynon is designed to help users find synonyms and definitions for highlighted words in any text. We are committed to protecting your privacy and ensuring transparency in our data practices, in accordance with the Chrome Web Store Developer Program Policies.

1. Information We Collect

Cynon collects and processes the following types of information:

a. Personal Information

• Account Information: When you create an account or log in, we collect:
  • Email Address: To register and manage your account.
  • Username: To identify you within the extension.
  • Password: Securely hashed using Argon2 for authentication purposes.
• Refresh Tokens: Used to maintain your session securely and refresh access tokens for authenticated requests.

b. Non-Personal Information

• Selected Text: When you highlight a word, Cynon processes the selected text to retrieve synonyms and definitions.
• Language Preference: Your chosen language (e.g., Swedish or English) is stored to customize your experience.
• Dark Mode Preference: Your preference for dark mode is stored locally to apply the desired interface theme.
• Cached Data: We cache word data (e.g., synonyms, definitions) locally in your browser to improve performance and reduce API calls.

c. Technical Information

• Browser Data: Information about the websites you visit (via the <all_urls> permission) to enable the extension to function on any webpage where text is highlighted.
• API Requests: Data sent to and received from external APIs (https://api.cynon.se, https://synonymord.se, https://api.dictionaryapi.dev, https://skrutten.csc.kth.se) to fetch word data.
• Usage Data: Interactions with the extension, such as clicks on settings or language options, may be logged for debugging and improving functionality.

2. How We Use Your Information

We use the collected information for the following purposes:

• To Provide Core Functionality:
  • Process highlighted text to retrieve synonyms and definitions from external APIs.
  • Display results in a popup interface tailored to your language and theme preferences.
• To Manage Accounts:
  • Authenticate users via username, email, and password.
  • Maintain secure sessions using JWT access and refresh tokens.
  • Store user-contributed word data in our Swedish and English catalogs.
• To Enhance User Experience:
  • Store preferences (e.g., language, dark mode) locally to personalize the interface.
  • Cache API responses to reduce latency and improve performance.
• To Ensure Security:
  • Use rate-limiting to prevent abuse of API endpoints.
  • Sanitize user inputs using DOMPurify to prevent security vulnerabilities like XSS attacks.
  • Securely hash passwords and use HTTPS for all API communications.
• To Improve the Extension:
  • Log errors and usage data (without personally identifiable information) to diagnose issues and optimize performance.

3. Data Storage and Security

• Local Storage: Language preferences, dark mode settings, and cached word data are stored locally in your browser using chrome.storage.local and chrome.storage.sync.
• Server Storage: Account information (email, username, hashed password, refresh tokens) and user-contributed word data are stored in a MySQL database managed by Cynon. The database is hosted securely with access restricted to authenticated requests.
• Security Measures:
  • Passwords are hashed using Argon2 with strong parameters (memoryCost: 2^16, timeCost: 3, parallelism: 1).
  • API communications use HTTPS to encrypt data in transit.
  • JWT tokens are used for secure authentication, with access tokens expiring after 1 hour and refresh tokens after 7 days.
  • Rate-limiting is applied to API endpoints to prevent abuse.
  • Input validation and sanitization are enforced to protect against malicious data.
• Data Retention: Account information is retained as long as your account is active. You can delete your account by logging out, which removes refresh tokens from our database. Cached data in your browser is retained until cleared or expired (24-hour TTL).

4. Data Sharing

Cynon does not sell, trade, or share your personal information with third parties, except as described below:

• External APIs:
  • Swedish API (https://synonymord.se): Used to fetch synonyms and definitions for Swedish words. Only the highlighted word is sent to this API.
  • English API (https://api.dictionaryapi.dev): Used to fetch synonyms and definitions for English words. Only the highlighted word is sent to this API.
  • Lemmatization API (https://skrutten.csc.kth.se): Used to determine the base form of words. Only the highlighted word is sent to this API.
  • These APIs may have their own privacy policies, which we encourage you to review.
• Service Providers: We use secure hosting and database services (e.g., MySQL via Docker) to store and process data. These providers have access to data only as necessary to provide their services and are contractually obligated to maintain confidentiality.
• Legal Requirements: We may disclose your information if required by law or to protect the rights, safety, or property of Cynon or others.

5. Permissions and Justifications

Cynon requests the following Chrome permissions, as declared in manifest.json, to provide its functionality:

• activeTab: To access the currently active tab for processing highlighted text.
• storage: To store user preferences (language, dark mode) and cached word data locally.
• host_permissions: To communicate with Cynon’s backend API for account management and word data storage.
• <all_urls>: To enable the extension to work on any webpage where text is highlighted, ensuring broad compatibility.

These permissions are used solely for the purposes described in this policy and are necessary for Cynon’s core functionality.

6. User Choices and Control

• Account Management: You can create, log in, or log out of your Cynon account via the settings panel. Logging out removes your refresh token from our database.
• Data Deletion: To delete your account data, log out through the extension. You may also contact us at cynonapp@gmail.com to request account deletion.
• Preferences: You can change your language and dark mode preferences at any time in the settings panel.
• Browser Data: You can clear cached data by clearing your browser’s storage or uninstalling the extension.

7. Children’s Privacy

Cynon is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, please contact us at cynonapp@gmail.com.

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by updating the "Last Updated" date at the top of this policy and, where required, by posting a notice within the extension.

9. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Email: cynonapp@gmail.com