TL;DR
SiteLogs is a Chrome extension that records how long you spend on each website on your own machine. None of your browsing data leaves your device. We don't have a server. We can't see what you visit.
What data is recorded
When you have a normal http(s) tab in focus, SiteLogs records, for each session:
- URL (full URL including path and query string)
- Page title
- Domain
- A category automatically chosen from a built-in dictionary or your own rules
- Start time and end time of the focused session
- Active milliseconds (focus time minus idle gaps)
The extension does not record:
- Page content (HTML / text / DOM)
- Form input, passwords, tokens, cookies
- Network requests made by pages
- Anything from
chrome://,chrome-extension://, orfile://URLs - Anything from incognito / private windows (Chrome blocks extensions there by default)
- Anything from domains you add to the ignore list in Settings
Where the data is stored
- Visit records and aggregated stats: in your browser's IndexedDB, on this device only.
- User preferences (rules, ignore list, tags, pinned sites, focus budgets): in
chrome.storage.sync, which Chrome syncs across your own Chrome profiles when you're signed in to Chrome. This is Google's sync service; the SiteLogs author never sees it. - Tracker runtime state (the current active-tab session): in
chrome.storage.session, which Chrome wipes when you close the browser.
Permissions and why we need them
| Permission | Why |
|---|---|
tabs | Read which tab is active and its URL/title to time it. |
tabGroups | Required for the "Organize" feature to group same-domain tabs. |
history | Reserved for an opt-in import feature; not actively used today. |
storage | Read/write the local databases above. |
idle | Detect when you've been away from the keyboard so we don't count idle time as active. |
favicon | Render site icons inline using Chrome's built-in favicon service. No external favicon CDN is contacted. |
sessions | Required to support the Sessions feature (save and restore groups of tabs). |
alarms | Schedule a 60-second heartbeat so the service worker writes your visits even if Chrome killed it. |
host_permissions: <all_urls> | Inject a tiny visibility/heartbeat script that posts only "visible"/"hidden" events and throttled "user is interacting" pings to the background. The script does not read page DOM, network, or credentials. |
What is sent over the network
Nothing about your browsing.
There are exactly two outbound calls SiteLogs is responsible for:
- Google Fonts CSS — the dashboard loads Inter and Lora from
fonts.googleapis.comon the new tab. This exposes your IP address to Google Fonts the same way most websites do. We will self-host fonts in a future release to remove this dependency. - Lemon Squeezy (
api.lemonsqueezy.com) — used only when you activate, validate, or deactivate a license key:- When you click "Buy", we open Lemon Squeezy's hosted checkout page in a new tab. You enter your email + payment details there; SiteLogs never sees them.
- After payment, you receive a license key by email. When you paste it into the activation field, we POST
{license_key, instance_name}toapi.lemonsqueezy.com/v1/licenses/activateand store the returnedinstance_idand your customer email locally so we can show "Activated · you@example.com" in Settings. - About once per week, we re-validate the license to detect refunds or revocations. If you click "Deactivate" we POST a deactivation and clear local state.
- The customer email is the only personal datum that returns to SiteLogs from Lemon Squeezy.
- Read Lemon Squeezy's privacy policy for what they retain on their side.
No analytics, no telemetry, no crash reporting is sent.
Sync
If you're signed in to Chrome and have sync enabled, your rules, tags, pinned sites and budgets travel with your Chrome profile via chrome.storage.sync. Visits and stats do not — they stay on each device.
Data retention and deletion
We never delete your data automatically. You can:
- Open Settings → "Data" → Export JSON to back up everything.
- Open Settings → "Data" → Wipe all data to delete everything from IndexedDB and
chrome.storage.
Uninstalling the extension removes everything stored in your browser.
Children
The extension does not knowingly target users under 13.
Changes to this policy
We will update the "Last updated" date at the top of this document whenever the substance changes. This page is the canonical version.
Contact
Bug or question: see our Contact page.