homepage.devβeta

Privacy Policy

Last updated: November 24, 2025

Introduction

At homepage.dev ("we," "our," or "us"), we respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you use our real-time collaborative homepage platform.

homepage.dev is a browser homepage platform that allows you to create personalized dashboards with pages, tabs, bookmarks, notes, and other productivity tools. We prioritize transparency and your control over your data.

Information We Collect

Account Information

When you create an account, we collect:

  • Name and email address (via WorkOS authentication)
  • Profile information (optional avatar, display preferences)
  • Organization/team information if you create or join a team

Content You Create

We store the content you create on our platform:

  • Homepages: Your custom homepage configurations, layouts, and settings
  • Pages & Tabs: Page names, icons, organization structure
  • Bookmarks: URLs, titles, descriptions, categories, and custom metadata
  • Notes & Content: Text notes, markdown content, and other productivity data
  • Collaboration Data: Real-time presence, shared content, team interactions

Usage Information

  • Browser type, version, and device information
  • Pages visited, features used, and interaction patterns
  • Real-time collaboration sessions and activity logs
  • Performance metrics and error reports (via Sentry)
  • IP address and general location data

Cookies and Tracking

We use cookies for authentication, preferences, and analytics. You can control cookies through your browser settings, but some features may not work without them.

Browser Extension

We offer an optional browser extension ("Homepage.dev - New Tab") for Chrome and other Chromium-based browsers. This section explains what data the extension accesses and how it is used.

Extension Features

  • New Tab Override: Replaces your browser's new tab page with your homepage.dev dashboard
  • Quick Bookmark: Click the extension icon to save the current page as a bookmark to your homepage.dev account

Data Collected by the Extension

When you click the extension icon to save a bookmark, we collect the following information from the current page:

  • Page URL: The web address of the page you're bookmarking
  • Page Title: The title of the webpage
  • Page Description: The meta description, if available
  • Page Image: The Open Graph or Twitter card image, if available
  • Favicon: The website's icon

This data is only collected when you actively click the extension icon to save a bookmark. The extension does not passively monitor or collect your browsing history, and no data is collected in the background.

Extension Permissions Explained

The extension requests the following permissions:

  • "Read and change all your data on all websites" (host_permissions): Required to extract page metadata (title, description, image) when you choose to save a bookmark. This permission is only used when you click the extension icon—we do not read or modify any page content otherwise.
  • "Tabs" permission: Required to access the current tab's URL and title when saving a bookmark.
  • "ActiveTab" permission: Allows the extension to interact with the currently active tab only when you click the extension icon.
  • "Scripting" permission: Required to run a small script that extracts page metadata (description, images) for your bookmark.

How Extension Data Is Used

  • Bookmark data is transmitted securely (HTTPS) to homepage.dev servers
  • Data is stored in your homepage.dev account and synced across your devices
  • We do not sell, share, or use your bookmark data for advertising purposes
  • Bookmark data is subject to the same retention and deletion policies as other account data

What the Extension Does NOT Do

  • Does not track or collect your browsing history
  • Does not run in the background or collect data passively
  • Does not inject ads or modify webpage content
  • Does not collect personal information beyond what you explicitly choose to bookmark
  • Does not share data with third parties for marketing or advertising

You can uninstall the extension at any time through your browser's extension settings. Uninstalling the extension does not delete bookmarks already saved to your homepage.dev account.

How We Use Your Information

We use your information to:

  • Provide Services: Store and sync your homepages, bookmarks, and content across devices
  • Enable Collaboration: Share content with team members and manage real-time collaboration
  • Improve Platform: Analyze usage patterns to enhance features and user experience
  • Communicate: Send product updates, security alerts, and support responses
  • Security: Detect and prevent fraud, abuse, and security incidents
  • Compliance: Meet legal obligations and enforce our terms of service

Legal Basis for Processing Your Data

Under the General Data Protection Regulation (GDPR), we are required to inform you of the legal basis for processing your personal data. We process your data under the following legal grounds:

1. Contract (Service Provision)

Processing is necessary to provide the homepage.dev service under our Terms and Conditions:

  • Account creation and authentication via WorkOS
  • Homepage, page, tab, and bookmark storage and synchronization via Convex
  • Real-time collaboration features and presence status
  • Data export and backup functionality
  • Customer support and service communications
  • Processing subscription payments (for paid plans)

2. Consent

We ask for your explicit consent before processing data for the following purposes:

  • Analytics Cookies: Performance monitoring and usage analytics to improve our service
  • Preference Cookies: Remembering your settings, theme, and personalization choices
  • Marketing Communications: Promotional emails, newsletters, and product announcements (if opted-in)
  • Optional Integrations: Third-party services you explicitly enable

You can withdraw your consent at any time through our Cookie Settings page or by contacting us at privacy@homepage.dev. Withdrawing consent will not affect the lawfulness of processing based on consent before withdrawal.

3. Legitimate Interest

We process certain data based on our legitimate business interests, which we have carefully balanced against your rights and freedoms:

  • Security and Fraud Prevention: Detecting and preventing unauthorized access, abuse, and fraudulent activity
  • Error Monitoring: Using Sentry to track application errors and performance issues to maintain service quality
  • Service Improvements: Analyzing usage patterns to develop new features and enhance user experience
  • Legal Compliance: Meeting regulatory requirements and responding to legal requests
  • Business Operations: Internal administration, data backup, and disaster recovery

You have the right to object to processing based on legitimate interest. Contact us at privacy@homepage.dev to exercise this right.

Third-Party Services

We use carefully selected third-party services to operate our platform. Your data may be processed by:

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

Team and Organization Data

When you join or create a team/organization on homepage.dev:

  • Team admins can view member activity and shared content
  • Shared homepages and content are accessible to all team members with permissions
  • Your presence status (online/offline) is visible to team members during active sessions
  • Organization owners can manage member access and permissions

Data Security

We protect your data through:

  • End-to-end encryption for data transmission (HTTPS/TLS)
  • Secure authentication via WorkOS with industry-standard protocols
  • Regular security audits and vulnerability assessments
  • Access controls and role-based permissions
  • Automated backups and disaster recovery procedures
  • Error monitoring and security incident detection via Sentry

While we implement strong security measures, no system is completely secure. We encourage you to use strong passwords and enable two-factor authentication when available.

Your Rights and Controls

You have the right to:

  • Access: View and download all your personal data and content
  • Correct: Update your account information and profile settings
  • Delete: Request deletion of your account and all associated data
  • Export: Download your data in JSON format for portability
  • Restrict: Limit how we process your data
  • Object: Opt out of certain data processing activities
  • Withdraw Consent: Revoke permissions at any time

To exercise these rights, visit your account settings or contact us at privacy@homepage.dev.

Data Retention

We retain your data:

  • Active Accounts: As long as your account remains active
  • Deleted Accounts: 30 days grace period before permanent deletion
  • Legal Requirements: As required by law or regulatory obligations
  • Backups: Up to 90 days in secure backups for disaster recovery

You can permanently delete your account and all data at any time through your account settings.

International Data Transfers

Your data may be transferred to and processed in the United States and other countries where our service providers operate. We ensure these transfers comply with GDPR and other applicable data protection laws through appropriate safeguards.

Standard Contractual Clauses (SCCs)

We have implemented the European Commission's Standard Contractual Clauses (SCCs) with all our US-based and international data processors. SCCs are legally binding contracts that ensure your data receives the same level of protection when transferred outside the EU/EEA as it does within it.

Our SCCs cover the following service providers:

  • WorkOS (Authentication & User Management): Data Processing Agreement with SCCs in place for EU-US data transfers. WorkOS maintains SOC 2 Type II compliance and adheres to the EU-US Data Privacy Framework.
  • Convex (Real-Time Database): Data Processing Agreement with SCCs in place. Data is processed in secure US data centers with encryption at rest and in transit.
  • Sentry (Error Monitoring): Data Processing Agreement with SCCs in place. Sentry is EU-US Data Privacy Framework certified and maintains ISO 27001 certification.
  • Vercel (Hosting & CDN): Data Processing Agreement with SCCs in place. Vercel maintains SOC 2 Type II compliance and processes data in accordance with GDPR requirements.

All our data processors have undergone security and compliance assessments to ensure they meet GDPR standards. We regularly review these arrangements to ensure continued compliance with data protection laws.

You have the right to request copies of the relevant SCCs and Data Processing Agreements. Please contact us at privacy@homepage.dev for more information about our international data transfer safeguards.

GDPR & CCPA Compliance

For residents of the EU/EEA and California, we provide additional rights:

  • Right to know what personal information is collected and how it's used
  • Right to request deletion of personal information
  • Right to opt-out of the sale of personal information (we don't sell your data)
  • Right to non-discrimination for exercising privacy rights
  • Right to data portability in machine-readable format

Children's Privacy

homepage.dev is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

Changes to This Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

Contact Us

If you have any questions about this Privacy Policy, please contact us:

We Value Your Privacy

We use cookies to enhance your experience, analyze site traffic, and provide personalized content. By clicking "Accept All", you consent to our use of cookies. You can customize your preferences or learn more in our Privacy Policy.

GDPR & ePrivacy Compliant