Privacy Policy

Last updated: March 15, 2026

What is Nitpick?

Nitpick is a browser extension and optional cloud service that helps designers and developers leave structured feedback on live web pages. This policy covers both the free extension and the paid Nitpick Cloud service.

Data the extension collects

The Nitpick extension operates locally in your browser by default. It stores:

• Annotations — your feedback comments, the CSS selector and HTML snippet of the element you selected, computed styles, and box model dimensions. Stored in your browser's local storage.
• Settings — your integration configurations (AI provider selection, model choice, ticket provider, context sources). Stored locally.
• Theme preference — your selected color theme and light/dark mode. Stored locally.
• Language preference — your selected UI language. Stored locally.

API keys you enter (Anthropic, OpenAI, Linear) are stored only in your browser's local storage. They are sent directly to the respective provider's API and are never transmitted to Nitpick's servers. When settings are synced to Nitpick Cloud, API keys are stripped before upload.

Screenshots

The extension can capture a screenshot of the selected element using html2canvas. Screenshots are stored only in your browser's local storage. They are never uploaded to Nitpick Cloud — they are stripped before sync.

Data Nitpick Cloud collects

If you sign in to Nitpick Cloud (optional, paid feature), we additionally collect:

• GitHub profile — your GitHub username, email, name, and avatar URL (via GitHub OAuth).
• Synced annotations — annotation text, element metadata (selectors, styles, HTML snippets), and page URLs. Screenshots are excluded.
• Synced settings — integration configurations with API keys removed.
• Team membership — team names, roles, and invite emails if you use team features.
• Payment information — processed by Stripe. We store your Stripe customer ID but never see your card number.

How we use your data

• To provide the annotation sync, team workspace, and integration features you signed up for.
• To process payments via Stripe.
• To monitor and fix errors (via Sentry — anonymized error reports only).

We do not sell your data. We do not use your data for advertising. We do not train AI models on your data.

Third-party services

• GitHub — OAuth authentication (only with your consent).
• Stripe — payment processing.
• Sentry — error tracking (anonymized crash reports).
• Google Cloud Platform — infrastructure hosting (Cloud Run, Cloud SQL).
• AI providers (Anthropic, OpenAI) — only if you configure an API key. Requests go directly from your browser to the provider.
• Linear — only if you configure a Linear integration. Requests go directly from your browser or via our OAuth proxy if you use 1-click connect.

Data retention

Local extension data persists until you clear it or uninstall the extension. Cloud data is retained while your account is active. If you delete your account, we delete your data within 30 days.

Data export and deletion

You can export your annotations as Markdown at any time from the extension. To delete your cloud data, contact us at support@nitpick.click.

Security

Cloud data is encrypted in transit (TLS) and at rest. OAuth tokens for third-party integrations are encrypted with AES-256-GCM before storage. Session tokens are hashed with SHA-256.

Children

Nitpick is not directed at children under 13. We do not knowingly collect data from children.

Changes to this policy

We may update this policy. Significant changes will be noted on our website. Continued use after changes constitutes acceptance.

Contact

Questions? Email support@nitpick.click.