Privacy & architecture

What we know about you, and what we deliberately don't.

Last updated: April 27, 2026 · Effective for all SlotOwl users worldwide.

This page is the long version. The short version is: SlotOwl runs inside your own browser. Your portal credentials and portal session stay on your device. We only receive what you explicitly sync to your account or send through optional backend features (sign-in, workflows, remote alerts when enabled). Details below.

The architecture in one paragraph

SlotOwl is a Chrome extension. When you start monitoring a portal, the extension's content script runs inside the same tab where you've already logged in. Each "check" is a click on a button in the page you're already on — performed by your browser, from your IP address, using cookies that already exist in your session. The result of each check (a true/false on "is a slot available") is sent back to the extension's service worker, which fires a desktop notification when the answer is "yes". That path runs locally in your browser. Our servers receive sign-in data, optional workflow sync when you're signed in, and related account metadata — not your portal credentials or session cookies.

Data we collect, in full

Account data (when you sign in)

• Email address — from your Google sign-in. Used for account-related transactional mail (sign-in, security notices). If we enable optional alert email in a future release, we would only send when you turn it on in the product.
• Display name & profile photo — from your Google profile. Used in the extension popup so you can confirm which account you're signed in as.
• Firebase UID — a random opaque identifier generated when you sign in. We use this everywhere internally instead of your email so there's no PII in our query logs.

Billing data (only if / when you purchase)

• Purchase and entitlement records — if we sell paid access in any form in the future, we store what we need to fulfill access and handle refunds. During the public beta this category generally does not apply.
• Payment processor identifiers — our merchant (e.g. Lemon Squeezy) may associate your email with a customer ID. We do not store full payment card numbers; the processor does.

Workflow data (your monitoring configuration)

• Workflow definitions — the JSON that describes which portal you're monitoring and how to detect "available". Synced to your account so you can use SlotOwl on multiple devices.
• Run state — whether monitoring is active, which workflow, polling interval. Stored locally; not sent to our servers.

Push subscription data (only if you enable web push)

• Push endpoint URL — provided by your browser's push service when you opt in. We use this only for channels you explicitly enable in the product.
• P256dh + auth keys — encryption keys provided by your browser to sign push payloads. Stored encrypted at rest.
• Device label ("iPhone 15", "MacBook Pro") — provided by the browser, used so you can identify which device you're removing if you want to unsubscribe.

Alert dispatch logs (last 30 days)

• Workflow ID + UTC date of alert — used for per-workflow per-day deduplication so you don't get spammed when a portal flickers in and out of "available" status. We do not store the portal name, the slot details, or anything else from the page.

Alert-time tab preview (JPEG)

When SlotOwl thinks a slot may be available, the extension may capture one JPEG of the visible monitored tab (Chrome's captureVisibleTab) and attach it to the desktop notification on that machine. That path is local to Chrome — we are not recording your screen continuously.

If you are signed in, the extension may also send that JPEG to our backend so we can store it in Firebase Storage for a short time and produce a link — used when optional remote channels (email / web push) need an image or when we build the hosted preview page linked from a notification. Objects are purged on a short TTL (on the order of a few days). If you are not signed in, nothing is uploaded.

Anonymous health telemetry (planned)

The public Chrome beta build does not upload per-workflow check statistics to our servers yet. When we turn this on, it would aggregate coarse counters only (e.g. available vs unavailable per workflow ID per day) with no portal HTML and no per-user detail — and we would describe an opt-out in the extension before collecting anything.

Data we deliberately do NOT collect

• Your portal username or password (we never ask, and never receive)
• Your portal session cookies (they live in your browser, our extension reads only what's required to interact with the page)
• Continuous screenshots, screen recordings, or bulk captures of your browsing — we do not record your session in the background.
• The HTML content of pages you visit
• Browsing history outside the portal you're actively monitoring
• Your phone number or any SMS-related data
• Your physical location (we use the timezone you picked, not GPS)

Where the data lives

• Firebase / Google Cloud (us-central1) — Firestore (account + workflow data), Cloud Functions (including optional alert fan-out when you're signed in), Firebase Auth (sign-in), Cloud Storage (short-lived alert preview images when uploads occur).
• Resend — transactional email delivery (sign-in, account notices). If we ship optional alert email later, those messages would pass through Resend only when you enable them in the extension.
• Payment processor (e.g. Lemon Squeezy) — used when we offer paid purchases; they handle cards, not us.
• Browser push providers — Apple Push Notification Service (APNS), Mozilla autopush, Google FCM. If we surface optional web push or cross-device delivery in the product, these providers carry those payloads; encryption uses the VAPID keypair your browser generates at subscription time.
• Cloudflare — DNS for slotowl.app. No traffic content visible to Cloudflare beyond DNS-level metadata.

How long we keep things

• Account & workflow data — until you delete your account.
• Alert dispatch logs — 30 days, then auto-purged.
• Anonymous telemetry — when that feature ships: approximately 90 days, then aggregated and per-day rows discarded (not collected in the current beta).
• Email logs (in Resend) — 30 days.
• Firestore daily backups — 7 days, in a Google Cloud Storage bucket in us-central1.

How to delete your account

Open the SlotOwl extension popup → click your name → "Delete account." This permanently deletes your Firebase Auth record, your workflows, your push subscriptions, and all alert logs. If you later made a purchase through our payment processor, retention of merchant records for tax and fraud-prevention follows that processor's policies — email hello@slotowl.app if you need help.

Your rights (GDPR / CCPA)

If you're in the EU, UK, or California, you have legal rights to access, correct, port, and delete the personal data we hold about you. The product gives you self-service for most of this; for anything else, email hello@slotowl.app and we will respond within 14 calendar days. We do not sell personal data, ever, to anyone.

Subprocessors

We rely on the following subprocessors to operate the service today. Each has a published privacy policy you can read independently.

• Google (Firebase, Cloud Functions, Firebase Auth, Cloud Storage)
• Resend (transactional email)
• Payment processor (when purchases are offered)
• Cloudflare (DNS for slotowl.app)

Product analytics & crash reporting: The shipping Chrome extension does not currently embed PostHog, Sentry, or similar SDKs. If we add one, we will update this page and ship the change in the extension before it activates — with anonymous, minimal payloads only.

Why this isn't open source (yet)

We get asked. Honest answer: SlotOwl is a niche paid utility, not a developer tool. The trust signal that open source provides (anyone can audit the code) is replaced here by this page being detailed enough that a security-conscious user can verify our claims by inspecting the extension bundle in Chrome's developer tools. The architecture is intentionally simple enough to verify by reading the network tab. We may revisit this post-launch.

How to verify the architecture claims yourself

Open the SlotOwl extension in Chrome. Open the developer tools on the popup (right-click → Inspect). Open the Network tab. Click around. You will see exactly two categories of outbound request:

1. Requests to slotowl-prod.firebaseapp.com and us-central1-slotowl-prod.cloudfunctions.net — our backend for sign-in, workflow sync, and (when you're signed in) optional remote alert fan-out. Desktop notifications themselves are raised locally in Chrome and do not require a network round-trip.
2. Requests to the portal you're monitoring — initiated from your tab, not the extension; same IP and session as you'd have manually.

That's the entire surface area. If you find a request that doesn't fit one of these two categories, that's a bug — please email hello@slotowl.app (subject: "security") immediately.

Updates to this policy

We will email everyone with an account when we make material changes. The "last updated" date at the top of this page tracks every change. Past versions are kept in our private git history; on request we will provide diffs.

Contact

Email: hello@slotowl.app — privacy questions, deletion requests, general support, all at this address.
Security disclosures: please see our security page and security.txt for the recommended channel.

Operator: greythinkinglab LLC, a US Limited Liability Company. SlotOwl is a product of greythinkinglab. We are not affiliated with any government agency or appointment portal mentioned anywhere on this site.