Privacy policy for Habeas
Habeas by David Marín Carreño
Privacy policy for Habeas
Habeas is a free, open-source (AGPL-3.0) browser extension that helps you extract your own personal data — receipts, invoices, card and investment records — from services that offer no API or export, entirely inside your own, already-authenticated browser session. Habeas is not a company and runs no servers that see your documents. This policy explains, plainly, what the extension touches and where anything goes.
The short version: Habeas is local-first. Your documents and your login session never leave your browser unless you choose a destination. It never reads, stores, or transmits your passwords. It only ever sends your data to a place you pick (a download, a local folder, your own Google Drive, or an endpoint you configure).
- What data Habeas accesses
Your own account data on services you are logged into (e.g. a store's receipts), read through the service's own web API using the session you already established in your browser.
Session tokens/headers needed to make those requests. These live only in memory (storage.session), are never written to disk, and are cleared when the browser closes.
Extension settings you create (which sources/destinations are enabled), a delivery ledger (to avoid re-downloading), and a local activity log — stored on your device (storage.local) and never sent anywhere by Habeas.
Habeas never reads, stores, transmits, or autofills your credentials. You log in yourself, including any MFA. There is no background scraping while you are away.
- Where your data goes (destinations)
Nothing leaves your browser unless you select a destination for a document. The destinations are:
Download — a file saved by your browser to your computer.
Local folder — written to a folder you pick on your device.
Google Drive — see section 3.
HTTP endpoint — a URL you configure (e.g. a personal-finance app you use).
- Google user data (Google Drive)
If, and only if, you connect Google Drive as a destination, Habeas requests the https://www.googleapis.com/auth/drive.file scope.
This scope grants access only to files Habeas itself creates in your Drive (your exported documents and a manifest). Habeas cannot see, read, or modify any of your other Drive files.
The Google OAuth access token is stored only in memory (storage.session) and used solely to upload the documents you asked Habeas to export to your Drive.
Google user data is not sold, shared, transferred to third parties, used for advertising, or used to train any model.
Limited Use disclosure. Habeas's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
- Community sources catalog
The extension can browse a public catalog of community-contributed "source" definitions (habeas-dev.github.io/sources). These are static JSON files describing how to read a given service. Browsing or installing them sends no personal data.
- Ratings & comments (optional)
If you rate or comment on a source, that text and star rating are sent to api.habeas.dev and stored so others can see them. To limit abuse we store a salted hash of your IP address (never the raw IP) for rate-limiting. No account, name, or email is required or collected. Don't submit personal information in a comment.
- Site integrations (external hooks)
A website you use may ask Habeas to set up a data flow or to collect on your behalf. This never happens silently: a site can only route data back to its own origin, and nothing is registered or run until you explicitly approve it in Habeas. You can revoke any such integration at any time in Settings.
- Analytics & tracking
The extension contains no analytics, telemetry, or third-party trackers, and self-hosts its fonts (no third-party font requests).
- Data retention & your control
Everything Habeas keeps lives on your own device. Remove documents from a destination as you would any file; clear the extension's settings, ledger, and activity log at any time from its options or by removing the extension. Session data is memory-only and gone when you close the browser.
- Legal basis
Habeas operates on your own data, in your own session, via software you run (GDPR Art. 20 data portability / habeas data). Each service's Terms of Service may restrict automated access; complying with them is your responsibility.
- Children
Habeas is not directed to children under 13 (or the equivalent minimum age in your jurisdiction).
- Changes
We may update this policy; the "Last updated" date will change and material changes will be noted in the GitHub repository.
- Contact
Questions or requests: open an issue at github.com/habeas-dev/habeas.