Privacy Policy
How we collect, use, and protect your data.
Privacy Policy (Draft)
Applies to: the StepMarker Chrome extension and its companion server.
Version date: 2026-05-23
This is a draft privacy policy pending store submission and legal review. The public web version is generated with
npm run site:buildtogether withRELEASE_*environment variables. Before final submission, the legal entity, contact emails, data region, production database/object storage providers, payment provider, and AI provider names must be completed.
What we provide
StepMarker helps users turn browser workflows into presentable, editable, and exportable instructional material. Users can record web page actions, capture key step screenshots, generate step annotations, edit step copy, and export ZIP screenshot packages, HTML guides, PDFs, or GIFs.
Data we collect
Account data
- Clerk account identifier.
- Clerk account email, display name, and avatar.
- Clerk session token.
- Plan, quota, usage, and billing status.
Recording data
Only after the user explicitly starts a recording, the extension collects data needed to generate operation guides on the current browser page:
- Operation event types, such as click, right-click, input, scroll, focus, hover, and page navigation.
- Event timestamps.
- The target element's tag name, selector, visible text, selected attributes, position, and size.
- Mouse position, viewport size, and scroll information.
- Screenshots associated with events.
- Step titles, intent descriptions, notes, annotation positions, and template choices filled in or modified by the user in the editor.
Server-processed data
When the user signs in and connects to the server, the extension sends the data required to generate annotations to the server:
- Sanitized operation events.
- Screenshots related to step annotations.
- The user's chosen language, template, and custom rules.
- Recording project metadata.
- Usage counters for annotations, recordings, and exports.
- Cost logs of AI provider calls, such as status codes, retry counts, character counts, and token usage.
- If voice generation is enabled: narration text, voice generation job metadata, and generated audio assets.
Payment data
In production, Waffo hosted checkout, customer-session subscription cancellation, and server-side webhooks are used to manage paid status. The extension does not directly handle bank card numbers or payment credentials. The server only stores the payment status, plan, period end time, payment event IDs, and payment provider identifiers needed to manage subscriptions and quotas.
Data we do not collect
- The extension does not store model provider API keys.
- The extension does not store server-side AI prompts.
- The extension does not proactively read the browsing history list.
- The extension does not capture page operation events unless a recording has been started.
- The extension is not used for advertising profiling or cross-site tracking.
Sensitive data handling
Before calling AI annotation, the server sanitizes event content:
- Email addresses are replaced with
[email]. - Long numbers such as phone numbers and bank card numbers are replaced with
[number]. - Common token or secret shapes are replaced with
[token]. - Sensitive attributes such as password, token, api-key, authorization, and cookie are replaced with
[filtered]. - Values of password, email, phone, and credit card input fields are replaced with
[filtered]. - Individual text segments are length-limited to avoid uploading overly long page content.
Because screenshots may contain information visible on the page, users should avoid recording pages with highly sensitive information, or delete the related steps before exporting or sharing.
Purposes of use
We use the data above to:
- Record browser workflows explicitly chosen by the user.
- Generate screenshots, GIFs, PDFs, and HTML guides.
- Generate and edit step descriptions, text annotations, and highlights.
- Generate AI voice narration when requested by the user; product UI and help materials should clearly disclose that the voice is AI-generated and not a real human recording.
- Identify account identity and sync plans and quotas.
- Prevent quota bypass, abuse, and abnormally high-cost calls.
- Process subscriptions, refunds, cancellations, and renewal failures.
- Respond to user data deletion requests.
- Diagnose server errors and AI provider call failures.
Local storage
The extension stores on the user's device:
chrome.storage.local: recording state, event metadata, server address, Clerk session configuration, template selection, annotation config, and temporary export state.- IndexedDB: event screenshots, in a database named
op-recorderwith an object store namedscreenshots. - Downloads folder: ZIP, HTML, PDF, or GIF files actively exported by the user.
Users can stop recording, start a new recording, or delete account data to clear the current local recording state. Files exported to the downloads folder are managed by the user.
Server storage
The current local development server uses a JSON file specified by DATA_FILE to store accounts, usage, recordings, billing, and cost logs. Production should use a proper database and object storage, and the following must be completed before release:
- Database provider.
- Object storage provider.
- Data region.
- Key screenshot object storage provider, used to store references of screenshots produced by user-initiated recordings.
- Production backup, log deletion, and access audit policies are documented in
docs/PRODUCTION_OPERATIONS.md.
Data retention and deletion
Currently implemented:
- Users can invoke "Delete account data" inside the extension.
DELETE /api/medeletes the current user's server-side recordings, usage, billing status, billing events, cost logs, alert events, and TTS jobs/assets.- After successful deletion, the server stores an irreversible hash revocation marker of the current session token until the token expires, to block the old session from accessing the API.
- The extension clears the current local recording state and Clerk session configuration.
Recommended before production release:
- Default retention periods for server-side recordings and exports, e.g. 30 days for free users and 180 days for paid users.
- Retention periods for cost logs and security audit logs, e.g. 90 days.
- Maximum deletion latency for backup data.
- Processing time limits for data deletion requests made via email.
Data sharing
We only share data to the extent necessary to provide product functionality:
- Clerk: for user sign-in and authentication.
- AI providers: the server sends sanitized events and necessary screenshots when generating annotations; when voice generation is enabled, narration text is sent to generate AI voice.
- Waffo Pancake: for hosted checkout, subscription cancellation, subscription status, and webhook events.
- Cloud infrastructure providers: for hosting the server, database, logs, and object storage.
We do not sell user data, and we do not use recorded content for ad targeting.
Clerk and Limited Use
Clerk account information is only used for sign-in, displaying the current user, managing plans and quotas, and processing account deletion. It is not used for ad targeting, selling data, or cross-site tracking unrelated to product functionality. Social sign-in and email codes, verification links, or password checks are handled by Clerk; this product does not store passwords or run a separate email-verification service.
Security measures
- AI prompts, model configuration, and provider API keys are only read on the server.
- The extension only stores Clerk session configuration, not model provider keys.
- The production Clerk path verifies the session token on the server.
- Billing webhooks support HMAC-SHA256 signature verification and event idempotency.
- Annotation endpoints have basic per-user rate limiting.
- The server records provider call status and retry counts for cost and anomaly troubleshooting.
Recommended before production release:
- HTTPS everywhere.
- Database encryption and private object storage access.
- Production log redaction.
- Least-privilege admin access and access auditing.
- Abnormal cost alerts and abuse blocking policies.
Children's privacy
This product is intended for individuals or organizations that need to create web operation demonstrations, and is not directed at children. If a child's account or unauthorized data is found to have been submitted, it should be deleted through official support channels.
Contact
- Legal entity:To be completed before public release
- Privacy contact email:privacy@stepmarker.com
- Support email:support@stepmarker.com
- Company address:To be completed before public release