Privacy Policy

PinoDrive

How PinoDrive handles your disk data β€” plainly, completely, and honestly. Short version: your file names and folder structure never leave your machine.

πŸ“… Last updated: May 15, 2026 πŸ“¦ Extension: PinoDrive v1.0.0 🏒 Publisher: PencilCard
🌲
Plain-English Summary: PinoDrive scans your local disk and visualises it inside the extension popup. All file names, sizes, and folder structures are processed locally on your device and are never transmitted to PencilCard or any external server. The only network connections PinoDrive makes are to 127.0.0.1:7843 β€” a local helper program running on your own machine β€” which is entirely optional. No internet connection is required or made.

Contents

  1. Data We Collect
  2. How Data Is Stored
  3. Network Connections
  4. Permissions Justification
  5. Data Sharing
  6. Your Rights & Data Deletion
  7. Children's Privacy
  8. Policy Changes
  9. Contact

1. Data We Collect

PinoDrive does not collect, transmit, or store any personal data on external servers. All data described below is stored exclusively in your browser's local storage on your own device and is never sent to PencilCard or any third party.

Data stored locally on your device

  • Scan history summaries β€” after each scan, a summary is saved locally: the source label, total size, the name and size of the largest file found, and the name and age of the oldest item found. This summary is displayed in the Scan History panel. Full directory trees are held in memory only and discarded when the popup closes.
  • Savings history β€” a log of cleanup sessions: how many bytes were freed, how many items were deleted, and which source was scanned. Used to display your cumulative savings total. No file names from deleted items are retained.
  • Recent sources β€” the label and path of recently scanned folders, so you can re-scan them quickly. Stored locally; never transmitted.
  • Scan quota counters β€” monthly counts of scans run, used to enforce the free tier scan limit. No file content is included β€” only a numeric count per calendar month.
  • Future subscription status β€” reserved local storage for a future Free/Pro tier once paid Pro launches. The current production release is free-only.
  • Onboarding status β€” a single boolean indicating whether you have completed the initial setup walkthrough.
  • Theme preference β€” your choice of dark or light mode.
  • Donation prompt timing β€” a timestamp recording when the donation prompt was last shown, to enforce a 90-day cooldown between prompts.

Data that is never retained

  • Complete directory trees β€” held in-memory during a scan session and discarded when the popup closes or a new scan starts
  • File contents β€” PinoDrive reads only file names and sizes, never file content
  • Deleted file paths β€” once items are sent to the system trash, their paths are not stored by the extension
  • IP addresses, device identifiers, or fingerprinting data
  • Crash reports or diagnostic telemetry
ℹ️
Scan summaries include file names. The name of your largest file and oldest item are saved in scan history so PinoDrive can display meaningful history cards. If you prefer no names to be retained, you can disable scan history in Settings or clear it at any time.

2. How Data Is Stored

PinoDrive uses only one Chrome storage mechanism:

chrome.storage.local

All persistent extension data β€” scan history, savings history, recent sources, onboarding status, theme, and donation timing β€” is stored in chrome.storage.local. This data exists only on your current device. It is not synced to Google's servers, not accessible by other extensions or websites, and is removed automatically when you uninstall PinoDrive.

Note: chrome.storage.local is sandboxed to the extension and protected by your operating system's user account permissions. It is not additionally encrypted beyond that OS-level protection.

PinoDrive does not use chrome.storage.sync

No data is synced to Google's servers or any cloud service. All data remains on the device where PinoDrive is installed.

In-memory scan data

The full directory tree produced by a scan is held in the extension's JavaScript memory (via Zustand state) for the duration of the popup session. It is never written to any storage API. When the popup closes, all scan tree data is lost from memory.

3. Network Connections

PinoDrive's core scan workflow is local-first. By default it only connects to your own machine (loopback) for optional agent features. Optional connected plugins may access user-approved web hosts when you explicitly enable them.

Optional local agent β€” 127.0.0.1:7843

PinoDrive can optionally connect to a local helper program (the "PinoDrive agent") that runs on your computer at http://127.0.0.1:7843. This agent performs deep filesystem scans, moves files to the system trash, opens files in Finder, and compresses folders β€” operations the browser extension cannot do on its own due to Chrome's security sandbox.

This connection uses two protocols:

  • HTTP (http://127.0.0.1:7843) β€” used for commands such as trash, open, compress, and fetching available storage sources.
  • WebSocket (ws://127.0.0.1:7843) β€” used to stream real-time scan progress as the agent walks the directory tree.

Both connections go only to localhost β€” your own machine. No data crosses a network boundary. The agent is designed to bind exclusively to 127.0.0.1 and will not accept connections from any external host or IP address.

⚠️
The local agent is optional. PinoDrive works without it using your browser's built-in File System Access API. If you have not installed the agent, no connection to port 7843 is attempted. You can verify this yourself by checking your browser's network panel.

No other network connections

PinoDrive does not connect to PencilCard analytics, advertising, or tracking services. Outside of the optional local agent on 127.0.0.1:7843, PinoDrive makes no external network calls. No file names, paths, sizes, or scan trees are transmitted to any server.

4. Permissions Justification

The following permissions are declared in PinoDrive's manifest.json. Each permission is used exclusively for the feature described β€” never for tracking or analytics.

Permission Why it is needed
storage Stores scan history summaries, savings history, recent sources, onboarding status, theme preference, scan quota counts, and reserved future subscription status locally on your device using chrome.storage.local. No data is synced externally. Storage keys used: pinodrive_scan_summaries, pinodrive_past_savings, pinodrive_recent_sources, pinodrive_onboarding_complete, pinodrive_donation_last_shown, pinodrive_scan_count_*, pinodrive_subscription.
notifications Fires a desktop notification to confirm when a large cleanup completes (e.g. "Freed 5 GB β€” sent to Trash"). No notification content is transmitted anywhere.
alarms Schedules a periodic check to see whether the local agent is still running, so the connection status indicator stays accurate even when the popup is closed. Also enforces the donation prompt cooldown without requiring the popup to be open.
tabs Required to open file paths in a new browser tab when the user clicks a scan result, and to open the PinoDrive panel when the extension icon is clicked. No tab data is stored or transmitted.
downloads Required to reveal or open files in Finder/Explorer after a scan result is selected. The extension reads file path metadata in response to explicit user action only β€” no download data is stored or transmitted.
scripting Required to inject the PinoDrive interface into new browser tabs opened during a scan session, ensuring the panel UI loads correctly when launched from the extension icon. No scripts are injected into third-party websites.
host: http://127.0.0.1:7843/* Allows the extension to send HTTP requests to the optional local agent running on your own machine. This host is loopback-only and cannot be reached from outside your device.
host: ws://127.0.0.1:7843/* Allows the extension to open a WebSocket connection to the local agent for streaming real-time scan progress. Same loopback host β€” data never leaves your machine.

5. Data Sharing

PencilCard does not sell, rent, trade, or otherwise share your personal data with any third party.

PinoDrive does not transmit scan trees, file names, paths, or sizes to PencilCard servers. Optional plugin connections are direct browser-to-service requests only after user enablement, and are scoped to the optional hosts you grant.

Because the core product does not store user data on our servers, we cannot be compelled to share it. If you enable optional cloud features, those providers’ policies will apply to any transmitted data.

6. Your Rights & Data Deletion

Because all data is stored locally on your device, you have complete control at all times.

Delete all PinoDrive data

Open the PinoDrive popup β†’ Settings β†’ "Clear all extension data". This permanently deletes scan history, savings history, recent sources, scan quota counters, plugin cache, plugin preferences, any reserved future subscription status, onboarding status, and all other preferences from your device.

Delete specific data types

Scan history can be cleared individually in the Scan History panel. Recent sources can be removed one at a time from the source list. Theme and other preferences reset to defaults when you clear all data.

Uninstall

Uninstalling PinoDrive from Chrome removes all locally stored data automatically. Because PinoDrive does not use chrome.storage.sync, no data remains in any cloud service after uninstall.

Access your data

All data PinoDrive stores is directly inspectable in Chrome DevTools β†’ Application β†’ Storage β†’ Extension Storage. Keys used: pinodrive_scan_summaries, pinodrive_past_savings, pinodrive_recent_sources, pinodrive_onboarding_complete, pinodrive_donation_last_shown, pinodrive_scan_count_* (monthly scan quota counters), and pinodrive_subscription (reserved future subscription tier).

Local agent data

The optional local agent stores a cache of scan results on disk at ~/.pinodrive/. This cache is managed by the agent, not the extension. You can delete it manually at any time by removing that directory, or by uninstalling the agent.

Your rights under UK & EU data protection law

Because PinoDrive stores all data locally on your device and transmits nothing to PencilCard servers, you already hold the fullest possible control over your data. Specifically, under UK GDPR and EU GDPR, you have the right to:

  • Access β€” all data PinoDrive holds is directly inspectable via Chrome DevTools β†’ Application β†’ Storage β†’ Extension Storage.
  • Rectification β€” you can edit or overwrite any stored preference directly in extension settings.
  • Erasure β€” use Settings β†’ "Clear all extension data" or uninstall the extension to permanently remove all data.
  • Portability β€” all data is stored in plain JSON within Chrome's extension storage and can be exported from Chrome DevTools.

For data held by third-party services you interact with (Google Chrome sync infrastructure, any future optional cloud integrations), please exercise your rights directly with those providers. For any privacy enquiries about PencilCard's handling of your data, email privacy@pencilcard.com.

7. Children's Privacy

PinoDrive does not knowingly collect any information from children under 13. As no personal data is collected or transmitted to any server, the extension is suitable for all ages. Parents should note that the extension can read folder names and file names on any directory the user grants access to β€” it is intended for use on the account holder's own storage.

8. Policy Changes

We will update this page if the privacy practices of PinoDrive change. Significant changes β€” such as any new data collection or new external network connections β€” will be communicated via a notice in the extension update and an update to the "Last updated" date above. For minor clarifications we update the effective date only. We will not retroactively apply material changes to data already collected without notifying you first.

The current version of this policy is always accessible at pencilcard.com/privacy-pinodrive.

9. Contact

For privacy-related questions about PinoDrive, contact us at:

We aim to respond within 5 business days.

← Company Privacy Policy Back to PinoDrive