Privacy Policy
Last updated: 2026-06-15
Krendo is a free, local-first Chrome extension — no account, no analytics SDK, no telemetry endpoint. This page describes what data the extension handles, where it goes, and how the krendo.app website behaves when you visit it. (Short version: we collect nothing on a server; the only things that leave your browser are the text you explicitly translate and a small announcements file.)
Your saved words live on your device
Every word you save is stored in your browser’s IndexedDB (via Dexie). That database is private to your browser profile on your computer. We have no server that holds a copy. If you uninstall the extension and don’t export first, those words are gone — there’s nothing for us to restore.
How to delete your data. Remove a single word from the saved-words list at krendo.app/words(the row’s overflow menu → Remove), or wipe everything by uninstalling the extension — Chrome deletes the local IndexedDB with it. There is no server-side copy and no recovery step on our end.
What leaves your device, and where it goes
Three things:
- The text you ask to translategoes to Google Translate’s public translation endpoint at
translate.googleapis.com. We send the selected text and the source/target language pair. We do not attach an account identifier, an extension identifier, or any header that points back to you. Google’s privacy policy applies to that request. - The text you ask to heargoes to Google’s text-to-speech endpoint at
translate.google.comwhen you press the play button. Same shape: just the text, no identifiers from us. - The popup’s announcement feed— a small JSON file fetched from
krendo.app/api/announcementsat most once every 24 hours, cached locally between fetches. It’s a regular HTTP request: your IP and user-agent are visible to our host (Vercel) like any website visit, but we send no extension identifier and no user-specific parameters. The response is a list of card definitions; we never read your saved words to build it.
Your saved words, your notes, your tags, your review history — none of that is sent anywhere. The translation request only knows the sentence in front of you right now. All requests above are HTTPS-encrypted in transit.
Permissions the extension asks for
- Read and change your data on websites you visit (
host_permissions: https://*/*) — required to inject the inline translation panel onto the page you selected text on. The extension only reads selected text and writes the panel; it does not scrape, monitor, or transmit page contents. - Read and change your data on local files (
host_permissions: file:///*) — required for inline translation on PDFs and offline files. Chrome additionally requires you to enable a per-extension “Allow access to file URLs” toggle inchrome://extensionsbefore the extension actually attaches tofile://pages. - Storage— required to keep your saved words and language preferences in IndexedDB and
chrome.storage. - Alarms (
alarms) — wakes the service worker once a day so the toolbar badge reflects the latest activity card without you having to open the popup. - Network request rerouting (
declarativeNetRequestWithHostAccess) — used solely by the opt-in PDF viewer to send PDF URLs to the bundled viewer page. It does not modify other network traffic.
No analytics, no tracking — in the extension
The extension itself does not include Google Analytics, PostHog, Mixpanel, Sentry, or any other third-party SDK. There is no telemetry endpoint we control. The website is a separate surface; see below.
This website
krendo.app is hosted on Vercel. Like any web host, Vercel records standard request logs (IP address, user-agent, requested path) for each page view. Two lightweight Vercel measurement layers also run:
- Vercel Web Analytics (
@vercel/analytics) — anonymous page view counts and referrers. Cookieless by design, does not build a profile across sites, does not require consent under GDPR / ePrivacy. We use it to see which marketing pages people read, in aggregate. - Vercel Speed Insights (
@vercel/speed-insights) — samples anonymous Web Vitals (page load timing, layout stability) so we can spot performance regressions. Also cookieless.
The only cookies this site sets are functional: NEXT_LOCALE (marketing-page language preference) and krendo.uiLocale (dashboard language preference, set only if you visit /app). Both are SameSite=Lax, last for one year, and are never sent to a third party.
If this ever changes — for example, if third-party analytics or advertising land on this site — the page is updated first, with a dated note at the top and a consent prompt where required by law. The extension’s zero-data posture above is not affected by anything we add to the website.
Voluntary exit feedback
If you remove the extension, Chrome can open one page — krendo.app/uninstall— where I ask why. Opening that page sends nothing by itself. If you pick a reason, we store one row in a small database: the reason (from a short fixed list), an optional short note you type, the page’s language, and a timestamp. That’s it — no account, no extension identifier, no browser fingerprint, and no IP address kept in that row. It’s anonymous and there’s no way to connect it back to you or your saved words. The separate “Send feedback” link in the extension’s popup menu opens an email instead — that one is unaffected by this and stays voluntary, written by you, never automatic.
In-product feedback
Inside the app there are a few quiet, optional ways to tell me what’s missing or off — a card on your dashboard and a short form on the /support and /feedback pages. Like the exit survey, sending one stores a single anonymous row: a reason from a short fixed list, an optional note you type, which surface it came from, the page’s language, and a timestamp. No account, no extension identifier.
One difference: that form lets you optionallyleave an email — only if you want a reply when the thing you mentioned ships. If you do, it’s stored with that one feedback row and used for exactly one purpose: replying to you about that feedback. It is never added to a mailing list, never used for marketing, and never shared. Leave it blank and the row stays fully anonymous. To have an email (or any feedback) removed, write to hello@krendo.app.
Data we don’t collect, share, or sell
We do not sell user data. We do not share it with third parties for purposes unrelated to translating the text you asked to translate. We do not use it to build a profile, train a model, or determine creditworthiness. There is no Krendo backend that holds your saved-words list, your review history, your notes, or your tags.
Children
The extension is suitable for general use and doesn’t collect anything about anyone. There’s no age-gate because there’s nothing to gate.
Changes to this notice
If anything material changes — for example, if a future version ever introduces optional cloud sync — this page will be updated before the change ships, with a dated note at the top.
Contact
- A server holding your words
- An account database
- Analytics SDKs (Google Analytics, PostHog, Mixpanel, Sentry)
- Tracking pixels or ad cookies
- Cloud sync between your devices
- A way for us to reset your password — there is no password
If any of this changes — for example, an opt-in cloud sync arrives as a paid tier — the change lands on this page first, in writing, before it ships. See Changes to this notice above.