# Privacy Policy — Mouth State Detector

This policy describes what data the **Mouth State Detector** Chrome extension

("the extension") accesses, how it is processed, and what is or is not sent

off your device. It is written to be precise and honest: the goal is to let

you verify the claims by reading the source code if you wish.

---

## 1. Summary

- **Webcam video is processed 100% locally in your browser.** No frame, image,

  or any visual data ever leaves your computer.

- The extension stores your **settings** and a random **anonymous ID** in your

  browser's local storage.

- Optional **anonymous usage analytics** (3 simple events, no personal data) are

  sent to PostHog. You can disable them at any time from the Settings tab.

- The extension does **not** sell, share, or monetize your data, and does not

  track your browsing.

---

## 2. Webcam access

### 2.1 Why we need it

The core feature of the extension is real-time detection of mouth state

(closed, open, speaking) from your webcam. To do this, the extension requests

access to your camera through the standard browser permission prompt. You can

revoke this permission at any time from your browser settings.

### 2.2 What we do with the video

The video stream is fed directly into Google's **MediaPipe FaceLandmarker**,

which runs entirely inside your browser as a WebAssembly module. The extension

extracts a small set of numeric features (the vertical distance between two

mouth landmarks, normalized by the distance between the eyes) and uses them to

classify the mouth state.

### 2.3 What we do NOT do with the video

- We **do not** record, save, upload, transmit, stream, or share any video

  frame, image, or screenshot.

- We **do not** perform face recognition, identity inference, emotion

  inference, biometric profiling, or any kind of identification.

- We **do not** retain any visual data: each frame is processed and immediately

  discarded.

- The webcam is active only while you have explicitly clicked "Start webcam"

  and remains active until you click "Stop" or close the extension.

You can verify all of this by reading the source code — in particular the

`processFrame()` function in `src/popup.ts`.

---

## 3. Data stored locally on your device

The extension uses your browser's `localStorage` to persist three pieces of

information **on your device only**:

| Storage key | Content | Purpose |

|---|---|---|

| `msd_config_v1` | Detection thresholds, alarm settings, chosen sound | Restores your calibration between sessions |

| `msd_analytics_enabled_v1` | `"1"` or `"0"` | Remembers your analytics opt-in/out choice |

| `msd_distinct_id_v1` | A random UUID generated by your browser | Lets PostHog count unique installs (only if analytics are enabled) |

This data never leaves your device unless you explicitly export it. Removing

the extension or clearing your browser's site data deletes it.

---

## 4. Optional anonymous analytics

If analytics are enabled (default: ON, can be turned off at any time from the

Settings tab), the extension sends **three event types** to PostHog

(https://posthog.com), an analytics provider hosted in the EU

(`eu.i.posthog.com`):

| Event | When it fires | Properties sent |

|---|---|---|

| `popup_opened` | Each time you open the extension UI | none |

| `detection_started` | When you click "Start webcam" and detection begins | none |

| `detection_stopped` | When detection ends or the popup closes | `duration_seconds` (rounded integer) |

Each event is associated with the random anonymous ID stored locally

(`msd_distinct_id_v1`). PostHog's standard automatic event capture, session

recording, surveys, feature flags, and external dependency loading are all

**disabled** in our configuration (see `src/analytics.ts`).

### 4.1 What we do NOT send to PostHog

- No webcam data, no images, no landmarks, no detection results.

- No personal information (name, email, IP-derived identity).

- No browsing history, page content, or activity outside the extension.

- No precise location.

### 4.2 What PostHog may automatically receive

Like any HTTP request, PostHog's servers see the originating IP address and

basic user-agent information at the network level. PostHog's own privacy

practices are documented at https://posthog.com/privacy.

### 4.3 How to opt out

Open the extension → **Settings** tab → **Privacy** → click "Enabled" to

toggle it to "Disabled". From that moment, no further events are sent.

You can also disable analytics by clearing the extension's local storage.

---

## 5. Third parties

| Third party | What it does | When it is contacted |

|---|---|---|

| **PostHog** (`eu.i.posthog.com`, `eu-assets.i.posthog.com`) | Anonymous analytics | Only when analytics are enabled, on the 3 events listed in §4 |

| **PayPal** (`paypal.com`) | Donations | Only if you click "Send" in the "Buy me a coffee" popover. Opens PayPal in a new tab; the extension itself sends nothing |

| **Google MediaPipe** | Face landmark detection | Bundled locally in the extension; runs offline. No network calls |

The extension does not load any other external script, image, or resource at

runtime, except the Google Fonts stylesheet referenced in `popup.html`

(visual styling only).

---

## 6. Permissions explained

The extension's `manifest.json` declares these permissions:

- **`tabs`**: required to open the extension UI as a regular browser tab

  (needed because Chrome closes the small popup when the webcam permission

  prompt appears).

- **Host permission `https://storage.googleapis.com/*`**: declared as a fallback

  for downloading the FaceMesh model; in practice the model is bundled inside

  the extension and no download occurs at runtime.

- **Webcam access** (granted via the standard browser permission prompt, not

  through `manifest.json`): required for the core detection feature.

---

## 7. Data retention

- **Local data** persists on your device until you remove the extension or

  clear browser data for it.

- **Analytics events** are retained by PostHog under its default retention

  policies (see https://posthog.com/privacy). Because no personal identifier

  is sent, you cannot personally request deletion of specific events; you can,

  however, prevent any further events from being collected by opting out

  (§4.3) or by uninstalling the extension.

---

## 8. Children's privacy

The extension is not directed at children under 13 and does not knowingly

collect any data from them. Since the only data collected is anonymous and

contains no identifiers, the extension cannot infer the age of its users.

---

## 9. International users

PostHog data is stored on servers located in the European Union. The

extension does not transfer data to other jurisdictions.

---

## 10. Changes to this policy

If this policy changes materially, the updated version will be published in

the extension's repository and on the Chrome Web Store listing, with the

"Last updated" date above revised accordingly. Continued use of the extension

after the change indicates acceptance of the updated policy.

---

## 11. Contact

For questions, requests, or to report a privacy concern:

**Email:** tranquillini.edo@gmail.com

---

## 12. Source code

The extension is open in the sense that any reviewer can inspect the

distributed bundle. The behaviors described in this document can be verified

by reading the source — in particular:

- `src/popup.ts` — webcam pipeline, frame processing

- `src/analytics.ts` — PostHog configuration and event list

- `manifest.json` — declared permissions and CSP