Privacy Policy

We collect the minimum data necessary to provide you with personalised insights and blocking functionality. The information we collect includes:

• Email address — collected when you create an account, used solely to identify your account and send essential service communications.
• Browsing frequency and duration — the number of visits and seconds of active time spent on websites you have chosen to track (flagged domains). No content of those pages is ever read.
• Visit timestamps — used to calculate late-night usage patterns for your personal dashboard only.
• Search queries — search terms entered on tracked sites (e.g. YouTube, PornHub) are optionally captured to improve your personal insights. These are stored only in your account and never shared.

We do not collect:

• Your full browsing history or any data from untracked sites
• Keystrokes, form data, or passwords
• Device identifiers, IP addresses (beyond what is standard in any HTTPS request), or location data
• Payment details — all billing is handled directly by Stripe

We use your data exclusively to:

• Generate personal insights and reports in your dashboard (e.g. "You visited flagged sites 12 times this week for 4.5 hours")
• Track your streak and dopamine score over time
• Enable the optional blocking and accountability buddy features you choose to activate
• Restore your session data when you log in on a new device

No data is used for advertising, sold to third parties, or used for any purpose other than the habit-improvement features you explicitly chose.

We do not sell, rent, or share your personally identifiable data with any third parties for marketing purposes.

We use the following sub-processors to operate the service:

• Railway — cloud hosting for the API and database
• Stripe — payment processing for premium subscriptions (we never see your card details)
• Resend — transactional email for support replies
• Google — optional Google OAuth sign-in

Each sub-processor is bound by data-processing agreements that prohibit use of your data for their own purposes.

• Local storage: Session data, blocked domains, and your API token are stored in Chrome's secure local extension storage and never leave your device except via encrypted API calls.
• Server storage: Usage metrics are stored in a PostgreSQL database hosted on Railway, accessible only to your authenticated account.
• Encryption in transit: All API traffic uses TLS 1.3.
• Encryption at rest: Metrics sent from the extension to the server are AES-256-GCM encrypted with a key derived from your JWT token before transmission.
• Retention: You may delete all your data at any time from the dashboard Settings page. Deleted data is permanently removed within 30 days. Uninstalling the extension clears all local data immediately.

• Access / Export: View your full usage history in the dashboard at any time.
• Deletion: Delete all history or your entire account with one click in Settings.
• Opt-out: Disable tracking entirely in the extension popup; blocking features remain available without any data being sent to the server.
• Uninstall: Removes all local data immediately.

If you are a resident of California, the EU/EEA, the UK, Canada, or another jurisdiction with data-protection rights, you may exercise additional rights (access, deletion, portability, objection) by contacting us at the address below. We respond to verified requests within 30 days.

Lokt is intended for users 18 years and older. We do not knowingly collect data from children under 13 (or 16 in jurisdictions where applicable). If we learn that we have collected data from a child without verifiable parental consent, we will delete it immediately.

We take reasonable technical and organisational measures to protect the data we hold. No system is 100% secure. If a breach were to occur, we would notify affected users via the dashboard and Chrome Web Store listing as required by law.

We may update this Privacy Policy occasionally. The "Effective Date" at the top will be revised. Continued use after changes constitutes acceptance. We will notify users of material changes via the extension or dashboard.

If you have questions about this Privacy Policy or your data, please contact us: