Skip to main content

Privacy Policy

Last updated: January 30, 2026

1. Introduction

Sofia is a browser extension that helps users transform their browsing activity into structured knowledge and on-chain signals.

This Privacy Policy explains what data we collect, how and why we process it, how it is stored, when it is shared, and what control you have over your data.

Sofia does not operate any data center, server, or centralized database to store your personal data. All user data is stored locally on your device in Chrome's extension storage. The only data that exists outside your device is what you explicitly choose to publish on the blockchain — a user-initiated action that always requires your wallet approval.

By installing or using Sofia, you agree to the practices described in this Privacy Policy.

2. Data We Collect

2.1 Browsing Activity (Optional & User-Controlled)

When browsing tracking is enabled by the user, Sofia may collect:

  • Page URLs visited (tracking parameters such as utm_*, fbclid, gclid are automatically removed)
  • Page titles (common site suffixes such as "– YouTube" are removed)
  • Page metadata (keywords, description, Open Graph type, primary headings)
  • Time spent on each page
  • Timestamps of visits

To protect user privacy:

  • A minimum 3-second threshold is required before a visit is recorded
  • Sensitive pages are automatically excluded, including:
    • Login and authentication flows
    • Banking, payment, and checkout pages
    • Email providers
    • CAPTCHA services
    • Advertising and tracking networks

Tracking can be disabled at any time in the extension settings.

2.2 Browsing History and Bookmarks (Limited Access)

Sofia uses Chrome's APIs with strict limits:

  • History: Reads up to 300 recent URLs (URLs only, no page content) to extract themes and match intention groups
  • Bookmarks: Reads up to 500 bookmarks (URL and title only) during onboarding to initialize user preferences

All entries are filtered to exclude sensitive patterns such as login, bank, payment, auth, password, checkout, admin, OAuth, and CAPTCHA.

2.3 Wallet Information

When you connect a wallet, Sofia may collect:

  • Ethereum wallet address (via EIP-6963 wallet discovery)
  • Wallet provider name (e.g. MetaMask, Rabby)
  • On-chain interactions with the Intuition Protocol (signals, certifications, deposits)

Sofia never accesses or stores private keys, seed phrases, or wallet balances, except where strictly required by your wallet provider to sign a transaction.

2.4 Social / OAuth Connections (Optional)

When you voluntarily connect a social account, Sofia requests read-only access only:

  • YouTube: Channel info, playlists, subscriptions (scope: youtube.readonly)
  • Spotify: Profile, followed artists, top tracks/artists (scopes: user-read-private, user-follow-read, user-top-read)
  • Twitch: Profile, followed channels (scopes: user:read:follows, user:read:subscriptions)
  • Discord: Profile, email, guild membership (scopes: identify, email, guilds)
  • Twitter/X: Profile information only (scopes: users.read, tweet.read)

OAuth access and refresh tokens are stored locally, isolated per wallet address.

2.5 User Preferences

  • Browser dark/light mode preference (used only for UI theme matching)

3. Legal Basis for Processing (GDPR)

Sofia processes personal data under the following legal bases:

  • User consent (Art. 6(1)(a)) — for browsing tracking, OAuth connections, and wallet interactions
  • Legitimate interest (Art. 6(1)(f)) — to operate, secure, and improve core extension functionality
  • Contractual necessity (Art. 6(1)(b)) — to provide services explicitly requested by the user

You may withdraw consent at any time via the extension settings.

4. How We Use Your Data

Sofia processes data for the following purposes:

  • Local page analysis and theme classification
  • URL normalization and metadata cleanup
  • AI-assisted theme extraction and recommendations
  • Quest progression and XP tracking
  • Intention group matching and level progression
  • Grouping browsing activity into temporary sessions

Session data is cleared when the browser restarts.

5. Data Storage and Retention

5.1 Local Storage

Most data is stored locally using Chrome's extension storage:

  • OAuth tokens and social data
  • Quest progress and XP
  • Browsing session data
  • User preferences and settings
  • Intention group data

5.2 Per-Wallet Data Isolation

All data is isolated per wallet address. When a different wallet is detected, the previous wallet's local data is cleared.

5.3 Retention Periods

  • Session data: Cleared on browser restart
  • Quest tracking: Retained up to 120 days
  • OAuth tokens: Stored until disconnected by the user
  • Local data: Retained until cleared or extension is uninstalled
  • Blockchain data: Permanent and publicly visible by design

6. Data Sharing and External Services

Sofia does not sell, rent, or share personal data for advertising or marketing purposes.

6.1 Intuition Protocol (Blockchain)

User-initiated actions (signals, certifications, deposits) are written on-chain. On-chain data is public and immutable.

6.2 Intuition GraphQL API

Read-only queries are used to retrieve public blockchain data. No personal data is transmitted.

6.3 AI Processing Service

Page URLs, titles, keywords, and descriptions may be sent to Sofia's AI service for:

  • Theme extraction
  • Content recommendations
  • Chatbot interactions

Wallet addresses may be included to personalize results.

6.4 OAuth Platform APIs

When connected, Sofia communicates with the respective platform APIs to retrieve the data described in Section 2.4.

6.5 Authentication (Privy)

Wallet authentication is handled via Privy. Authentication tokens and wallet connection metadata are exchanged securely.

6.6 IPFS

Metadata for published signals may be stored on IPFS, a decentralized and public storage network.

7. Chrome Permissions Justification

Sofia requests permissions strictly necessary for its functionality, including: storage, history, tabs, activeTab, sidePanel, bookmarks, identity, offscreen, scripting, and host permissions (all URLs).

Each permission is used solely for the purposes described in this policy.

8. User Controls and Rights

You can:

  • Enable or disable browsing tracking
  • Clear all local data
  • Disconnect your wallet
  • Revoke OAuth connections
  • View all on-chain activity publicly via the Intuition block explorer

Under GDPR, you may also request access, deletion, or restriction of your personal data where applicable.

9. Data Security

  • Local data is encrypted using Chrome's storage mechanisms
  • Wallet actions require explicit user approval
  • No passwords, private keys, or seed phrases are stored
  • HTTPS is enforced for all external communications
  • OAuth state parameters are cryptographically protected
  • RPC and GraphQL requests are rate-limited and cached

10. Children's Privacy

Sofia is not intended for users under 13 years of age. We do not knowingly collect data from children under 13.

11. International Data Transfers

Some services used by Sofia operate outside your country of residence. By using Sofia, you consent to such transfers in accordance with applicable data protection laws.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected in the "Last updated" date. Continued use of Sofia constitutes acceptance of the updated policy.

13. Contact

For privacy questions or data requests: