Last updated: March 9, 2026
Overview
The Vybit browser extension ("the Extension") is developed by Flatirontek LLC. This policy describes what data the Extension accesses, how it is used, and how it is stored.
Data the Extension Accesses
Authentication token. When you sign in, the Extension receives an OAuth2 access token from the Vybit server. This token is used to authenticate your connection and receive your notifications. The Extension never handles your email address, password, or any other account credentials — authentication is performed entirely on the Vybit website via a secure OAuth2 flow with PKCE.
Notification content. When a vybit is triggered, the Extension receives the notification payload from the Vybit server. This includes the vybit name, description, message text, sound file URL, and optional image URL. This data is used to play the notification sound and display a desktop notification.
How Data Is Stored
- The OAuth2 access token is stored locally in your browser using the Chrome extension storage API (
chrome.storage.local). It is accessible only to the Extension and is never transmitted to any third party.
- Notification content is displayed and then discarded. It is not stored persistently.
- No data is written to disk outside of the browser's extension storage.
Network Connections
The Extension makes the following network connections, all to Vybit servers:
- OAuth2 authentication —
https://app.vybit.net (during sign-in only)
- Token validation —
https://app.vybit.net/service/test (on startup)
- Real-time notifications —
https://app.vybit.net (persistent Socket.io connection)
- Sound files —
https://vybit.net/sounds/ (when playing notification sounds)
No connections are made to any other servers. No analytics, tracking, or telemetry data is collected or transmitted.
Data Collection and Sharing
The Extension does
not collect, transmit, share, or sell any user data. The Extension does not use cookies, analytics services, or advertising networks.
Permissions
The Extension requests the following browser permissions:
- identity — To perform the OAuth2 sign-in flow
- notifications — To display desktop notifications
- offscreen — To maintain the background connection and play sounds
- storage — To store the authentication token locally
- alarms — To periodically verify the background connection is active
- Host access to *.vybit.net — To connect to Vybit servers for authentication, notifications, and sound playback
Open Source
The Extension source code is publicly available at
https://github.com/flatirontek/vybit-browser-extension.
Changes to This Policy
If this policy is updated, the revised version will be posted at the same URL with an updated date.
Contact
For questions about this policy or the Extension, contact
developer@vybit.net.
