Browser extension
Extension privacy
How the Focus extension handles your browsing data. Local-first by design; only aggregate counts sync to your account if you opt in.
Quick answer
The extension is the most privacy-sensitive surface in the product because it touches your browsing. The design is local-first on purpose: anything we can avoid sending to our servers, we avoid.
Privacy by design
The extension follows two principles:
- Process locally where possible. Block-list matching, page scanning, and per-page tracking happen in your browser.
- Aggregate before sync. Anything that needs to leave your device gets aggregated to counts and durations first. Raw URLs never sync.
What stays on your device
- Browsing history — every URL you visit. Used by the extension for block-list matching and for the in-extension popup's "today" stats.
- Page content — when keyword filtering is on, the extension scans rendered text. The text is never extracted or saved.
- Block events with URL detail — the local extension knows which URL was blocked; the cloud only sees that "1 block fired" with no URL attached.
What syncs (and only what syncs)
If you have analytics enabled in the dashboard:
- Block counts — "12 blocks today across all categories".
- Time totals — "2h 15m of browsing across non-blocked domains".
- Top blocked categories — category names with counts.
Always:
- Your block-list configuration — focus modes, custom keywords, custom sites. Needed for cross-browser sync.
- Sign-in token — to identify your account.
If analytics is off, no analytics data syncs. The extension is still useful (blocking still works) but the dashboard analytics page is empty.
Encryption
| Data type | In transit | At rest |
|---|---|---|
| Block-list config | TLS 1.3 | AES-256 |
| Aggregate analytics | TLS 1.3 | AES-256 |
| Sign-in token | TLS 1.3 | Browser secure storage |
Block-list config and aggregate analytics are encrypted at rest on our servers using per-user keys.
What we never share
- Your browsing data is never sold, rented, or shared.
- No advertising integrations.
- No data brokers.
- No analytics providers (Sentry receives anonymized error reports only — no browsing data).
Incognito / private browsing
By design, the extension does not run in incognito mode.
If you explicitly enable it in your browser's extension settings, it will track and block in incognito too — but we recommend leaving it disabled. Incognito exists for a reason; the extension respects that default.
Delete your extension data
To delete all extension data (block events, analytics aggregates, configuration):
Open dashboard settings
Click 'Delete all extension data'
Confirms the action.
Confirm
Permanent — all extension-related data is removed from your account immediately. The extension itself is unaffected; you can keep using it (it'll start fresh).
You can also email [email protected] to request the
same.
Common pitfalls
Confusing 'extension data' with 'all my Daybreak data'
Deleting extension data clears block events and aggregates from the extension only. Your account, check-ins, journal, Dawn conversations, and recovery plans are unaffected. To delete everything, see Delete account.
Worrying about local tracking when analytics is off
Local tracking is what makes the extension work — it has to know what site you're on to block or track time. Local data stays on your device. Disabling analytics in the dashboard stops the sync, not the local processing.
Open source
The extension's privacy policy is published at
daybreakpath.com/privacy.
Code is available for security review on request — email
[email protected].
Next steps
- Tracking — exactly what's processed and what isn't.
- Account privacy guide — broader picture of data handling across the product.
Still need help?
Pick whichever way of getting help works best for you.
Was this article helpful?