Makro Privacy Policy

Effective Date: February 12, 2026  •  Last Updated: February 13, 2026

TechHQ USA, LLC (“we”, “us”, “our”) operates the Makro browser extension (“Makro”, “the Extension”). This Privacy Policy explains what data Makro collects, how it is used, and your rights regarding that data.

1. Data We Collect

1.1 Data Stored Locally (All Users)

The following data is stored on your device using the browser’s extension storage and never leaves your device unless you enable cloud sync:

• Macros: Hotwords, titles, body text, tags, keyboard shortcuts, and category structure
• Settings: Theme preferences, editor options, AI provider configuration
• Usage statistics: Per-macro usage counts and timestamps (for the Stats tab)
• Clipboard history: Recent clipboard entries (if you enable this feature). Entries that appear to be passwords are automatically excluded if the “Skip passwords” setting is on.
• Device identifier: A randomly generated UUID used for encryption key derivation. This is not linked to your identity.
• Encryption keys: A device-specific key and a random salt, used to encrypt your local data with AES-256-GCM.

1.2 Anonymous Install Data (All Users)

When you first install Makro, the extension sends a single, anonymous request to our server containing:

Data	Purpose	Stored?
Extension version	Track adoption of new versions	No (one-time request)
Browser platform	Understand platform distribution	No
Browser locale	Prioritize localization efforts	No
Country (derived from IP by Cloudflare)	Understand geographic distribution	No

This request is:

• One-time only — sent once on first install, not on updates or subsequent launches
• Anonymous — no user identifiers, account IDs, or device IDs are included
• IP not stored — your IP address is used for rate limiting (discarded within 24 hours) but never saved to our database
• No opt-out required — no behavioral data, browsing activity, or macro content is included

1.3 Data Transmitted to Our Servers (Pro and Premium Users)

When you activate a paid subscription, the following data may be transmitted:

Data	When	Purpose
License key	Every API request	Subscription validation and tier enforcement
Encrypted macros	When you click “Sync to Cloud”	Cross-device synchronization
Encrypted category names	When you click “Sync to Cloud”	Category structure synchronization
Device ID and device name	During cloud sync	Multi-device management
Sync timestamps	During cloud sync	Conflict resolution
Macro text (Pro and Premium)	When you use AI Rewrite or Semantic Search	AI text processing

AI text is sent only for the specific rewrite or search operation you initiate and is not stored after processing. AI-generated content is for general informational purposes only and does not constitute professional advice (legal, medical, financial, etc.).

1.4 Data We Do NOT Collect

• Email addresses (we do not require account creation)
• Names or personal identifiers
• Browsing history or web activity
• Location data
• Financial or payment information (payments are handled entirely by Polar.sh)
• Page content from websites you visit
• Keystroke data outside of explicit macro expansions you trigger

2. How We Use Your Data

Purpose	Data Used	Legal Basis
Macro expansion	Locally stored macros	Core functionality
License validation	License key	Contract performance
Cloud sync	Encrypted macros, device info	Your explicit opt-in
AI text rewrite	Macro text you select for rewriting	Your explicit action
Semantic search	Macro titles and bodies (for embedding)	Your explicit opt-in
Device management	Device ID, device name	Multi-device sync
Rate limiting	License key, request counts	Service protection
Install telemetry	Version, platform, locale, country	Legitimate interest (product improvement)

3. Encryption and Security

3.1 Local Encryption

All macro data stored on your device is encrypted using AES-256-GCM with a key derived via PBKDF2 (600,000 iterations, SHA-256) from a randomly generated device key and a per-user random salt.

Parameter	Value	Standard
Cipher	AES-256-GCM	NIST FIPS 197 / SP 800-38D
Key derivation	PBKDF2 (SHA-256, 600,000 iterations)	NIST SP 800-132
IV / Nonce	96-bit, random per operation	NIST SP 800-38D
Salt	128-bit, random per installation	NIST SP 800-132
Crypto library	Web Crypto API (browser-native)	W3C Web Cryptography API

3.2 Cloud Sync Encryption (Zero-Knowledge)

When you use cloud sync, your macros are encrypted on your device before transmission using a key derived from your license key. Our servers store only encrypted blobs and cannot read your macro content. Only devices with your license key can decrypt the data.

3.3 Sensitive Data Warning

While your macros are encrypted both locally and in the cloud, Makro is not a password manager or secrets vault. Anyone with access to your browser or device can open the extension, trigger your hotwords, and view your macro content in plaintext. We strongly recommend that you do not store passwords, API keys, authentication tokens, or other sensitive credentials in your macros.

3.4 Session Security

Decrypted data is held in memory only during your active session. The session auto-locks after 30 minutes of inactivity. Encryption keys are never stored in plaintext.

4. Third-Party Services

Makro uses the following third-party services for paid features:

4.1 Polar.sh (License Validation)

• Purpose: Validate subscription license keys and determine tier (Free, Pro, Premium)
• Data shared: License key (validated against our Polar.sh organization)
• Privacy policy: https://polar.sh/legal/privacy

4.2 Cloudflare (Infrastructure)

• Purpose: Hosts our API (Cloudflare Workers) and database (Cloudflare D1)
• Data stored: Encrypted macros, device records, AI usage counts
• Privacy policy: https://www.cloudflare.com/privacypolicy/

4.3 Google Gemini (AI Features — Pro and Premium)

• Purpose: Text rewriting and semantic embeddings
• Data shared: The text you explicitly submit for AI processing
• When: Only when you actively use the AI Rewrite or Semantic Search features
• Model: Gemini 2.0 Flash (via our Cloudflare Worker proxy — your license key is never sent to Google)
• Privacy policy: https://policies.google.com/privacy

4.4 Ollama (Local AI — Optional)

• Purpose: Alternative AI provider that runs entirely on your machine
• Data shared: None — all processing happens locally
• When: Only if you configure Ollama as your AI provider in Settings

4.5 Browser Permissions

Makro requests the following browser permissions, which are necessary for core functionality:

Permission	Purpose
storage	Store macros, settings, and statistics locally
clipboardRead	Capture clipboard history (optional, user-enabled feature)
activeTab	Insert text expansions in the active tab
contextMenus	Right-click context menu for quick macro access
alarms	Schedule periodic tasks (session timeout, auto-lock)
downloads	Export macros as JSON files
declarativeNetRequest	Manage network request rules for content script compatibility
notifications	Display sync status and system notifications

We do not request tabs, history, cookies, webRequest, or other broad permissions.

5. Data Retention

• Local data: Stored until you uninstall the extension or clear browser data.
• Cloud sync data: Stored on our servers as long as your subscription is active. Deleted within 30 days of subscription cancellation.
• Trial data: Stored during the 1-month trial period. If you do not subscribe after the trial, server-side data is deleted within 30 days.
• AI usage logs: Request counts (no content) retained for 90 days for quota enforcement, then deleted.
• Device records: Removed when you deactivate a device or cancel your subscription.

6. Data Deletion

You can delete your data at any time:

• Local data: Uninstall the extension or use your browser’s “Clear extension data” feature.
• Cloud data: Contact us at support@freetextexpander.com to request deletion of all server-side data.
• Device records: Use the “Manage Devices” feature in the extension to deactivate and remove devices, or contact us at support@freetextexpander.com.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Delete your data (“right to be forgotten”)
• Export your data (use the extension’s Export feature)
• Restrict processing of your data
• Object to processing of your data

To exercise any of these rights, contact us at support@freetextexpander.com.

7.1 California Residents (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected and the right to request its deletion. For information on your CCPA rights or to submit a request, contact us at support@freetextexpander.com.

8. Children’s Privacy

Makro is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it.

9. International Data Transfers

Our servers are hosted on Cloudflare’s global network. By using cloud sync or AI features, your encrypted data may be processed in data centers outside your country of residence. Cloudflare maintains appropriate safeguards for international data transfers.

10. Security Incident Response

In the event of a security incident affecting our servers, we will notify affected users within 72 hours as required by applicable law and provide details on impacted data and recommended actions.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes by updating the “Last Updated” date at the top of this document and, where appropriate, via in-product notice or email. Continued use of Makro after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or your data:

• Email: support@freetextexpander.com

Full terms of service: Terms of Service