Aura Start Privacy Policy
Aura Start is a local-first browser extension. It replaces the new tab page with user-created groups of links and keeps those groups under the user's control.
Aura Start works without an account. Google Drive sync is optional, off by default, and is used only when the user chooses to connect it.
Scope
This Privacy Policy applies to the Aura Start browser extension and the data it handles while providing its new tab, settings, import, export, Restore Timeline, Save open tabs, personalization, and optional Google Drive sync features.
Data Aura Start Handles
Aura Start handles only the data needed for its user-facing features:
- Link groups created by the user.
- Link titles, URLs, optional descriptions, optional tags, and ordering.
- Nested group relationships, collapsed state, and display ordering.
- Extension settings such as theme, language, columns, compact mode, search visibility, link-opening behavior, background preferences, optional widgets, optional tabs capture mode, and optional sync mode.
- Local UI state such as the last search query, widget notes, and local background image data selected by the user.
- Local restore timeline entries created before imports, resets, cloud restores, group/link moves, tab saves, and destructive actions.
- Backup files or A Fine Start export codes selected or pasted by the user for import.
-
Current-window tab titles and URLs only when the user enables Save open
tabs and grants the optional
tabspermission. - Optional Google Drive sync metadata, such as connection status, last sync time, sync file ID, account label when available from the browser, and a locally generated device ID.
Aura Start does not request browser history, browser bookmarks, cookies, web
requests, scripting, or full Google Drive access. The tabs
permission is optional and requested at runtime only when the user previews
current-window tabs for the Save open tabs feature.
Local Storage
Aura Start stores its primary data in browser-local extension storage inside
the user's browser profile. In development mode only, when extension storage
is unavailable, Aura Start can use browser localStorage as a
local fallback.
Local storage remains the default. Manual JSON export/import continues to work independently of Google Drive.
Optional Google Drive Sync
If the user explicitly connects Google Drive sync in Google Chrome, Aura
Start uses Google OAuth through Chrome extension identity APIs and requests
this manifest OAuth scope:
https://www.googleapis.com/auth/drive.appdata.
This scope allows Aura Start to store and read its own hidden application
data file in Google Drive appDataFolder. Aura Start stores a
single sync file named aura-start-sync.json in that hidden app
data area.
In Firefox and compatible Chromium browsers where Chrome's built-in identity
flow is unavailable, Aura Start can use Google Device OAuth as a fallback.
That fallback uses the narrower per-file
https://www.googleapis.com/auth/drive.file scope only for an
Aura Start-owned sync file marked with Aura Start app properties. Aura Start
does not request https://www.googleapis.com/auth/drive or
identity.email. Google authorization is used only for Aura Start
sync and is not used for analytics, telemetry, tracking, advertising,
account profiling, or reading the user's normal Drive contents. Aura Start
does not read, scan, list, edit, delete, or create unrelated visible files
in the user's Google Drive.
When Google Drive sync is enabled, the user's Aura Start data may be transmitted to Google Drive API and stored in the user's Google Drive app data or Aura Start-owned fallback sync file. This includes groups, nested group relationships, links, settings, widget state, background preferences, restore timeline entries, and sync metadata required to keep the sync file up to date. The data is not sent to an Aura Start server because Aura Start does not operate a backend service.
Users can:
- Keep sync off and use Aura Start fully locally.
- Restore an existing Google Drive sync file automatically when connecting sync.
- Restore an existing Google Drive sync file from first-run onboarding when the user chooses that action.
- Create a Google Drive sync file automatically when none exists.
- Back up local changes to Google Drive automatically after connecting sync, including nested group changes, link moves, settings changes, widget updates, restore timeline updates, importing, resetting, and restoring.
- Delete the hidden Google Drive sync file and disconnect the Google account through one confirmed action.
Importing a JSON backup preserves the current Google Drive connection for the current installation. A backup file cannot silently replace or remove the local Google Drive connection metadata that belongs to the installed extension profile.
Deleting the Google Drive sync file and disconnecting the Google account does not delete local Aura Start data. The action is shown in a confirmation dialog before it runs. Removing the extension may not remove the hidden Google Drive app data file automatically, so Aura Start provides this explicit delete-and-disconnect action.
Disconnecting does not open a Google sign-in or account chooser window. If Google authorization is no longer available when the user disconnects, Aura Start disconnects locally without prompting for sign-in; in that case the hidden Drive backup may remain until the user reconnects and deletes it.
Users can turn cloud sync off at any time by deleting the Google Drive backup and disconnecting the Google account. This does not remove local groups, links, settings, exports, imports, or restore points.
Before replacing local data with a Google Drive restore during connection or onboarding, Aura Start creates a local restore point.
Account Marker
When Google Drive sync is enabled and connected, Aura Start may show a compact Google Drive status marker in the top-right header. The marker is used only to show sync status, last sync time, and connected account information if the browser exposes it through existing extension APIs. Aura Start does not request additional Google permissions only to display an avatar or email address.
Network, Accounts, Analytics, and Tracking
Aura Start does not require an account for normal use. It does not include analytics, trackers, ads, affiliate link replacement, telemetry, behavioral profiling, or hidden data collection.
Network access is used only for optional Google Drive sync after the user connects it. Google Drive sync contains no telemetry; network calls go only to Google OAuth and Google Drive API endpoints for user-requested connection, automatic sync, automatic connection-time restore/create, delete, or disconnect actions. Aura Start does not make background tracking calls and does not send data to an Aura Start server. Export files are created locally in the browser using Blob downloads. Import files are read locally by the browser and are validated before they change local extension storage.
User Control
Users can create, edit, delete, export, import, reset, sync, and restore their own Aura Start data inside the extension. Full Backup JSON export is provided so users can keep independent backups of their data outside any cloud service.
Data Sharing and Sale
Aura Start does not sell user data. Aura Start does not rent, trade, share, disclose, or transfer user-created groups, links, settings, restore points, imports, or exports to third parties, except for sending data to Google Drive API when the user enables or uses Google Drive sync.
Chrome Web Store Limited Use Statement
The use of information received from browser extension APIs and Google APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements where applicable. Aura Start uses extension storage, optional runtime tabs access, and optional Google Drive sync scopes only to provide its single user-facing purpose: a private, exportable, user-controlled new tab start page with optional backup/sync.
Aura Start does not sell user data and does not use user data for advertising.
Security
Aura Start bundles its extension code with the extension package and does not execute remotely hosted code. Users should protect their operating system account, browser profile, Google account, and exported backup files.
Open Source
Aura Start is fully open-source under the MIT License. The source code, build scripts, validation scripts, and documentation can be inspected, built, forked, and modified under that license. There is no proprietary server component or closed service required for the extension to work.
Changes to This Policy
This policy may be updated when Aura Start changes. Any updated policy should remain consistent with the extension's actual behavior and public privacy disclosures.
Contact
For privacy or security questions, use the project repository where Aura Start is published: github.com/communism420/Aura-Start.