Legal
Privacy Policy
Last updated June 24, 2026
The short version: your shortcuts, macros, templates, and scripts are stored on your device. The only data on our servers is what we need to run your account and billing. We never see the pages you visit or what you type.
Who we are
HotKeyNavigator is operated by Vojtěch Kordač, a sole trader registered in the Czech Republic (IČO 13960041), with a registered seat at Lány 995, 763 61 Napajedla, Czech Republic. For the purposes of the EU General Data Protection Regulation (GDPR), we are the controller of the personal data described below.
If you have any question about this policy or your data, email us at support@hotkeynavigator.com.
What stays on your device
Everything you build in HotKeyNavigator — keyboard shortcuts, text templates, DOM click macros, multi-step sequences, JavaScript functions, profiles, Vim configuration, and clipboard history — is stored locally in your browser. It runs on-device and is never sent to us.
The pages you visit, the text you select, your keystrokes, and the contents of any page the extension acts on are never transmitted to our servers, on any plan.
What we store
To run your account we store the minimum needed:
- Your email address — to sign you in and contact you about your account.
- Your plan and entitlement state (Free or Pro, trial status) — to unlock the right features.
- A billing customer reference held by our payment processor — so we can manage your subscription.
That account data lives in our authentication and database provider (Supabase). We do not sell it, and we do not use it for advertising.
Why we are allowed to process it
We only process your personal data where the law gives us a basis to:
- To perform our contract with you — creating your account, signing you in, unlocking your plan, and (on Pro) syncing your configuration. (GDPR Art. 6(1)(b).)
- For our legitimate interests — keeping the service secure, preventing abuse, and answering support requests, balanced against your rights. (GDPR Art. 6(1)(f).)
- To comply with legal obligations — such as keeping the billing records Czech tax law requires us to retain. (GDPR Art. 6(1)(c).)
- With your consent — where you opt in to a feature such as Pro cloud sync, which you can withdraw at any time. (GDPR Art. 6(1)(a).)
How long we keep it
We keep your account data — your email and plan/entitlement state — only while your account is active. When you close your account or ask us to delete it, we erase that data promptly. Billing and transaction records are kept only for as long as Czech accounting and tax law requires, after which they are deleted.
Your local data stays on your device until you clear it or uninstall the extension — that happens on your machine, not on a schedule we control.
Pro cloud sync
If you are on Pro and turn on cloud sync, your own configuration — shortcuts, templates, JavaScript functions, profiles, and Vim settings — is saved to your private, access-controlled row in our database so it follows you across devices and survives a reinstall.
This is a convenience, opt-in feature. It syncs your configuration, never the contents of the pages you visit. Sync is off unless you enable it.
Payments
Subscriptions are processed by Stripe. We never see or store your full card details — Stripe handles payment data under its own PCI-compliant terms. We retain only a customer reference and your subscription status.
Who processes data for us
We rely on a small number of trusted providers ("processors") to run the service. Each handles only the data its role needs, under contract and on our instructions:
- Supabase — authentication and database hosting (your account email, plan, and, if enabled, your Pro cloud-sync configuration).
- Stripe — subscription payments and billing (a customer reference and your subscription status).
- Resend — sending account and support emails, such as confirmation and password-reset messages.
- Netlify — hosting and serving this website (standard server logs, which may include IP addresses).
We do not sell your personal data, and we do not use it for advertising.
Where your data is processed
Some of our processors operate outside the European Economic Area (for example, in the United States). Where personal data is transferred outside the EEA, that transfer is protected by appropriate safeguards — typically the European Commission’s Standard Contractual Clauses — so your data keeps an equivalent level of protection. Ask us for detail at any time.
Cookies & analytics
We keep cookies to the minimum. The website and extension use only the cookies and local storage needed to sign you in and keep your session — there are no advertising or cross-site tracking cookies.
We do not currently run any third-party analytics. If we add privacy-friendly analytics in future, we will update this policy first.
Permissions
HotKeyNavigator is a Manifest V3 extension and requests the minimum permissions needed to map shortcuts and run actions on the pages you choose. We run no telemetry on your workflow content.
Your rights
Under the GDPR you have the right to access the personal data we hold about you, to correct it, to have it erased, to restrict or object to how we use it, and to receive it in a portable format. Where we rely on your consent, you can withdraw it at any time.
To exercise any of these rights, email us at support@hotkeynavigator.com. You can also clear your local data at any time from the extension; uninstalling it removes its local storage from that browser.
If you believe we have mishandled your data, you have the right to lodge a complaint with the Czech data-protection authority — the Office for Personal Data Protection (Úřad pro ochranu osobních údajů, www.uoou.cz) — or with the supervisory authority in your EU country of residence.