Privacy & architecture

What we know about you, and what we deliberately don't.

Last updated: April 23, 2026 · Effective for all SlotOwl users worldwide.

This page is the long version. The short version is: SlotOwl runs inside your own browser. Your portal credentials, your portal session, and your appointment search activity never leave your device. What we do collect, why we collect it, and how to delete it is below in plain English.

The architecture in one paragraph

SlotOwl is a Chrome extension. When you start monitoring a portal, the extension's content script runs inside the same tab where you've already logged in. Each "check" is a click on a button in the page you're already on — performed by your browser, from your IP address, using cookies that already exist in your session. The result of each check (a true/false on "is a slot available") is sent back to the extension's service worker, which fires a desktop notification when the answer is "yes". That part of the system never talks to our servers. The only data that does flow to our servers is the bare minimum to deliver email and cross-device push alerts.

Data we collect, in full

Account data (when you sign in)

• Email address — from your Google sign-in. Used to send alert emails (only when you've enabled email alerts) and account-related transactional mail.
• Display name & profile photo — from your Google profile. Used in the extension popup so you can confirm which account you're signed in as.
• Firebase UID — a random opaque identifier generated when you sign in. We use this everywhere internally instead of your email so there's no PII in our query logs.

Subscription / billing data (only if you upgrade)

• Credit balance and ledger (free trial credits, paid credits remaining, and a list of past credit-spend events with timestamps) — needed to know whether to deliver alerts and to support refund requests.
• Lemon Squeezy customer ID — for renewal & refund handling. We do not store payment card data; that lives entirely with Lemon Squeezy / Stripe.

Workflow data (your monitoring configuration)

• Workflow definitions — the JSON that describes which portal you're monitoring and how to detect "available". Synced to your account so you can use SlotOwl on multiple devices.
• Run state — whether monitoring is active, which workflow, polling interval. Stored locally; not sent to our servers.

Push subscription data (only if you enable web push)

• Push endpoint URL — provided by your browser (Apple, Mozilla, or Google's push servers). We use this to deliver alerts to your phone or other linked devices.
• P256dh + auth keys — encryption keys provided by your browser to sign push payloads. Stored encrypted at rest.
• Device label ("iPhone 15", "MacBook Pro") — provided by the browser, used so you can identify which device you're removing if you want to unsubscribe.

Alert dispatch logs (last 30 days)

• Workflow ID + UTC date of alert — used for per-workflow per-day deduplication so you don't get spammed when a portal flickers in and out of "available" status. We do not store the portal name, the slot details, or anything else from the page.

Anonymous health telemetry (Pro feature, opt-out available)

• Per-workflow check counts — number of checks that returned "available" / "unavailable" / "unknown" on a given day, aggregated per workflow ID across all users. No per-user data, no portal data.
• Purpose — to detect when a portal layout changes and our built-in workflow needs to be updated. This is what lets us ship a fix within 24 hours of a portal redesign.

Data we deliberately do NOT collect

• Your portal username or password (we never ask, and never receive)
• Your portal session cookies (they live in your browser, our extension reads only what's required to interact with the page)
• Screenshots of the portals you visit
• The HTML content of pages you visit
• Browsing history outside the portal you're actively monitoring
• Your phone number or any SMS-related data
• Your physical location (we use the timezone you picked, not GPS)

Where the data lives

• Firebase / Google Cloud (us-central1) — Firestore (account + workflow data), Cloud Functions (alert dispatch), Firebase Auth (sign-in).
• Resend — email delivery. Subject + body of each alert email passes through Resend; the destination address is your account email.
• Lemon Squeezy — checkout and billing for credit-bundle purchases. They store your card details, not us. Because all purchases are one-time, there is no recurring billing relationship.
• Browser push providers — Apple Push Notification Service (APNS), Mozilla autopush, Google FCM. They are the transport for cross-device push; payloads are end-to-end encrypted with the VAPID keypair browsers generate at subscription time.
• Cloudflare — DNS for slotowl.app. No traffic content visible to Cloudflare beyond DNS-level metadata.

How long we keep things

• Account & workflow data — until you delete your account.
• Alert dispatch logs — 30 days, then auto-purged.
• Anonymous telemetry — 90 days, then aggregated and the per-day rows discarded.
• Email logs (in Resend) — 30 days.
• Firestore daily backups — 7 days, in a Google Cloud Storage bucket in us-central1.

How to delete your account

Open the SlotOwl extension popup → click your name → "Delete account." This permanently deletes your Firebase Auth record, your workflows, your push subscriptions, and all alert logs. Your Lemon Squeezy customer record is preserved for legal/tax purposes for the period required by US/EU law (typically 7 years), but contains no operational data — only your purchase history. To request deletion of that as well, email hello@slotowl.app.

Your rights (GDPR / CCPA)

If you're in the EU, UK, or California, you have legal rights to access, correct, port, and delete the personal data we hold about you. The product gives you self-service for most of this; for anything else, email hello@slotowl.app and we will respond within 14 calendar days. We do not sell personal data, ever, to anyone.

Subprocessors

We rely on the following subprocessors to operate the service. Each of them has a published privacy policy you can read independently.

• Google (Firebase, Cloud Functions, Firebase Auth, Cloud Storage)
• Resend (transactional email)
• Lemon Squeezy (payments, billing, tax)
• Cloudflare (DNS, free-tier proxying for the marketing site only)
• Sentry (error monitoring — anonymous; no user content sent)
• PostHog (anonymous product analytics — install / sign-in / paid funnel only)

Why this isn't open source (yet)

We get asked. Honest answer: SlotOwl is a niche paid utility, not a developer tool. The trust signal that open source provides (anyone can audit the code) is replaced here by this page being detailed enough that a security-conscious user can verify our claims by inspecting the extension bundle in Chrome's developer tools. The architecture is intentionally simple enough to verify by reading the network tab. We may revisit this post-launch.

How to verify the architecture claims yourself

Open the SlotOwl extension in Chrome. Open the developer tools on the popup (right-click → Inspect). Open the Network tab. Click around. You will see exactly two categories of outbound request:

1. Requests to slotowl-dev.firebaseapp.com and us-central1-slotowl-dev.cloudfunctions.net — that's our backend, used only for sign-in, workflow sync, and alert delivery.
2. Requests to the portal you're monitoring — initiated from your tab, not the extension; same IP and session as you'd have manually.

That's the entire surface area. If you find a request that doesn't fit one of these two categories, that's a bug — please email hello@slotowl.app (subject: "security") immediately.

Updates to this policy

We will email everyone with an account when we make material changes. The "last updated" date at the top of this page tracks every change. Past versions are kept in our private git history; on request we will provide diffs.

Contact

Email: hello@slotowl.app — privacy questions, deletion requests, general support, all at this address.
Security disclosures: please see our security page and security.txt for the recommended channel.

Operator: greythinkinglab LLC, a US Limited Liability Company. SlotOwl is a product of greythinkinglab. We are not affiliated with any government agency or appointment portal mentioned anywhere on this site.