Privacy & architecture

What we know about you, and what we deliberately don't.

Last updated: April 23, 2026 · Effective for all SlotOwl users worldwide.

This page is the long version. The short version is: SlotOwl runs inside your own browser. Your portal credentials, your portal session, and your appointment search activity never leave your device. What we do collect, why we collect it, and how to delete it is below in plain English.

The architecture in one paragraph

SlotOwl is a Chrome extension. When you start monitoring a portal, the extension's content script runs inside the same tab where you've already logged in. Each "check" is a click on a button in the page you're already on — performed by your browser, from your IP address, using cookies that already exist in your session. The result of each check (a true/false on "is a slot available") is sent back to the extension's service worker, which fires a desktop notification when the answer is "yes". That part of the system never talks to our servers. The only data that does flow to our servers is the bare minimum to deliver email and cross-device push alerts.

Data we collect, in full

Account data (when you sign in)

Subscription / billing data (only if you upgrade)

Workflow data (your monitoring configuration)

Push subscription data (only if you enable web push)

Alert dispatch logs (last 30 days)

Anonymous health telemetry (Pro feature, opt-out available)

Data we deliberately do NOT collect

Where the data lives

How long we keep things

How to delete your account

Open the SlotOwl extension popup → click your name → "Delete account." This permanently deletes your Firebase Auth record, your workflows, your push subscriptions, and all alert logs. Your Lemon Squeezy customer record is preserved for legal/tax purposes for the period required by US/EU law (typically 7 years), but contains no operational data — only your purchase history. To request deletion of that as well, email hello@slotowl.app.

Your rights (GDPR / CCPA)

If you're in the EU, UK, or California, you have legal rights to access, correct, port, and delete the personal data we hold about you. The product gives you self-service for most of this; for anything else, email hello@slotowl.app and we will respond within 14 calendar days. We do not sell personal data, ever, to anyone.

Subprocessors

We rely on the following subprocessors to operate the service. Each of them has a published privacy policy you can read independently.

Why this isn't open source (yet)

We get asked. Honest answer: SlotOwl is a niche paid utility, not a developer tool. The trust signal that open source provides (anyone can audit the code) is replaced here by this page being detailed enough that a security-conscious user can verify our claims by inspecting the extension bundle in Chrome's developer tools. The architecture is intentionally simple enough to verify by reading the network tab. We may revisit this post-launch.

How to verify the architecture claims yourself

Open the SlotOwl extension in Chrome. Open the developer tools on the popup (right-click → Inspect). Open the Network tab. Click around. You will see exactly two categories of outbound request:

  1. Requests to slotowl-dev.firebaseapp.com and us-central1-slotowl-dev.cloudfunctions.net — that's our backend, used only for sign-in, workflow sync, and alert delivery.
  2. Requests to the portal you're monitoring — initiated from your tab, not the extension; same IP and session as you'd have manually.

That's the entire surface area. If you find a request that doesn't fit one of these two categories, that's a bug — please email hello@slotowl.app (subject: "security") immediately.

Updates to this policy

We will email everyone with an account when we make material changes. The "last updated" date at the top of this page tracks every change. Past versions are kept in our private git history; on request we will provide diffs.

Contact

Email: hello@slotowl.app — privacy questions, deletion requests, general support, all at this address.
Security disclosures: please see our security page and security.txt for the recommended channel.

Operator: greythinkinglab LLC, a US Limited Liability Company. SlotOwl is a product of greythinkinglab. We are not affiliated with any government agency or appointment portal mentioned anywhere on this site.