fog — Privacy Policy

Overview

fog is a collaborative ideation canvas. This policy covers the fog web app (at app.fog.do), the fog Chrome extension, and the fog Figma plugin. Together they let you create canvases, save images, links, text, and contact profiles, share canvases with others, and export your canvases into Figma.

The fog Chrome extension only accesses page content when you explicitly initiate a capture action — it does not run in the background, monitor your browsing, or collect any data without your direct interaction. The Figma plugin only reads the canvases you choose to import; it never sends the contents of your Figma files to fog.

What fog collects

• Account information — When you sign in to the fog web app, we store the email address (or other identifier) associated with your account through our authentication provider, so we can identify you and secure your data.
• Canvas content you create — The bubbles, images, text, links, drawings, comments, and other content you add to your canvases and library are stored in your fog account so you can return to them across sessions and devices.
• Collaboration presence — When you open a shared canvas, your name, a cursor position, and which items you have selected are broadcast to other people present on that canvas, and any comments you post are stored on the canvas. This only happens on canvases that have been shared.
• User-selected website content — When you choose to capture content (via right-click menu or the extension popup), the extension reads image URLs, page titles, source URLs, and publicly visible profile information (such as names, profile photos, and bios on LinkedIn, Instagram, and similar platforms) from the active tab. Only the content you explicitly select is sent to the fog server and stored in your account.
• Image fetching — To display image previews and save images to your account, the extension may fetch images from third-party websites. This only occurs when you initiate a capture. The images are temporarily processed and then stored in your fog account. No browsing data or cookies are sent with these requests.
• Authentication tokens— A token linking the Chrome extension to your fog account is stored locally in Chrome's extension storage, and a corresponding token for the Figma plugin is stored locally in Figma's plugin storage. These tokens are used only to authenticate your requests to the fog server and are never shared with third parties.

What fog does not collect

• fog never collects personal information automatically or silently. We only store what you explicitly type, upload, or choose to capture — for example, when you save a contact, the profile details you select are stored because you asked us to save them.
• fog does not collect or monitor your browsing history.
• fog does not track your activity — no clicks, mouse movements, scroll behavior, or keystroke logging.
• fog does not passively scrape, scan, or read page content in the background. The content extraction script is only injected into a page after you explicitly trigger a capture action.
• fog does not collect location, financial, or health data.
• fog does not sell, share, or transfer your data to third parties.
• fog does not use any collected data for purposes unrelated to providing the service to you.

Permissions explained (Chrome extension)

• activeTab — Grants temporary access to the current tab when you initiate a capture. Used to read the page URL, title, and selected content. Access is revoked when you navigate away.
• scripting — Injects the content extraction script into the active page on demand, only after you click the extension icon or use the right-click menu. No scripts run automatically or persist after the capture is complete.
• storage— Stores your authentication token and API endpoint locally in Chrome's extension storage.
• contextMenus— Adds the "Add to fog" right-click menu option for quick captures.
• Host access to app.fog.do— The extension's only standing host permission is to fog's own server (app.fog.do), which it uses to authenticate your account and sync captured content. It does not have standing access to any other website.
• Optional site access— Broad access to other websites is an optional permission that is requested only when you choose to capture from a site that needs it (for example, to fetch a CDN-hosted image that blocks direct loading). You grant it on demand, it is used only for that capture, and you can revoke it at any time from Chrome's extension settings. The extension never reads website content in the background.

Where your data is stored

All account, canvas, and media data is stored in the European Union / Switzerland — on Supabase (managed Postgres database and object storage), hosted on AWS in the Zurich eu-central-2region. All communication between fog's clients (web app, extension, and plugin) and the fog server uses HTTPS encryption.

Service providers (sub-processors)

fog relies on a small number of infrastructure providers to operate the service. These providers process data only to provide functionality to fog and are not permitted to use it for their own purposes:

• Supabase — database, authentication, and media storage.
• Liveblocks — real-time presence, live cursors, and comments on shared canvases.
• Vercel — application hosting and delivery.
• Userback — in-app feedback collection (only the feedback you choose to submit).

We do not sell your data, and we do not share it with third parties except as needed to provide the service through the providers above.

Sharing and who can access your data

By default, your canvases are private to your account. If you choose to share a canvas — by inviting specific people or by enabling a share link — the people you share with (or anyone who has the link, if you enable link sharing) can view, and depending on the role you grant, edit or comment on that canvas. You control sharing and can change a canvas back to private, remove collaborators, or rotate/disable a share link at any time from the share dialog.

Deleting your data

You can delete any saved content at any time from the fog library or canvas. To delete your entire account and all associated data, contact us at hello@fog.do and we will remove it.

Changes to this policy

We may update this privacy policy from time to time. Any changes will be reflected on this page with an updated date. Continued use of fog after changes constitutes acceptance of the updated policy.

Contact

For questions about this policy or your data, contact hello@fog.do