Privacy policy

Local by design.

What Redline accesses, what it stores, and the controls you have over your research.

Effective 15 July 2026Redline 1.0.3

Redline is a local-first browser extension for saving web sources, explicitly preserving readable evidence, annotating selected text, organizing research, and generating exports.

In the current releaseRedline has no account system, cloud synchronization, hosted Redline API, analytics, advertising, affiliate tracking, telemetry, or remote research database. Exports are generated locally.

What Redline accesses

On supported web pages, Redline can access the current page URL, normalized and canonical URLs, title, domain, favicon URL, selected text, nearby annotation context, readable document text, and page metadata used to create citation fields. It can also access information you enter into Redline, including notes, tags, dossier names and descriptions, claim text, conclusions, evidence-relation rationales, settings, and import files you explicitly choose.

Redline uses a content script on supported websites to provide the selection menu, capture passages, restore saved highlights, read metadata, and prepare a readable-evidence preview. It does not read your browser history as a history database or preserve page text in the background. Only sources, passages, and readable captures you explicitly choose to save become research records.

Redline does not request access to cookies, passwords, payment information, form credentials, authentication tokens, or browser identity services.

Local storage and retention

Saved pages, URLs, notes, annotations, text selectors, tags, dossiers, links, claims, conclusions, evidence relations, rationales, review timestamps, citation metadata, settings, and user-initiated source captures are stored in browser-managed local extension storage, principally a local IndexedDB database named redline-vault. A source capture can contain normalized readable text, stable block identities and annotation links, source and canonical URLs, capture and normalization versions, device-reported capture time, optional browser version, byte length, and a SHA-256 digest. A small local revision marker keeps Redline views synchronized.

Domain-level notes, Library table/card preferences, and the last entries shown under Local Export History use separate extension-page localStorage. Those values are local to the same browser profile but are not included in a Redline JSON export.

Data remains until it is edited, archived, deleted, changed through import, cleared with the relevant browser or extension data, removed with the extension, or lost with the browser profile. Deleting one source capture removes that capture and its readable text but retains its Page, annotations, claims, and other captures. An All data JSON export is the only format that restores the full Redline vault-record structure, including source captures. An individual Source Witness JSON export contains the full selected capture but is not a vault backup or import format. Redline can also read a Chrome-family bookmarks HTML export or Firefox Bookmark Backup JSON file you explicitly select and convert its supported URLs, titles, dates, folder paths, and usable icon references into local Pages and dossiers. These browser-bookmark files are migration sources, not Redline backups. Import keeps the destination installation’s settings rather than applying settings from a Redline JSON file.

Local does not mean automatically backed up.Clearing a profile or uninstalling the extension can remove the vault. Redline cannot recover local data from a server. Keep an All data JSON backup outside the browser profile and remember that Domain Notes, view preferences, and Local Export History are not part of it.

No hosted collection or sharing

The current Redline release does not send saved research to a Redline server or a third party. Citation extraction reads the current page locally; it does not call Crossref, Zotero Cloud, a DOI lookup service, or another hosted metadata service.

Exports are generated locally and passed to the browser download flow. If you later upload, email, or otherwise share an exported file, that action is outside Redline’s control.

Why browser permissions are needed

PermissionPurpose
storageKeep local settings and a revision marker that synchronizes Redline views.
activeTab and tabsRead the current tab’s title, URL, and capture context and communicate with the Redline content script.
contextMenusOffer right-click capture for pages, selections, links, and images.
downloadsHand locally generated backup, data, Markdown, and citation files to the browser download flow.
Website accessPreview user-initiated readable evidence, show the selection menu, capture selected text, restore saved highlights, and read citation metadata on supported pages.
sidePanel (Chrome)Open Redline beside the current page in Chrome-family browsers.
scripting (Chrome)This permission is present in the current Chrome manifest, but the current release does not invoke runtime script injection; ordinary page integration is provided by the declared content script.

Browser-internal and other protected pages remain unavailable to extensions even when website access is granted.

Your controls

  • Choose which sources, passages, readable captures, links, and image references to save.
  • Use Preview capture and Preserve capture in the sidebar to review readable scope and estimated storage before retaining text.
  • Inspect capture comparisons, verify a digest, or delete one stored capture without deleting its Page, annotations, claims, or other captures.
  • Create, edit, review, and unlink claims and evidence relations.
  • Edit or delete records from the library.
  • Control the floating selection menu and automatic highlight restoration.
  • Review and edit locally extracted citation metadata.
  • Create exports and decide where downloaded files are stored or shared.
  • Remove Redline or clear its browser data, after creating a backup if the data matters.
  • Control private-window availability through Firefox extension settings.

This public website

This static site does not include Redline analytics, advertising pixels, hosted fonts, contact forms, or third-party scripts. It is designed to serve local HTML, CSS, JavaScript, and image files only.

When hosted on GitHub Pages, GitHub provides the hosting and may process service and website-usage information under the GitHub General Privacy Statement. GitHub’s processing is separate from the Redline extension’s local vault.

Changes

If Redline’s data practices or this policy change, the effective date above will be updated. Material changes will be reflected in the public documentation and release notes.

Privacy questions

Use the Redline support page for general privacy questions. Do not include sensitive research data in a public issue. For a report involving a vulnerability, private URL, credential, token, or other sensitive detail, follow the private reporting route described there.