Home

Apples Save — Extension Privacy Policy

Last updated: May 20, 2026

This policy covers the Apples Save browser extension only. The website privacy policy lives at apples.live/privacy.

What the extension does

Apples Save watches your own Instagram saved-posts page in your logged-in browser. When you save a new post on Instagram, the extension forwards a small JSON payload to your Apples workspace so the workspace can pull events out of the post and put them on your calendar.

What data is sent outside your browser

For each newly saved Instagram post, exactly one HTTPS request is sent to apples.live. The payload contains:

  • The public Instagram post URL (for example https://instagram.com/p/Abc123/).
  • The public caption text of that post.
  • The public author username and display name.
  • Public media (image / thumbnail) URLs from the post.
  • A timestamp of when the extension first observed the save.

No Instagram cookies, session tokens, login credentials, or private account data are read or transmitted. The request to apples.live is sent with credentials: "omit" so your Instagram session is never attached.

What data stays on your device

  • chrome.storage.sync: your Apples workspace slug and bearer token. These let the extension authenticate to your own Apples workspace. They are never sent anywhere except to apples.live as an Authorization: Bearer header on the forwarding request.
  • chrome.storage.local: a list of already-forwarded post short-codes (so we don't forward the same post twice) and a timestamp of the last scan.

What we do NOT do

  • No third-party trackers, analytics, ads, or telemetry of any kind.
  • No selling, sharing, or licensing of any data to anyone.
  • No reading of other websites, other Instagram pages, or other browser tabs.
  • No background fetch of pages you have not opened yourself.
  • No collection of personal data beyond what is listed above.

Permissions and why they exist

  • storage — to remember your workspace slug + token and the de-duplication list, all locally.
  • alarms — to schedule a 15-minute re-check of the saved page when an Instagram tab is already open.
  • host_permissions: instagram.com — to read the DOM of your own logged-in saved-posts page in your browser.
  • host_permissions: apples.live — to POST the new-save payload to your workspace.

Data retention

Once forwarded, the payload lives in your own Apples workspace and is subject to the apples.live privacy policy. The on-device dedupe list can be cleared by removing the extension. Uninstalling the extension also removes all locally-stored data.

Contact

Questions or requests: nikita@apples.live.