Privacy

Last updated: 2026-04-19

Roundly is an audio discussion platform for readers. This document describes what data the joinroundly.com web app and the Roundly Chrome Extension collect, how it's used, and what we don't do.

Data the Roundly Chrome Extension reads

When you install the Roundly Chrome Extension, it reads the following on your behalf:

  1. Your joinroundly.com session cookie. When you click the Roundly toolbar icon on a page, the extension reads your better-auth.session_token cookie scoped to the joinroundly.com domain so the popup knows whether you are signed in and can show your name and avatar. The extension does not read cookies from any other website.
  2. Public metadata from the page you are viewing. When you open the popup on a book or story page, the extension's content script extracts the book's title, ISBN, description, cover image URL, and the page's canonical URL — using public Open Graph tags, JSON-LD structured data, and standard DOM selectors. It does not read passwords, form input, private content, or any text outside the publicly visible book metadata.
  3. The current tab's URL. Used to look up matching Roundly audio rooms for the book on that page.

How that data is used

  • The session cookie is sent only to https://joinroundly.com/api/me to check whether you are signed in.
  • The book metadata and page URL are sent only to https://joinroundly.com/api/sessions/match to look up Roundlies discussing that book.
  • Both requests go to Roundly's own servers. No third-party services receive your data through the extension.

What the extension does not do

  • It does not store any of this data — cookies are read live each time you open the popup, and book metadata is held only in memory while the popup is open.
  • It does not write to chrome.storage, localStorage, or any other persistent location on your device.
  • It does not contain analytics, telemetry, or tracking SDKs.
  • It does not share data with advertisers, data brokers, or any third party.
  • It does not read or modify the content of pages you visit beyond extracting public book metadata for matching.

Permissions explained

cookies
To read your joinroundly.com session cookie so the popup knows you are signed in. Limited to the joinroundly.com domain by host_permissions.
activeTab
To read the current tab's URL and metadata when you click the toolbar icon. We only act on the active tab while the popup is open.
scripting
To run the content script that extracts book metadata from the page DOM.
host_permissions: https://joinroundly.com/*, https://api.joinroundly.com/*
To send authenticated requests to Roundly's API. We do not request access to any other domain.

Data the joinroundly.com web app stores

Separately from the extension, when you create an account on joinroundly.com:

  • We store your name, email, and Google profile picture (received from Google OAuth) to identify your account.
  • We store the Roundly audio rooms you create or join, including the book metadata you provide and your reading progress.
  • Audio from sessions you participate in may be recorded for transcription and recap generation, and is published as a public recap page only when you explicitly opt in.

We do not sell your personal data, and we do not share it with advertisers. Account data may be processed by our infrastructure providers (Hetzner Cloud, Resend for email, Better Auth + Google for sign-in, OpenAI and Anthropic for transcription and recap summarization).

Your rights

  • You can sign out at any time by clicking your avatar on joinroundly.com and selecting “Sign out”.
  • You can delete your account by emailing tom@storyheroapp.com.
  • You can uninstall the Chrome Extension at any time from chrome://extensions.

Contact

Questions or requests: tom@storyheroapp.com