Privacy Policy

• Account Information: When you sign up for a paid plan or start a trial through ExtensionPay, we collect your email address. This is used to identify your account and manage your subscription.

• Payment Information: Payment processing is handled by Stripe through ExtensionPay. We do not directly store your credit card numbers or banking details. Stripe processes and stores this information according to their privacy policy.

• Sonos Account Authorization: When you connect your Sonos account, we receive OAuth tokens (access token and refresh token) from Sonos. These tokens allow us to control your Sonos devices on your behalf. We store these tokens securely and use them only to provide the streaming functionality.

• Extension API Key: A unique identifier generated by ExtensionPay to identify your extension installation. This is stored locally in your browser and used to verify your subscription status.

• Session Information: We generate anonymous session IDs to track usage patterns and improve our service. These are not linked to your personal identity.

• Usage Analytics: We collect anonymized usage data through Google Analytics, including:

  • Extension version
  • Feature usage (play, pause, volume changes)
  • Error events and their types
  • Session duration and engagement time
  • Playback delay measurements (for video sync optimization)

• Server Performance Metrics: We collect latency measurements to our streaming servers to automatically select the best server for your location. This data is not stored permanently.

• IP Address: Your IP address may be temporarily logged for rate limiting, security purposes, and to route your audio stream. We do not use IP addresses for tracking or advertising.

The Extension requests the following Chrome permissions:

• tabCapture: To capture audio from your browser tabs for streaming
• tabs: To identify the active tab and display its title/URL in the extension popup
• activeTab: To interact with the currently active tab when you click the extension
• storage: To save your preferences, authentication tokens, and settings locally
• scripting: To inject the audio capture and encoding scripts into web pages

• We do not collect or store the content of web pages you visit
• We do not record or store your audio streams
• We do not collect browsing history
• We do not collect precise geolocation data
• We do not collect device identifiers (MAC/IMEI/MEID)
• We do not sell your personal information to third parties

The following data is stored locally in your browser using Chrome's storage API:

• Sonos OAuth tokens (access token, refresh token, expiration)
• ExtensionPay API key and user information
• Your preferences (dark mode, video sync settings, audio quality)
• Selected Sonos household and speaker group
• Google Analytics client ID (anonymous)

Our servers store:

• Account records linking your OAuth user ID to your Sonos tokens (encrypted)
• Subscription status information (via ExtensionPay)
• Aggregated, anonymized analytics data

We implement appropriate technical and organizational measures to protect your data:

• All data transmission uses HTTPS/TLS encryption
• WebSocket connections use WSS (secure WebSocket)
• OAuth tokens are stored securely and refreshed automatically
• Rate limiting protects against abuse
• Server infrastructure is hosted on secure cloud platforms (Cloudflare, Hetzner)
• Access to production systems is restricted and logged

We use ExtensionPay for subscription management and payment processing. ExtensionPay stores:

• Your email address
• A unique user identifier
• Subscription status and dates
• Trial start date (if applicable)

Payment processing is handled by Stripe (through ExtensionPay). Stripe processes and stores your payment information according to their Privacy Policy.

We use Google Analytics 4 to collect anonymized usage statistics. This helps us understand how users interact with our extension and identify areas for improvement. Google Analytics may collect:

• Anonymous client ID (not linked to your identity)
• Session information
• Event data (feature usage, errors)
• Engagement metrics

You can learn more about Google's data practices at Google's Privacy Policy.

We integrate with the Sonos API to control your speakers. When you authorize Cast to Sonos, Sonos provides us with OAuth tokens. We use these tokens solely to:

• List your households and speaker groups
• Control playback (play, pause, volume)
• Load audio streams to your speakers

Sonos's privacy practices are governed by their Privacy Policy.

We use New Relic for server-side performance monitoring and error tracking. This helps us maintain service reliability and quickly identify issues.

Our API and website are served through Cloudflare, which provides CDN, DDoS protection, and security services. Cloudflare may process request metadata according to their Privacy Policy.

• View Local Data: You can view data stored by the extension in Chrome's developer tools (Application → Storage)
• Reset Extension: Use the "Reset" button in the extension options to clear all locally stored data
• Logout: Use the "Logout" button to remove your account credentials from the extension
• Revoke Sonos Access: You can revoke Cast to Sonos's access to your Sonos account through your Sonos account settings

• Disable Frontend Scripts: In extension options, you can disable frontend scripts that detect page metadata (title, thumbnail)
• Disable Video Sync: You can disable automatic video synchronization in extension options
• Uninstall: You can stop all data collection by uninstalling the extension from Chrome

To permanently delete your data:

• Uninstall the extension to remove all local data
• Contact ExtensionPay to delete your subscription data
• Contact Stripe to delete your payment information
• Contact us at support@casttosonos.com to request deletion of any server-side data associated with your account

If you are located in the European Economic Area, you have additional rights including:

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to lodge a complaint with a supervisory authority

To exercise these rights, contact us at support@casttosonos.com.

California residents have the right to:

• Know what personal information is collected
• Know whether personal information is sold or disclosed and to whom
• Say no to the sale of personal information (we do not sell personal information)
• Access your personal information
• Request deletion of your personal information
• Not be discriminated against for exercising your privacy rights