← Back to Lux

Lux Privacy Policy

Last updated: June 25, 2026

Lux (“the extension”) is a new tab dashboard for Chrome and Brave. This policy explains what data Lux accesses and how it is handled. The short version: Lux runs in your browser and keeps your data on your device. Lux operates no server that stores your data — the only Lux-run infrastructure is a minimal, stateless sign-in relay (described below) used to connect certain accounts, and it stores nothing.

Who operates Lux

Lux is operated by an individual developer. Contact: hyunwoojames@gmail.com.

Data Lux accesses

• Dashboard settings and content you create (widget layout, tasks, quick links, preferences). Stored locally via the browser’s chrome.storage.
• Connected-account tokens. When you connect Google, Outlook, Spotify, or GitHub, the resulting OAuth access/refresh tokens are stored locally on your device so the relevant widget can call that service on your behalf.
• Basic account identity. When you connect an account, Lux reads basic profile details (such as your email address or username) to confirm which account is connected.
• Google Calendar and Outlook Calendar data (read-only). If you connect a calendar, Lux reads your upcoming events to display them in the calendar widget. This data is fetched directly from Google or Microsoft to your browser.
• GitHub data (read-only). If you connect GitHub, Lux reads your contribution activity, notifications, and pull requests to display them in the GitHub widget. This data is fetched directly from GitHub to your browser.
• Browser data via optional permissions. If you enable features that use them, Lux may read your bookmarks, browsing history, open tabs, recently closed sessions, or most-visited sites to power the launcher and quick-access features. These are requested only when you turn on a feature that needs them and are used only on your device.
• Search queries you type into the launcher’s web search may be sent to the search-suggestion service you are using (e.g. Google or DuckDuckGo) to fetch autocomplete suggestions, exactly as your browser’s address bar would.

How Lux uses this data

Data is used solely to provide the features you see: rendering your dashboard, displaying your calendar events, controlling playback, and powering search and quick access. Lux does not use this data for advertising, profiling, or any purpose unrelated to the features you enable.

Storage and retention

All settings and tokens are stored locally in your browser and remain there until you remove them — by disconnecting an account, clearing the data, or uninstalling the extension. Nothing is stored off your device; the sign-in relay described below keeps no data either.

Sharing

Lux does not sell, rent, or share your data with any third party. The only network requests Lux makes are directly to the services you connect (Google, Microsoft, Spotify, GitHub), to search-suggestion endpoints, and to the Lux sign-in relay during the one-time connection of accounts that require it — all to provide the features you requested.

Sign-in relay

Some services (such as GitHub) require a confidential final step to complete sign-in that cannot be performed safely inside a browser extension. To support them, Lux runs a small, stateless relay (hosted on Cloudflare) that performs only this one step: it receives a single-use authorization code from your browser, exchanges it for an access token with the provider, and returns that token to your browser. The relay has no database, stores no data, keeps no logs of your personal information, and is not involved again after sign-in — from then on the widget talks to the service directly from your browser. Your tokens are stored only on your device.

Google user data — Limited Use

Lux’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, the Google data Lux accesses — your calendar events (via the calendar.readonly scope) and your account email (via the userinfo.email scope) — is used only to display your events and identify the connected account, on your device; it is not transferred to others, not used for advertising, and not read by humans.

Changes

If this policy changes, the updated version will be posted at this URL with a new “Last updated” date.