Add to Chrome

Privacy Policy

TicketHop — Notes & Work Item Recall for Azure DevOps

Last updated: January 25, 2025

1. Overview

TicketHop is a Chrome extension that helps you track visited Azure DevOps work items and projects, take private notes, and optionally sync your data across devices.

By default, all your data stays on your computer. Nothing is transmitted to external servers unless you explicitly opt in to cloud sync as a Pro subscriber.

2. Information Stored Locally (Never Leaves Your Device)

The following information is collected and stored only in your browser's local storage. This data never leaves your computer unless you opt in to Pro sync:

  • Azure DevOps project details (name, URL, icon) from pages you visit
  • Work item details (ID, title, URL, type) from pages you visit
  • Notes you create for work items (markdown text)
  • Timestamps of when you access work items and projects
  • A device identifier (randomly generated UUID per installation)

3. Information Transmitted to Our Servers

Without Pro subscription: No user content data is transmitted. Only basic account authentication (email/password) if you create an account.

With Pro subscription and sync enabled: Your data is transmitted as encrypted blobs using zero-knowledge encryption (see "Zero-Knowledge Sync" section below).

4. How We Use Your Information

  • To provide work item tracking and note-taking functionality locally on your device
  • To authenticate your account (if you create one)
  • To process subscription payments via Stripe (Pro subscribers only)
  • To sync encrypted data between your devices (Pro subscribers who opt in only)

We do not use your data for advertising, profiling, or selling to third parties.

5. Data Storage

5.1 Local-First Storage

All your data (projects, work items, notes) is stored locally on your device using IndexedDB and Chrome's storage API. This data never leaves your browser unless you are a Pro subscriber and explicitly enable sync.

5.2 Zero-Knowledge Sync (Pro Subscribers Only)

Pro subscribers can opt in to sync their data across devices. This sync uses zero-knowledge encryption:

  • All your data is encrypted locally on your device using AES-256-GCM encryption before it leaves your browser
  • Your data is encrypted with a master password that only you know
  • Your master password is never transmitted to or stored on our servers
  • Our servers only receive and store encrypted blobs — we cannot decrypt or read your data
  • We have no ability to access your notes, work items, or any synced content

Important: If you forget your master password, no one can help you recover your data. Your only option is to reset sync and start fresh with a new master password, which will require re-syncing from one of your devices.

6. Third-Party Services

  • Stripe: Processes subscription payments for Pro subscribers. Your email and billing information are shared with Stripe when you subscribe.
  • parkbridge.app: Our backend service that stores encrypted sync blobs (Pro subscribers only) and handles account authentication.

We do not use Google Analytics, error tracking services, or any other third-party analytics.

7. Permissions Explained

Permission Why We Need It
activeTab To detect which Azure DevOps page you're viewing
scripting To extract work item and project information from Azure DevOps pages
storage To save your notes, settings, and authentication tokens locally
Host access to dev.azure.com and *.visualstudio.com To read work item details from Azure DevOps pages
Host access to parkbridge.app To authenticate and sync encrypted data (Pro subscribers only)

8. Data We Do Not Collect

We do not collect health information, financial or payment data (beyond what Stripe requires for billing), personal communications, location data, keystrokes, mouse movements, or content from websites outside Azure DevOps.

9. Page Access

The extension runs only on Azure DevOps pages the user is authorized to access and reads only visible information such as work item ID, title, and project name.

10. Data Retention

  • Local data: Stored on your device until you delete it or log out
  • Cloud data (Pro sync): Encrypted blobs retained on our servers while your account is active. We cannot read this data.
  • Device ID: Persists on your device even after logout

Local data can be deleted by uninstalling the extension. Users may request account deletion at any time. If a subscription is cancelled and not renewed, account data (including encrypted synced data) may be permanently deleted after 30 days.

11. Your Controls

  • Use without an account: All features work locally without creating an account (except Pro sync)
  • Pro sync is opt-in: Your data only leaves your device if you subscribe to Pro and enable sync
  • Delete notes and items: Remove individual records anytime
  • Log out: Clears all local data except device ID
  • Reset sync: Force a fresh sync from your current device with a new master password if needed

12. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR). Ruslan Grabar, doing business as ParkBridge.App ("ParkBridge"), is the data controller for personal data processed through the Service. Our lawful bases for processing are: contract performance (providing the Service), legitimate interest (improving the Service), and consent (where applicable).

You have the right to:

  • Access: Request a copy of the personal data we hold about you. We can export your account data upon request.
  • Rectification: Request correction of inaccurate personal data
  • Erasure: Request deletion of your personal data ("right to be forgotten")
  • Data portability: Receive your data in a structured, machine-readable format
  • Restriction: Request that we restrict processing of your personal data
  • Objection: Object to processing of your personal data based on legitimate interests
  • Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior processing

To exercise any of these rights, contact us at [email protected]. We will respond to your request within 30 days. Note that synced data is encrypted with zero-knowledge encryption — we can export the encrypted blobs associated with your account, but we cannot decrypt their contents.

You also have the right to lodge a complaint with your local data protection supervisory authority. In Spain, this is the Agencia Española de Protección de Datos (AEPD) at www.aepd.es.

13. Security

  • All data stays local by default — nothing transmitted without your explicit opt-in
  • Zero-knowledge encryption ensures we cannot read your synced data
  • Synced data is encrypted with AES-256-GCM before transmission
  • Master passwords are never stored on our servers
  • All communication with our servers uses HTTPS/TLS encryption
  • Session keys are cleared when you close your browser

14. Children's Privacy

TicketHop is not intended for children under 13 and we do not knowingly collect data from children.

15. Changes to This Policy

We may update this policy periodically. Material changes will be reflected by updating the date above. Continued use of the extension after changes constitutes acceptance of the updated policy.

16. Contact

For questions about this Privacy Policy, please contact us at [email protected].