The information we gather or process is used solely for core functionality of Momentum and to improve the quality and security of our service. Your information isn’t and has never been sold to third parties.
Momentum account information
Your name, email, account settings, and extension data (such as to-dos and links) are transferred and stored securely, solely for your usage within our extension and not shared with any other third parties, except as specified in this policy.
To upgrade to Momentum Plus, your credit card number, credit card expiration date, security code, name, country and postal code are required. All payment processing is done through a PCI compliant third party (Stripe, Inc.). When paying by a credit card, the card details do not pass through our servers, they are sent directly to Stripe and are stored securely, as per their Privacy and Security policies.
To perform requested changes to or inquiries about your Momentum Plus account (cancelling, refunding, or changing payment details), authorized members of Momentum’s support team could potentially view payment-related information contained in Stripe’s databases (this is limited to billing name, billing address, postal code, the last four digits of credit card(s), and credit card expiry date(s)) while accessing subscription information via Stripe’s payment dashboard. This information will only be accessed upon your request.
Data accessible through WebExtensions API
WebExtension APIs used within Chrome Extensions and Firefox Add-ons have fine-grained permission levels that are enforced by the Web Browser, restricting information that our extension has access to within your Browser. The Momentum extension can only access specific information that you have explicitly granted permission for. We can not and do not track your browsing history.
Additional optional permissions may be requested when you enable specific features. When you enable a feature that requests an optional permission, your Web Browser will make it clear what permission(s) are being requested. The feature will be accessible once you choose to allow the requested permission(s).
|Information/Permission||Feature||Where it is used||Optional|
|Location||Weather||Location could be sent to our weather provider API to determine your closest weather station. At no time is your physical location retrieved from your web browser stored in any way that could be correlated to your Momentum account.||No|
|Bookmarks and most visited websites||Bookmarks Bar||Used only within the Extension to display a Bookmarks Bar. This is not sent or stored elsewhere.||Yes|
You can prevent your location and/or IP address from being sent to directly to our third-party weather provider by turning off the Weather app (Settings → General → Toggle Weather). Alternatively, with the Momentum Plus advanced Weather app, your location is sent only to our servers to retrieve current weather information.
Feature usage data
To improve the content, features and overall experience of the extension, we gather and log data on how our users access and use Momentum Dashboard. For example, we may log actions like clicking on a photo source, favoriting a quote, or completing a to-do (not the content of the to-do, just the action of completing it).
Some of this usage data is sent to Google Analytics. In these cases, we do not send any identifying information that could be correlated with your account. We also make use of their IP anonymization feature to prevent your IP from being associated with your usage data.
We use several vendors/sub-processors to conduct various aspects of our business.
|Microsoft Azure||Microsoft Azure powers our core Cloud infrastructure (providing the necessary hardware, software, networking, storage, and other related technology required to run Momentum). The bulk of our user data is hosted in Microsoft Azure.|
|Stripe||Credit card data, payments and renewals are processed by Stripe.|
|Mandrill||Transactional Emails to our users are sent via Mandrill. Your email address and the contents of the email are sent to Mandrill. We specifically direct Mandrill not to archive the contents of transactional emails.|
|Flickr||Some photos/backgrounds are retrieved from Flickr. A request is made from your IP address to download photos.|
|Unsplash||Some photos/backgrounds are retrieved from Unsplash. A request is made from your IP address to download photos.|
|123RF||Some photos/backgrounds are retrieved from 123RF. A request is made from your IP address to download photos.|
|Google Analytics||Google Analytics is an industry standard third-party analytics service that we use to better understand the usage and performance of our service(s). The information is anonymized so that it is not tied to your IP address.|
|Yahoo Weather API||Weather data for our free users is retrieved via Yahoo Weather API. A call is made from your IP address to request weather data. Momentum Plus uses a more accurate weather feed, which is processed through our servers with no personally identifiable information being sent to the third party server.|
|DuckDuckGo||Thumbnails for links and bookmarks are retrieved using DuckDuckGo. A call is made from your IP address to request thumbnails.|
|UserVoice||User data related to feature requests is maintained in UserVoice.|
|ZenDesk||User data for support purposes is maintained in ZenDesk.|
|Slack||Used for internal communications. User data may be discussed for support purposes.|
|Trello||Used for internal communications. User data may be discussed for support purposes.|
|Dropbox||Used for internal communications. User data may be discussed for support purposes.|
|Gmail||Used for internal communications. User data may be discussed for support purposes.|
|Google Docs||Used for internal communications. User data may be discussed for support purposes.|
By using Momentum Dashboard, you may exercise the following rights:
Upon account deletion, your account is flagged as deleted and your data is no longer accessible. This data is stored for a grace period (90 days) to allow for account recovery in the case of accidental or malicious deletion, or your desire to reopen your account. Upon request, you can expedite the process of performing a hard delete to remove all of your personal data from our databases. After a hard delete, your data will be deleted from our system, but could still be present in encrypted database backups for up to an additional 35 days.
To request an expedited hard delete, please send a message to firstname.lastname@example.org.
Data security is a priority at all times. We use a Tier 1 cloud provider to run our operations (Microsoft Azure).
In Transit All data communication in transit to and from our servers is secured using HTTPS/TLS. All Momentum domains have HTTP Strict Transport Security (HSTS) enabled and are in the HSTS Preload list on the major browsers supporting this feature.
At Rest All data in our databases and their associated backups are encrypted at rest.
Last updated May 24, 2018.