Privacy Policy
Last updated: 2026-05-20
This policy explains what data the LibSpace Boox Connector browser extension and the libspace.io website collect, how it is used, and what rights you have. The short version: the extension is free, there are no user accounts on our servers, and your files never pass through our infrastructure.
1. Data we collect from the extension
The extension sends anonymous usage events to our analytics provider (Mixpanel) when it's used. Each event contains:
- The event name (Connected, Send, or Send Failed)
- The file extension (e.g., “pdf”)
- The file size bucket (e.g., “1-10MB”)
- The duration in milliseconds
- The error category for failed sends (e.g., “auth”, “network”)
- The Boox region you chose (us, eu, or cn)
- The extension version
- A random per-install identifier (a UUID generated the first time you open the extension)
No personally identifying information, no file contents, no file names, and no Boox account credentials are sent.
2. Data we collect from the website
The libspace.io website uses Google Analytics with IP anonymization enabled. Google Analytics receives the truncated IP for approximate geolocation and security checks, plus referrer source, browser type, and pages viewed. This is standard web-analytics data; we don't use it for advertising or profiling, and we don't store IP addresses ourselves.
3. Data that stays in your browser
The extension stores the following locally in your browser's encrypted synced storage (chrome.storage.sync), so you don't have to sign in every time the popup opens:
- Your Boox account email address
- Your Boox session token (issued by Onyx)
- Your chosen Boox regional server
- The per-install analytics identifier from §1
None of this is transmitted to LibSpace. It exists only on your machine and (if you have Chrome sync enabled) Google's encrypted sync service.
4. How we use the data
The collected data is used only for:
- Detecting when the extension stops working (e.g., spikes in “Send Failed” events with the “auth” category often mean Onyx changed their authentication flow)
- Understanding rough usage patterns (which file types people send, which regions are most active)
- Counting unique installs over time
We do not sell data. We do not run ads. We do not build user profiles. We do not share data with advertisers, data brokers, or any third party other than the providers listed in §5.
5. Third-party services
Your data and our data necessarily flow through a few third parties:
- Onyx International (Boox cloud)— every file you choose to send goes from your browser to your Boox cloud account, then to your physical Boox device. Onyx's privacy policy applies to whatever happens inside their service: boox.com/privacy.
- Alibaba Cloud (Aliyun OSS)— Onyx's cloud uses Alibaba Object Storage Service for file storage, so your files transit their infrastructure on the way to your Boox. This is part of Onyx's pipeline; we have no contract with Alibaba.
- Mixpanel— receives the anonymous extension events listed in §1. Mixpanel's privacy policy: mixpanel.com/legal/privacy-policy.
- Google Analytics— receives the website visit data listed in §2. Google's policy: policies.google.com/privacy.
- Cloudflare — hosts the libspace.io website. Cloudflare may temporarily process IP addresses for routing and DDoS protection; this is standard CDN behaviour and they do not share that data with us beyond aggregate stats.
6. Where data is stored
Analytics events are stored on Mixpanel's servers (primarily United States) and Google Analytics servers (United States). Locally stored extension data lives on your computer and is synced via Google's Chrome sync infrastructure if you have that enabled.
All data transmissions use HTTPS. Locally stored credentials are protected by your browser's built-in storage encryption.
7. How long we keep data
We don't set custom retention periods for the third-party services — each retains data per its own default policy (see the policies linked in §5). Your locally stored extension data lives in your browser until you sign out, uninstall the extension, or clear your browser storage. The pending verification-code state used during sign-in is auto-cleared after ten minutes.
8. Your rights
You can:
- Stop sending events by uninstalling the extension
- Request deletion of all events associated with your per-install identifier — email support@libspace.io with the identifier (found in your extension's storage under the key
mixpanel_distinct_id) - Opt out of Google Analytics across all sites using Google's opt-out browser add-on at tools.google.com/dlpage/gaoptout
- Ask any general privacy questions by emailing support@libspace.io
9. Children's privacy
The extension is not directed at children under thirteen (or the equivalent minimum age in your jurisdiction). We do not knowingly collect data from children. If you believe a child has used the extension and you want their data deleted, contact us.
10. International users
If you use the extension from outside Canada, your data may be processed in the United States (Mixpanel, Google Analytics) and other countries where our service providers operate. By using the extension you consent to this processing.
11. Changes to this policy
We may update this policy as the service evolves. The “Last updated” date at the top of the page will reflect any changes. Material changes will be noted in extension release notes. Continued use after a change means you accept the updated policy.
12. Contact
Questions, deletion requests, or anything else about this policy: support@libspace.io