Last Updated: May 2026 (v2.2.2)
Overview
Mark It Down is a Chrome extension that provides a WYSIWYG Markdown note-taking experience in your new tab and side panel. Starting with v2.0.2, it also includes a Web Clipper that lets you save any web page or AI chat output as Markdown directly into your notes. As of v2.2.0, the extension also lets you subscribe to user-registered RSS feeds and uses a per-origin dynamic host permission flow so you can grant or revoke access to clip targets and feed sources individually. v2.2.2 adds opt-in background polling and desktop notifications for new RSS articles. This privacy policy explains how we handle your data.
Data Collection
Mark It Down does NOT collect, transmit, or share any personal data.
All your notes and settings are stored locally in your browser using Chrome's storage API. We do not have servers and do not collect any information about you or your usage.
Data Storage
| Data Type | Storage Location | Transmitted? |
|---|---|---|
| Notes | Local (chrome.storage.local) | No* |
| Settings | Local (chrome.storage.local) | No |
| Git Token | Local (encrypted) | No |
*Unless you explicitly enable Git synchronization
Web Clipper (Added in v2.0.2)
The Web Clipper lets you right-click any page to save it as Markdown into your notes.
How It Works
- When you right-click and choose a clip action, the extension reads the current tab's HTML and converts it to Markdown
- The resulting Markdown is saved locally to your notes — no data is sent to any server
- Some platforms (e.g. AI chat services) may use your authenticated session cookies to retrieve higher-quality content for conversion. These cookies are never collected, transmitted, or stored by the extension
What the Web Clipper Does NOT Do
- No automatic background reading — pages are only read when you explicitly trigger a user action (clip command, or the RSS fetch action described below)
- No credential collection or transmission of any kind
- No browsing history tracking
- No access to other tabs or windows
RSS Feeds (Added in v2.2.0)
The RSS feature only operates on feed URLs that you yourself register in Settings > RSS Feeds. The extension never autonomously contacts URLs you have not registered or origins you have not authorized.
How It Works
- Per-origin grant: When you register a feed URL, Chrome prompts you to grant access to that feed's origin only (e.g.
https://example.com). The extension never requests broad permissions like<all_urls> - Feed fetching: When you press the refresh button, or when scheduled refresh is enabled, the extension issues HTTPS requests to the registered origin to retrieve the RSS XML
- Article clipping: When you save an article from a feed, if the article URL's origin has not been granted yet, you are prompted again for that origin only. You can decline
- Local conversion: Retrieved RSS XML and article HTML are converted to Markdown entirely inside your browser. They are never sent to our servers (we don't have any) or to any third-party server
- Revocation: Removing a registered feed automatically revokes its host permission. You can also revoke permissions individually from Chrome's extension settings
Background Polling and Notifications (Added in v2.2.2)
When you enable scheduled refresh in RSS settings, the extension uses Chrome's alarms API
to wake the background service worker at your configured interval and fetch registered feeds.
If you also enable desktop notifications, the extension uses Chrome's notifications API
to show a local notification listing new article titles when new items arrive.
Both features are opt-in and can be disabled independently in RSS settings — disabling scheduled
refresh cancels the alarm; disabling notifications suppresses the local alert.
No data leaves your browser as a result of either feature.
Things to Note
- The feed publisher's server will see normal HTTP access logs (IP address, User-Agent, timestamp, etc.) just like any web request. This is between you and that publisher
- Registered feed URLs and retrieved article data are stored only locally (chrome.storage.local) and are deleted when the extension is uninstalled
Git Synchronization (Optional)
If you choose to enable Git synchronization:
Token Security
- Encryption: Your token is encrypted using AES-256-GCM with PBKDF2 key derivation
- Storage: The encrypted token is stored only in your browser's local storage
- No transmission to us: Your token is never sent to our servers (we don't have any)
Data Transmission
- Direct Communication: Notes are transmitted directly between your browser and your Git repository
- No Intermediary: No data passes through any third-party servers
- Your Control: You can disconnect Git synchronization at any time
Permissions Explained
| Permission | Purpose |
|---|---|
| storage | Store your notes and settings locally in Chrome |
| unlimitedStorage | Support unlimited notes without storage restrictions |
| sidePanel | Enable the side panel feature for note-taking while browsing |
| contextMenus | Add right-click menu entries for the Web Clipper |
| activeTab | Read the current tab's content when you trigger a clip action |
| scripting | Run the content extraction script on the active tab during a clip action |
| alarms | Schedule periodic RSS feed polling at your configured interval. The schedule runs entirely inside your browser using Chrome's built-in alarm API; no remote scheduler is contacted |
| notifications | Show a desktop notification when new RSS articles arrive, only if you opt in from RSS settings. Notification content (new article titles) is generated locally from feed data already stored in your browser |
| optional_host_permissions (http/https) | Per-origin dynamic access for RSS feed URLs and Web Clipper article URLs. Granted only when you register a feed or clip a new origin, scoped to that single origin, and revocable at any time. The extension never pre-grants broad host access |
Third-Party Services
Mark It Down does not integrate with any third-party analytics, advertising, or data collection services.
The only external services involved are listed below. In every case, your browser communicates directly with the service — nothing passes through any server we operate:
- GitHub / GitLab (only if you enable Git synchronization) — destination for note sync
- RSS feed publishers you register (v2.2.0+) — source of feed XML
- Hosts of articles you clip with Web Clipper — source of article HTML
All three are limited to destinations you explicitly registered or acted upon. The extension never autonomously contacts origins you have not authorized.
Data Retention
- Your data remains on your device as long as the extension is installed
- Uninstalling the extension will delete all locally stored data
- We have no access to your data and cannot recover it
Contact
If you have questions about this privacy policy, please visit our Feedback page.
Summary
Your data is yours. We don't collect it, we don't see it, we don't sell it. Everything stays on your device.