Privacy Policy

Last updated: 2026-04-25

Eyedesk is a Chrome extension that parses ophthalmic biometry reports (Tomey OA-2000, Haag-Streit Lenstar, Zeiss IOLMaster, Alcon Argos) and autofills the ESCRS IOL calculator. This policy explains what the extension does with data.

What stays on your device

The following never leaves your browser:

• Biometry report files (images, PDFs) you drop into the extension
• Patient names, IDs, dates of birth, sex, and any other identifying information in those reports
• OCR text and extracted measurement values
• File names

All parsing runs locally via bundled Tesseract.js OCR and deterministic parsers.

What we collect

When you are signed in, Eyedesk sends the following anonymized telemetry events to our backend (Supabase):

• Your email address (used only for authentication and account recovery)
• Device type you parsed: one of oa2000, lenstar, iolmaster, argos, unknown
• Source: one of image, pdf_text_layer, pdf_ocr
• Success or failure (boolean)
• Number of fields successfully extracted (0–100)
• Number of fields outside typical physiological ranges (0–100)
• Duration in milliseconds (0–120000)
• OCR confidence: minimum and mean across words (0–100)
• App version (semver string, e.g. 0.3.0)
• Error code on failure (a short identifier like ocr_failed — never a raw error message)
• Event type: parse, fill, disclosure_acknowledged, account_deleted, signin_failed, signin_abandoned
• Event timestamp (server-generated)

No patient data, no file names, no OCR text, no free-form strings are sent.

Why we collect it

• To learn which biometry devices need better parser support.
• To find and fix failures without asking you for reports.
• To enable future subscription billing.

Telemetry is not optional — using Eyedesk requires acknowledging this disclosure. You can stop all data collection by deleting your account (see below).

Where it's stored

All data is stored on Supabase (Postgres cluster hosted on AWS us-east-1). We may move to an EU region as EU usage warrants.

How long

Usage events are retained for 24 months from creation, then automatically deleted.

Your account record persists until you delete it.

How to delete your data

Open the extension → Settings → "Delete account and data" → type delete → click the red button.

Within seconds, we delete:

• Your authentication record (email)
• Every usage event associated with your account

Deletion is immediate and irreversible. The extension returns to the sign-in view.

Sub-processors

• Supabase (database, authentication, edge functions, storage) — supabase.com/privacy
• Resend (transactional email delivery for sign-in codes) — resend.com/legal/privacy-policy
• Google (OAuth identity provider, only if you sign in with Google) — policies.google.com/privacy

Contact

Privacy questions or requests: luiscarlossfaria@gmail.com

Changes

If this policy changes materially, the extension will prompt you to acknowledge the new version before your next parse.