Privacy

Short and sharp.

Last updated 2026-05-08. This page is the source of truth. If anything on the marketing pages contradicts it, the privacy page wins.

TL;DR

Your widget data lives on your device, not on our servers.
Cross-device sync uses Chrome’s own sync — we never see it.
Your GitHub and Linear tokens stay in your browser. We never touch them.
No analytics, no tracking pixels, no fingerprinting. Anywhere.

What Butter stores, and where

Everything your widgets need — your todos, your scratchpad, your pomodoro settings, your theme, your layout, your tokens — lives in your browser’s extension storage. It’s a sandbox only Butter can read; nothing leaves your device.

If you’re signed into Chrome with sync on, Chrome syncs that data across your devices under your Google account. We never see any of it. None of it touches our servers.

Cross-browser cloud sync (a Pro feature) is the only path that involves our servers. Even then, your dashboard is encrypted in your browser before it’s uploaded — we only ever see sealed blobs. Details are further down the page.

Connecting GitHub and Linear

To show your PRs and issues, those widgets need an access token. We run a small helper that handles the OAuth handshake for you so you don’t have to set up developer apps. It’s deliberately scoped: it sees enough to broker the connection, and nothing else.

What our helper sees

Which provider you’re connecting (GitHub or Linear).
The single-use OAuth code we trade for a token.
A short-lived random value used to prevent forgery attacks.
Your IP for the moment of the request, like any HTTPS call.

What it doesn’t

Your token. It’s handed straight to your browser and never stored on our side.
Any PR, issue, repo, or note you read with that token.
Your name, email, or anything else from your provider account.
Cookies. We don’t set any.

Once the connection is made, the helper steps out of the way entirely. From that point on, the widget talks to GitHub or Linear directly from your browser.

Third-party APIs widgets call directly

Some widgets call third-party APIs straight from your browser, with no Butter middleman:

Weather — open-meteo.com (no auth, no account required).
Hacker News — Algolia’s public HN search API.
Reddit — old.reddit.com’s public JSON endpoints.
GitHub & Linear — their respective APIs, with your token.

Those providers can see standard request metadata (your IP, the path you fetched). We can’t — those calls don’t pass through us.

Pro: cross-browser sync

Pro lets you sync across Chrome, Firefox, and Safari. We don’t need to read your dashboard to do that — here’s how it works:

1. Your browser turns your password into an encryption key. We never see the password.
2. Your dashboard is encrypted in your browser before it goes anywhere.
3. We store the sealed blob and a version number. That’s it.
4. Your other browsers pull the blob and decrypt it locally.

In practice: if our servers were breached tomorrow, attackers would walk away with sealed blobs and email addresses. Your dashboard would still be unreadable.

Pro: AI Inbox

The AI Inbox widget asks Anthropic’s Claude to summarize your PRs, issues, and email previews. To do that, the relevant titles and snippets are sent over at request time. No training on your data, no persistence of requests, and the widget is opt-in — turn it off and the rest of Butter is unaffected.

Analytics & marketing

This site uses no third-party analytics, no tracking pixels, and no fingerprinting. If you ever want us to delete your email, drop a note to support@trybutter.xyz and it’s gone.

Contact

Questions, concerns, or security reports — drop us a line at support@trybutter.xyz and we’ll get back to you.