Privacy Policy

Canvas Deadline Aggregator

Effective: July 1, 2026 Last updated: July 1, 2026
The short version

This extension was built to solve one problem: seeing every Canvas deadline in one place. It was not built to collect data about you, and it doesn't.

01

Who this policy covers

Canvas Deadline Aggregator is a browser extension that pulls your assignment deadlines from Canvas LMS and displays them sorted by urgency, with optional Google Calendar links and reminder notifications. It is an independent, unofficial tool built by a student for students. It is not affiliated with, endorsed by, or sponsored by Instructure, Canvas LMS, Google, or any university.

This policy explains what information the extension handles, how it's used, and what control you have over it. It applies to the extension itself and does not cover any third-party website you navigate to from it, including your school's own Canvas site or Google's services.

02

Information we collect

Everything below is entered by you or generated locally as you use the extension. None of it is transmitted to us, because the extension has no backend server to send it to.

DataWhy it's collected
Canvas domainThe web address of your school's Canvas site, so the extension knows where to request your assignments from.
Canvas access tokenA credential you generate yourself in Canvas's own settings, used to authenticate requests to your school's Canvas API on your behalf.
Cached assignment dataTitles, due dates, point values, course names, and links, fetched from Canvas so the dashboard can display them without refetching on every click.
Dismissed / notified assignment IDsA short list of assignment IDs you've dismissed or already been notified about, so they don't reappear or re-notify unnecessarily.
Display preferencesYour light/dark theme choice.

None of this requires you to create an account, provide an email address, or identify yourself to us in any way. We don't know who you are, and we have no way of finding out.

03

Information we don't collect

04

How your information is used

Your Canvas domain and access token are used for exactly one purpose: to make a direct, encrypted (HTTPS) request from your own browser to your own school's Canvas domain, asking for your active courses and assignments. That request goes straight from your device to Canvas. It does not pass through any server operated by this extension's developer, because none exists.

The assignment data that comes back is used only to render your dashboard, popup, badge count, and reminder notifications, all locally on your device.

05

Where your information is stored

Everything is stored using your browser's built-in extension storage (chrome.storage.local), which is sandboxed to this extension and lives only on your device. It is not synced to any cloud service by this extension, is not accessible to other extensions or websites, and disappears immediately if you uninstall the extension or clear its storage.

In short: there is no database, no cloud backend, and no copy of your data anywhere outside your own browser.

06

Third-party services

The extension interacts with a small number of external services, each limited to a specific, visible feature:

Your school's Canvas domain

Receives your access token and API requests directly from your browser, exactly as if you'd visited Canvas yourself. Canvas's own privacy practices govern how your school's Canvas instance handles this.

Google's favicon service

To show small site icons next to your bookmarks and most-visited sites, the extension requests icons from Google's public favicon endpoint, passing along the domain of each site (for example, github.com). This is a standard, one-way icon lookup; it does not include your Canvas data, your identity, or any browsing history beyond the domain being looked up.

Google Calendar

The "Add to Calendar" button opens a pre-filled Google Calendar event creation page in a new tab, using a link built entirely on your device. No request is made to Google on your behalf until you click that link yourself, and at that point you're interacting directly with Google's own site under Google's own privacy policy.

Search bar

If you use the search bar on the dashboard, your search query is sent to Google Search, the same as typing into any browser address bar. This is standard browser behavior, not something the extension adds on top.

07

Permissions this extension requests

Chrome requires extensions to declare upfront what they can access. Here's what each permission is for, in plain terms:

storage
Save your Canvas domain, token, and preferences locally on your device.
alarms
Run a periodic background refresh so your deadlines stay current without you having to open the extension.
notifications
Show a reminder notification roughly a day before something is due.
topSites / bookmarks
Display your most-visited sites and bookmarks bar on the optional full dashboard. This data is read locally and never leaves your device.
host permissions (Canvas domains)
Allow the extension to make API requests to Canvas domains. If your school uses a custom domain, you'll see a one-time browser permission prompt when you enter it in Settings, which is Chrome asking your explicit consent before that domain can be contacted.
08

Your choices and controls

09

Security

All communication with Canvas happens over HTTPS. Your access token is stored using your browser's own extension storage sandbox, which is isolated from other extensions and from websites you visit. Because there is no server component to this extension, there is no central database of user tokens that could be exposed in a breach - each student's data lives only on that student's own device.

No security measure is perfect, and you're encouraged to treat your Canvas access token the way you'd treat a password: don't share it, and revoke it if you ever suspect it's been exposed.

10

Children's privacy

This extension is intended for students using Canvas LMS, generally at the secondary and higher education level. It is not directed at children under 13, and we do not knowingly collect personal information from children under 13. Because the extension has no server and no account system, we have no mechanism to collect such information in the first place. If you believe a child has used this extension in a way that raises a concern, please reach out using the contact details below.

11

Changes to this policy

If this policy changes, the "Last updated" date at the top of this page will change with it. Meaningful changes, such as any change to what data is collected or how it's used, will be reflected in a new version of this document before they take effect. Continuing to use the extension after an update means you accept the revised policy.

12

Contact

Questions, concerns, or requests about this policy or your data can be sent to:

ksaipraneethreddy123@gmail.com