Developer Policies

Plugin Developer Privacy Policy

Last updated: April 25, 2026

1. Overview

This policy applies to all plugins built for this app.

Plugins must respect user privacy, operate transparently, and only access data necessary for their intended functionality.

2. Local-First Principle

This app is designed to be local-first.

Plugins must:

  • Only access user files and data when required for their feature
  • Limit access to the minimum scope necessary

User content (images, boards, files) must be treated as private.

3. Data Access & Use

Plugins may access or process data only when it is:

  • Necessary for functionality
  • Relevant to the feature being used

Plugins must not:

  • Access unrelated files or system data
  • Collect excessive or unrelated information

Data should not be retained longer than needed.

4. External Accounts & Services

Plugins may allow users to connect third-party accounts (e.g., social media, cloud services) if:

  • The user explicitly initiates the connection
  • The purpose of the connection is clearly explained
  • Authentication is handled securely (e.g., official APIs or OAuth when available)

Plugins may use access tokens or session data only as needed to perform the requested action.

Plugins must not:

  • Collect or store user login credentials (email/password)
  • Perform actions without the user's knowledge
  • Request more access than required

5. Network Requests

Plugins may send data over the internet when required for functionality.

All network activity must be:

  • Relevant to the feature
  • Transparent to the user
  • Limited to what is necessary

Hidden or unrelated data transmission is not allowed.

6. Storage

Plugins should avoid storing user data unless necessary.

If storage is required:

  • Data must be minimal
  • Data should remain local unless explicitly required otherwise

7. Transparency

Plugins must clearly disclose:

  • What data they access
  • What data they send externally (if any)
  • Any third-party services used

This information should be easy for users to understand.

8. Prohibited Behavior

Plugins may not:

  • Collect or sell user data
  • Track users across apps or services without disclosure
  • Inject ads, trackers, or hidden scripts
  • Exfiltrate local files or metadata unrelated to functionality
  • Interfere with the app, system, or other plugins

9. Security

Plugins must not:

  • Execute malicious code
  • Attempt to bypass system restrictions
  • Compromise user data or system integrity

10. Responsibility

Plugin developers are solely responsible for their plugins and their behavior.

We are not responsible for any damage, data loss, or issues caused by third-party plugins.

11. Changes

This policy may be updated over time. Continued development of plugins for this app means acceptance of the updated policy.

12. Contact

Questions: devs@pelican.app