What the extension reads and what it doesn't.

The Forktime Chrome extension (the "Extension") is published by Fork Time for use by authorized employees of restaurants with a Forktime account. This policy explains what it reads, why, and how the data is handled. It complements our general Privacy Policy — read both together.

1. What the Extension reads

• OpenTable session cookies on *.opentable.com and *.opentable.co.uk only. The Extension uses Chrome's cookies API and reads cookies on those two domains exclusively.
• The email address and password the operator enters in the Extension's sign-in form. These are sent to Fork Time's authentication endpoint only. The password is never stored on the device after sign-in — only the resulting authentication token is kept, in browser-local storage on that device.
• The Extension version and a timestamp on each cookie push, so the Fork Time team can troubleshoot operator devices.

2. What the Extension does NOT read

• No browsing history, no bookmarks, no tab contents, no clipboard data.
• No data from any site other than *.opentable.com and *.opentable.co.uk.
• No personal device identifiers, no advertising IDs, no telemetry SDKs.
• No data from incognito windows (incognito access is off by default).

3. How the data is used

OpenTable cookies are encrypted at rest on Fork Time's backend and used solely to authenticate read and write requests against the restaurant's own OpenTable Guest Center on the restaurant's behalf. They are not shared with third parties, not sold, and not used for any purpose other than synchronising reservations between Fork Time and OpenTable.

4. Transmission

All requests from the Extension go over HTTPS to Fork Time's API. No data is sent to any other host.

5. Retention

The encrypted OpenTable session is stored alongside the restaurant's Fork Time record and overwritten on each successful sync. Deleting the restaurant's Fork Time account removes the stored session immediately.

The authentication token kept in browser-local storage is removed when the operator signs out, when the token expires, or when the Extension is uninstalled.

6. Permissions

• cookies — Read OpenTable session cookies on *.opentable.com to sync the operator's signed-in session to the restaurant's Fork Time backend so reservations import automatically.
• storage — Store the operator's authentication token and sync state locally between popup opens.
• alarms — Run a 15-minute cookie freshness check in the background.
• host_permissions — OpenTable domains for cookie reads; Fork Time API endpoints for cookie push.

The Extension declares no content_scripts, no <all_urls> host permission, and no webRequest permission. It cannot read or modify the contents of any web page.

7. User control

• Operators can sign out at any time from the Extension popup, which removes the stored authentication token from their browser.
• Operators can uninstall the Extension at any time from chrome://extensions, which removes all locally-stored data.
• Operators or restaurant owners can request deletion of the encrypted session from Fork Time's backend by emailing privacy@forktime.ai.

8. Changes to this policy

We may update this policy from time to time. Material changes will be announced by email to the restaurant's account owner and reflected here at least 30 days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision.

9. Contact

Privacy questions: privacy@forktime.ai. General support: support@forktime.ai.

— The Fork Time team