Date revised: 15.09.2019
All data is saved locally* and is only transferred to the stated services below. All sensitive user data usage and storage for these services is described in detail there. MAL-Sync has no control over what these external services collect and store, but if you are interested we linked their privacy policies underneath.
The currently active session cookie is used for accessing MAL. This cookie is never saved and is handled by the browser's extension API.
The access token is saved locally* after the Anilist authentication process.
The email and password are required to access the service. They are directly sent to Kitsu and never saved or transferred anywhere else. Only the returned access token is saved locally*.
The access token is saved locally* after the Simkl authentication process.
Firebase realtime database: https://firebase.google.com/support/privacy
The service is provided by Google. The content is managed by us. It only contains a mapping database between the services and the supported pages. No personal data is saved or handled there. It is used to improve our database mapping detection for titles.