This privacy policy explains what data the AI Copilot Sidepanel Chrome extension (the "Roboticulous") collects, how the Extension uses and stores that data, who we share it with, and the controls available to you. The Extension is designed to run locally in your browser and to call third party services only when you explicitly use features that require network access (LLM providers, web search, TTS/STT, etc.).
If you have questions about this policy or need to exercise your data rights, please contact: privacy@example.com (replace with your real contact).
Quick Summary
- The Extension keeps most data local in your browser and only sends data to external services when you explicitly trigger features that require network access (for example: "Summarize page", run a web search, generate audio, or transcribe audio).
- API keys you enter (OpenAI, Anthropic, SerpAPI, etc.) are stored in your browser storage so the Extension can call those services on your behalf. We do not ship or keep copies of your keys outside your storage.
- You control what is sent: nothing from the current page, your clipboard, or your files is transmitted unless you ask the Extension to (for example, by pressing "Summarize page", uploading a file, or using "Read aloud").
- We do not sell your data.
What Data the Extension May Collect or Hold
The Extension only collects or stores the following if you use features that require them:
1. Account/Configuration Data (Stored in Your Browser)
- API keys and provider IDs you enter in Options (e.g., openaiKey, anthropicKey, serpapiKey, tts keys).
- UI preferences and defaults (default model, assistant language, userZip, default provider).
- Chat sessions / history that you explicitly create in the panel (saved to chrome.storage.sync by default).
- Local caches: currency exchange rates and other small caches stored in chrome.storage.local (used to avoid repeated external calls). TTL is applied (e.g., 24 hours).
- Canonicalization cache (product title → canonical name) stored locally to speed up reuse.
2. Page Content and Metadata
- When you use page features (e.g., "Summarize page", "Analyze page", "Read aloud", or run an extraction) the Extension extracts page text, title, URL, hostname and optional metadata (author, excerpt) and sends them to the selected provider only if you request that operation.
- Extracted page content is not sent automatically, only on demand.
3. Files & Media
- Files you attach through the panel (for example to ask the model about a PDF or image) are read locally and then uploaded to the provider(s) you selected only when you explicitly send them.
- Audio recorded or transcribed via the Extension (STT) will be sent to the chosen STT provider only with your explicit action.
4. Search Queries
- Web/search queries you submit (via the Search UI or chat commands) are sent to SerpAPI (or the engine you selected) to get results.
5. Minimal Runtime Telemetry (Optional, If You Enable It)
- The Extension does not collect analytics by default. If any telemetry option exists and you enable it, only high-level, non-personal usage metrics are collected (e.g., number of searches, error counts) to improve the Extension. You will be asked before any telemetry is enabled.
How We Use Data
- To perform the action you requested (LLM chat, summarize page, run web searches, generate or play audio, transcribe audio).
- To save and restore your chat sessions and preferences (if you choose to save them).
- To cache small amounts of data (rates, canonical names) to reduce redundant network calls and improve speed.
- To surface results and render UIs within the Extension.
We do not use your data for advertising or sell it to third parties.
Third-Party Services and Sharing
- When you use a feature that requires external processing (LLM, TTS, STT, SerpAPI, currency conversion), the Extension sends data to the third-party provider(s) you selected or configured.
- Example services: OpenAI, Anthropic, Google (OAuth or APIs), SerpAPI, exchangerate.host, ElevenLabs, etc.
- These providers will process and may store request/response data according to their own privacy policies. You should review and understand those third-party privacy policies before using those services.
- The Extension itself does not forward your API keys to any server that we control. Keys are stored in your browser storage and used directly from the extension to call providers.
- The Extension's background service worker acts as the client that makes outbound network requests on your behalf.
Storage, Retention and Deletion
Local Storage:
- Settings and API keys are stored in chrome.storage.sync by default (so they sync across devices on your Chrome profile). You can remove them via the Extension Options.
- Local caches (exchangerate, canonical names, local-only chat fallback) are stored in chrome.storage.local.
- If sync quota is exceeded, the Extension will fallback to local storage and inform you.
Retention:
- Chat history remains until you manually clear it (Clear, New Chat, or via Options), or until you remove the Extension.
- Cached items have TTLs (e.g., currency rates cached for 24 hours) and are automatically aged out.
Deletion:
- Remove chat history and saved sessions via the panel UI (or options) — this clears the stored entries in chrome.storage.sync / chrome.storage.local.
- Uninstalling the Extension removes Extension files; stored sync/local data may not be removed automatically from Chrome sync — use the Options UI to clear keys/history before uninstalling if you prefer immediate removal.
Security
- Keys and data are stored in your browser's Chrome storage. Protect your Chrome profile and device as you would other sensitive accounts.
- Do not paste private secrets into places that are not intended for storage.
- The Extension includes no server-side storage controlled by us (unless you opt into a cloud feature that explicitly requests separate consent).
- We recommend using provider keys that are scoped appropriately and rotating keys if they are accidentally exposed.
Your Controls and Choices
- You choose which providers to enable and which API keys to supply. If you do not provide keys, features that require those providers will be disabled.
- You choose when to extract page text, upload files, or send any content to an external service.
- You can clear saved chat history and cached data from the Extension UI or Options (clear buttons and session controls).
- You can uninstall the Extension at any time.
- If you need to know what data is saved in your browser storage for the Extension, open Chrome DevTools → Application → Storage → Extensions (or use the Extension's Options UI).
Data Protection & Legal Notes
- We do not knowingly collect or store children's data.
- If you are subject to data-protection laws (like GDPR or CCPA), you may exercise your rights (access, deletion, correction) by using the Extension UI to clear data or by contacting the address above for assistance.
- Because the Extension forwards user-provided content to third-party services (when you request), those third parties may retain that content under their own policies. We encourage you to review the privacy policies and terms of the third-party providers you choose to use.
Examples of What Is and Is Not Sent
Sent Only When You Request It:
- Page text and metadata when you trigger "Summarize page" or "Analyze page".
- Attachments (files or images) when you attach and send them.
- Chat prompts and messages to the LLM provider you selected when you send a chat message.
- Search queries to SerpAPI when you run a web search.
Not Sent Automatically:
- Your browsing history, other open tabs, cookies, saved passwords, or any data beyond what you explicitly select or request.
Changes to This Policy
We may update this policy from time to time. When we do, we will update the "Effective date" shown at the top. For material changes we will surface a notice in the Extension UI.
Contact
For questions, requests to access or delete data, or privacy concerns, email: privacy@example.com (replace with your real contact).