Browser Extensions Privacy Policy
Last Update: November 10, 2025
We respect your privacy and are committed to being transparent about what data we collect, how we use it, and how we protect it.
This Privacy Policy applies to our Chrome Extension:
We do not sell or share your data with third parties. We use limited data to operate and improve features like rewriting and analysis.
By using the extensions, you help us understand which features are helpful so we can make them better for everyone.
1. Information We Collect
- Usage data: information about how you interact with the extension (e.g., which features you access, frequency of use). This helps us identify which AI rewriting features are most valuable and optimize performance.
- Browser session activity: to provide reliable service, balance server load, and prevent abuse, we collect basic browser session metrics including: (a) URLs and content of open browser tabs to enable text processing features and context-aware functionality, (b) user idle/active state (detected via Chrome's idle API) to pause non-essential background tasks, conserve system resources, and accurately count active users for capacity planning, (c) periodic lightweight status pings (approximately every 25 seconds when the extension is running) to measure real-time concurrent users and dynamically scale infrastructure to handle demand without service interruptions, (d) basic browser window focus state to detect if the extension is in an active browser session. This data is used exclusively to: provide core text rewriting functionality, detect automated bot behavior, distinguish genuine human usage patterns from scripted attacks, prevent API abuse by identifying suspicious activity patterns, and ensure fair usage across all users.
- Unique anonymous identifier: a randomly generated ID is created for each installation to prevent API abuse, ensure fair usage limits, and measure genuine active user engagement. This identifier does not contain any personally identifiable information (such as name, email, or browsing history). It is essential for protecting our infrastructure from malicious automated requests and ensuring service availability for all users.
- IP address and basic geographic info (country, region) via https://ipapi.co/json / https://ipinfo.io/json. This data is critical for: (a) routing your AI processing requests to the nearest server region to minimize latency and provide faster rewriting results, (b) detecting and preventing automated abuse and bot attacks that could degrade service quality, (c) complying with regional data processing regulations and ensuring the extension functions legally in all jurisdictions, (d) optimizing AI model responses for different languages and cultural contexts based on geographic usage patterns. This data is never used for tracking, advertising, or sold to third parties. IP addresses are processed in transit only and not permanently stored with your requests.
- Local storage: we save your preferences, usage settings, and temporary cache in Chrome storage to provide seamless experience across sessions and reduce redundant API calls.
We do not collect personally identifiable information (e.g., name or email) unless you voluntarily provide it. All collected data serves the sole purpose of delivering, securing, and improving the core text rewriting functionality.
2. How We Use the Information
- To enable core functionality: routing AI requests to appropriate processing endpoints, managing API rate limits per installation, and delivering rewriting results back to you.
- To maintain service availability and balance load: the extension sends lightweight 'heartbeat' signals (approximately every 25 seconds when the extension is running) to our servers. These pings contain: (1) your anonymous installation ID, (2) timestamp, (3) tab URLs and content from open tabs. These are essential for: (a) measuring how many users are actively using the extension at any given moment to properly scale server capacity and prevent service outages, (b) detecting bot activity patterns and usage patterns that indicate automated abuse, (c) distributing incoming AI processing requests across available servers based on real-time active user counts, (d) inferring when users have closed their browsers by the absence of expected pings, allowing us to free up allocated resources for others, (e) keeping persistent connections ready for instant text processing without delays, (f) providing context-aware text processing features based on the content you're viewing.
- To ensure service security and availability: detecting abnormal usage patterns that may indicate bot attacks or API abuse, preventing service degradation for legitimate users, and maintaining fair usage policies.
- To optimize performance: directing requests to geographically nearest servers to reduce latency and improve response times, caching frequently used AI models in regions with high demand.
- To manage infrastructure capacity: analyzing concurrent active user metrics to automatically scale server resources up or down, ensuring consistent service quality during peak usage times, preventing system overload by proactively adding capacity when user counts increase, and optimizing costs by reducing unused resources during low-traffic periods.
- To ensure legal compliance: adapting data processing flows to meet regional privacy regulations (GDPR, CCPA, etc.) based on user location, and maintaining audit logs for security purposes as required by law.
- To improve service quality: analyzing anonymous aggregated metrics (such as which features are used most frequently, average processing times, and user satisfaction indicators) to identify areas for improvement. Important: Your submitted text content is never used for AI model training. All improvements are based solely on: statistical usage patterns (e.g., which rewriting styles are selected most often), performance metrics (e.g., processing speed by region), and anonymous feature engagement data — never on the actual text you process.
- To maintain service reliability: identifying and fixing bugs that affect specific regions or user configurations, optimizing infrastructure capacity based on usage patterns.
3. What We Do Not Do
- Your data is never sold to third parties or shared with advertisers or external companies.
- General web browsing history or behavior outside of extension interactions is not monitored, logged, or stored.
- Your text content (the text you submit for rewriting) is never used to train, fine-tune, or improve AI models.
- Personally identifiable information such as name, email, phone number, or exact physical address is not collected.
- The anonymous identifier is never combined with any personally identifiable information to reveal your identity.
- The extension is completely free to use — no charges or subscriptions.
- Sensitive personal information such as health data, financial data, or authentication credentials is never intentionally collected or processed.
4. Chrome Extension Permissions & Why We Need Them
Each permission is essential for core text rewriting functionality and is not used for any other purpose.
| Permission | Purpose |
|---|---|
| scripting | Required to inject the rewriting interface into web pages so users can select and rewrite text directly on any website. Without this, the extension could only work in a popup, limiting usability. |
| background | Enables the service worker to run in the background, coordinating AI requests and maintaining connection to our servers. Essential for instant text processing without delays when users request rewrites. |
| storage | Stores user preferences (language settings, UI preferences) and cached results locally on the user's device. No data is sent to external servers through this permission. |
| idle | Detects when the user is inactive (idle/locked computer) to pause non-essential background operations, reducing CPU usage and saving battery. Also used to accurately count active users for server capacity planning (distinguish active users from inactive installations). |
| declarativeNetRequest | Manages network request headers for API authentication. Ensures secure communication with our AI processing servers without exposing authentication tokens to web pages. |
| tabs | Used for three legitimate purposes: 1. Access tab URLs and content to provide text rewriting and processing functionality 2. Identify which tab the user is currently working in when they request text rewriting (context awareness) 3. Detect when browser/tabs are closed to free server resources This permission allows us to read tab URLs and page content necessary for the extension's core text processing features. |
| offscreen | Creates an invisible document for processing complex operations (like advanced text parsing) without freezing the user's active tab. Improves performance and user experience. |
| webRequest | Required to send text to our AI servers for processing and receive rewritten results. This is the core functionality of the extension. All requests go only to our declared API endpoints. |
| webNavigation | Detects when pages finish loading to properly initialize extension features at the right time. Ensures the rewriting interface is ready when users need it and properly cleans up when users navigate away. Does NOT access page content — only receives navigation timing events (page loaded, page unloaded). |
| management | Allows the extension to uninstall itself if user decline the Privacy Policy during initial setup. This ensures user maintain full control over whether the extension remains installed and that user privacy choices are respected. |
Host Permissions
- *://*/* | <all_urls>:
These host permissions allow the extensions to work on any website where you choose to rewrite or analyze text.
5. Data Storage and Security
- Local data storage: Your preferences, cached results, and settings remain exclusively on your device in Chrome's secure storage. This data never leaves your computer unless you explicitly trigger an AI request.
- Request processing: When you click to rewrite text, your selected text is sent via encrypted HTTPS/TLS connection to our AI processing servers, processed in real-time, and the result is returned to you. The original text and AI response are never permanently stored on our servers - they exist only in memory during processing and are immediately discarded after delivery.
- Anonymous usage analytics: Anonymous installation ID, approximate geographic location (country/region), feature usage statistics (which buttons clicked, which features used), and heartbeat pings are transmitted to our analytics infrastructure. This data is: (a) completely separate from any text content you process — analytics and submitted text are never linked, (b) anonymized and aggregated within 24 hours for statistical analysis, (c) never sold or shared with third parties, (d) used exclusively to prevent abuse, optimize performance, and improve service reliability. Important: Your actual text content is never included in analytics data.
- IP address handling: Your IP address is visible to our servers during request processing (as with any web service) but is used only for: routing to nearest server, rate limiting protection, and abuse detection. IP addresses are never permanently linked to your requests or stored in long-term databases. We retain IP addresses in rotating security logs for a maximum of 30 days for abuse prevention purposes only.
- Anonymous identifier: The installation ID is a randomly generated UUID that contains zero personally identifiable information. It cannot be reverse-engineered to reveal your identity, browser fingerprint, or browsing history. We use it exclusively to enforce fair usage limits and detect automated bot attacks.
- Data encryption: All communication between the extension and our servers uses industry-standard TLS 1.3 encryption. API authentication tokens are stored encrypted in Chrome's secure storage and never exposed to web pages.
- Security measures: We implement rate limiting, DDoS protection, intrusion detection, regular security audits, and restricted access controls to protect our infrastructure and your data from unauthorized access or breaches.
6. Your Rights
- You can disable or uninstall the extension at any time to stop data collection and prevent future analytics transmission.
- You may request deletion of any stored analytics data associated with your anonymous identifier by contacting us at [support@neuralwriter.com]. Please note that we cannot identify you personally through the anonymous identifier alone.
- You may withdraw your consent by removing the extension, which will stop all data collection immediately.
7. Children’s Privacy
Our extensions are not intended for children under the age of 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at [support@neuralwriter.com] and we will delete it.
8. Changes to This Policy
We may update this Privacy Policy from time to time. The latest version will always be available with the extension in the Chrome Web Store.
9. Consent
By installing and using our Chrome Extensions, you acknowledge that you have read, understood, and agreed to this Privacy Policy. If you do not agree, please do not install or use our extensions.
10. Contact Us
If you have any questions or suggestions regarding this Privacy Policy, please contact us at [support@neuralwriter.com].