Privacy Policy
How Auto Browser handles your information, what it doesn't collect, and what happens when you choose to send data to a cloud AI provider.
Effective date: April 20, 2026.
This Privacy Policy (“Policy”) describes how Auto Browser (“we,” “us,” or “our”) handles information in connection with the Auto Browser Chrome extension (the “Extension”), the website located at autobrowser.dev (the “Website”), and any related features, documentation, and updates (collectively, the “Service”). This Policy is incorporated into, and forms part of, our Terms of Use, and should be read together with them. Capitalized terms used but not defined here have the meanings given to them in the Terms of Use.
By installing the Extension or using the Website, you acknowledge that you have read, understood, and agreed to this Policy and to the Terms of Use — including the disclaimers, limitations of liability, and indemnification provisions set out in Sections 12, 13, and 14 of the Terms of Use. If you do not agree, you must not install the Extension or use the Website.
1. Overview
The short version, before the details:
- We operate no backend service for the Extension. We do not receive, store, log, analyze, monitor, or otherwise process your prompts, your browsing activity, your conversation history, your API keys, or any other personal data on infrastructure we control.
- The only outbound traffic from the Extension goes to the AI provider you select, and only when you have selected a cloud provider. The handling of data by that provider is governed by that provider’s own privacy policy and is not controlled by us.
- If you select Chrome Built-in AI (Gemini Nano) or a local LLM endpoint, no data leaves your device through the Extension.
- Everything else — API keys, conversation history, settings — is stored locally in your browser’s extension storage. It never syncs to us. Uninstalling the Extension deletes it all.
This overview is provided for convenience. The detailed sections below are authoritative.
2. Scope
This Policy covers:
- The Auto Browser Chrome extension.
- The Auto Browser marketing website at autobrowser.dev.
This Policy does not cover, and we accept no responsibility for:
- The AI providers you configure the Extension to use (Google Gemini, OpenRouter, or any OpenAI-compatible endpoint you operate). Each of these is an independent third party with its own privacy policy and its own data-handling practices.
- Any third-party website, service, account, or system that the Agent interacts with on your behalf. Those sites have their own privacy practices and we have no visibility into, or control over, them.
- The WebMCP open specification, which is maintained by the Web Machine Learning community group at github.com/webmachinelearning/webmcp.
- The security, integrity, or configuration of your device, your browser, your network, or any account or credential you connect to the Service. These remain your responsibility at all times.
3. Information the Extension accesses on your device
To perform the tasks you direct it to perform, the Extension accesses the following on your device. None of this information is transmitted to us.
- Page content. Text, structure (accessibility tree), screenshots, and network activity of the tab the Agent is working on, while the Agent is working.
- Your prompts and attachments. What you type in the chat interface, together with any images, audio, or files you choose to attach.
- Your settings. The AI provider you have selected, your safety policy, your domain allowlists and blocklists, and related preferences.
- Your API keys. If you have chosen to configure a cloud AI provider, the API key you entered is stored locally by the Extension so it can authenticate your requests to that provider.
- Your conversation history. The turns you and the Agent have taken, retained locally so that the session can continue across browser sessions until you clear it.
All of the information listed above resides locally in your browser’s per-extension storage. We never receive, access, or process it.
Secret fields are redacted before they ever reach the Agent. Passwords, authentication tokens, one-time codes, and other credential-type inputs are redacted at the source. The Agent can detect that such a field is present and has a value, but it does not see the value itself.
4. Information we collect on our servers
None. We do not operate a backend service that receives, stores, or processes your prompts, your page content, your conversation history, your API keys, your attachments, your settings, or any other personal data.
The Website at autobrowser.dev is a static site. We do not use analytics, tracking pixels, advertising identifiers, session recording, or third-party behavioral tracking. Any cookies (if present) are strictly functional cookies required by our hosting provider to serve the site.
5. What happens when you use a cloud AI provider
The Extension is designed so that the only network traffic it originates flows directly from your browser to the AI provider you have selected. This happens at your direction and on your behalf, using credentials you have configured. We do not act as an intermediary, we do not see the traffic, and we do not receive any copy of it.
By selecting a cloud AI provider, you authorize and instruct the Extension to transmit your prompts and the relevant page context to that provider for the sole purpose of completing the task you have requested. You acknowledge and accept that:
- The provider may log, retain, analyze, or otherwise process the data it receives according to its terms of service and privacy policy.
- The provider’s data-handling practices, availability, and security posture are solely its responsibility. We make no representation or warranty of any kind regarding them.
- Any risk arising from that provider’s handling of your data — including loss, breach, misuse, retention, or repurposing — is a risk you assume as a condition of selecting a cloud provider, and is governed by your relationship with the provider rather than by your relationship with us.
The following table summarizes the data flow for each supported provider:
| Provider | Data flow | Governed by |
|---|---|---|
| Chrome Built-in AI (Gemini Nano) | Runs entirely on-device. No data leaves your browser. | Google’s Chrome terms and privacy policy |
| Google Gemini (API) | Prompt and page context sent directly from your browser to Google with your API key. | Google’s Gemini API terms and privacy policy |
| OpenRouter | Prompt and page context sent directly from your browser to OpenRouter, which routes to the model you selected. | OpenRouter’s terms and privacy policy, plus the underlying model provider’s terms |
| Local LLM | Prompt and page context sent directly to the endpoint you configured (e.g., http://localhost:11434). | The terms of whatever endpoint you have set up |
The Extension does not route any of this traffic through any infrastructure operated by us. The recipients listed above are independent parties. Any question, dispute, deletion request, or data-rights request concerning data you sent to a provider must be directed to that provider.
6. How we use your information
Because we do not receive your information, we do not use it for anything. Without limiting the foregoing, we do not:
- Train, fine-tune, benchmark, or otherwise develop any model using your data.
- Sell, rent, trade, share, or disclose your data to advertisers, data brokers, or any third party.
- Build behavioral, advertising, demographic, or inferred profiles about you.
- Monitor, analyze, or derive any commercial value from your prompts, your conversation history, your attachments, or your browsing activity.
These practices reflect the design of the Service. They are not a discretionary commitment that can quietly change: changing them would require changing the architecture of the Extension, and any such change would be reflected in an updated version of this Policy.
7. Retention
- Locally on your device. Data stored locally by the Extension remains for as long as you keep the Extension installed. You may clear conversation history, specific settings, or all locally stored data from the Extension’s settings at any time. Uninstalling the Extension (
chrome://extensions→ Auto Browser → Remove) removes every byte of locally stored data associated with the Extension. - On AI provider systems. Retention of data transmitted to a cloud AI provider is governed exclusively by that provider’s retention policies. We have no visibility into, control over, or responsibility for those practices.
You are responsible for maintaining your own backups if you wish to preserve locally stored data. The Service does not back up, export, version, or otherwise replicate your data.
8. Security
The Service is designed to minimize attack surface by avoiding the creation of server-side repositories of your data. Because we do not collect data centrally, there is no central repository of your data for us to safeguard, and no such repository for us to breach.
Locally stored data relies on the security controls provided by Chrome’s per-extension storage model, your device, your operating system, and your network. These controls are outside our control. Nothing in this Policy constitutes a warranty, representation, or guarantee that the Service, the data it processes locally, or the data you transmit to a cloud AI provider is secure against every possible attack, vulnerability, or human error. To the fullest extent permitted by applicable law, we disclaim any such warranty, and any loss or damage arising from a security incident — whether on your device, at a provider, or elsewhere — is governed by the disclaimers and limitations of liability set out in the Terms of Use.
If you discover a potential security issue in the Extension or the Website, please report it responsibly to hei@autobrowser.dev.
9. Children’s privacy
The Service is not directed at, and is not intended for use by, children under 13 years of age (or the equivalent minimum age of digital consent in your country, if higher). We do not knowingly collect information from children. Because the Extension stores data only on the user’s own device, the most effective step a parent or guardian can take is to uninstall the Extension.
10. International users and transfers
The Extension runs locally inside the copy of Chrome installed on your device, wherever that device is located. Data that stays local stays local. Data you direct to a cloud AI provider is transferred to wherever that provider processes data, which may be outside your country. We are not the data controller or processor for those transfers; the provider is. You acknowledge that, by selecting a cloud AI provider, you consent to any cross-border transfer that provider performs in the course of delivering its service.
10.1 Residents of the European Economic Area, the United Kingdom, or Switzerland (GDPR/UK GDPR)
Because we do not collect or process personal data on servers we control, we do not act as a data controller or processor with respect to data handled by the Extension. Rights of access, rectification, erasure, portability, and restriction are, to the extent they would otherwise apply, satisfied by the architecture of the Service: your data is already in your possession, on your device, and can be cleared or deleted by you at any time.
When you select a cloud AI provider, that provider acts as controller or processor (as applicable) with respect to the data you transmit to it. You should exercise any applicable data-subject rights directly with that provider.
Where applicable, the legal basis for any local data handling by the Extension is your consent, given by installing and configuring the Extension. You may withdraw consent at any time by uninstalling the Extension.
If you believe we have mishandled data we do not receive, you may lodge a complaint with your local supervisory authority.
10.2 Residents of California (CCPA/CPRA)
We do not “sell” or “share” personal information as those terms are defined by the California Consumer Privacy Act as amended by the California Privacy Rights Act. We do not collect personal information about you on any server we control. The statutory rights to know, delete, and correct apply to data that a business holds; because we hold none, we have nothing responsive to provide. Uninstalling the Extension clears all locally stored data.
10.3 Residents of Singapore (PDPA)
Consistent with the Personal Data Protection Act, we do not collect personal data through the Service on any infrastructure we control. The Service processes personal data locally on your device under your direction, and — if you select a cloud provider — transmits it to that provider at your instruction.
11. Your choices and controls
- Select a provider that matches your comfort level. On-device Gemini Nano or a self-hosted local LLM means no data leaves your machine via the Extension.
- Clear your data. You can clear conversation history, individual settings, or all locally stored data from within the Extension. Uninstalling removes everything.
- Manage approvals. Domains you have allow-listed can be revoked at any time in Settings.
- Rotate API keys. If you change your mind about a cloud provider, delete the key from Settings. Since we had no copy, deleting it from the Extension is the end of the matter on our side.
These controls are provided for your convenience. Your exercise (or non-exercise) of them does not alter the disclaimers and limitations of liability set out in the Terms of Use.
12. Changes to this Policy
We may update this Policy from time to time to reflect changes to the Service, to applicable law, or to our practices. When we make a material change, we will update the “Effective date” above and, where practical, post notice of the change on the Website. Your continued use of the Service after an updated Policy takes effect constitutes your acceptance of the updated Policy. If you do not agree with any update, your sole and exclusive remedy is to stop using the Service and uninstall the Extension.
13. Relationship with the Terms of Use
This Policy forms part of the Terms of Use and is subject to them in full, including the provisions regarding AI outputs, third-party AI providers, third-party websites, your responsibilities, disclaimers, limitations of liability, indemnification, governing law, and the time limit for bringing claims. In the event of any conflict between this Policy and the Terms of Use, the Terms of Use govern.
14. Contact
If you have questions about this Policy or about our handling of any data within the scope of this Policy, please contact us at hei@autobrowser.dev.
This Policy describes the Service as of the Effective date. If a future version of the Service changes how data is handled, the change will ship with an updated Effective date and, where practical, notice on the Website. Your continued use of the Service following such updates constitutes acceptance of them.