Privacy Policy

Effective date: June 11, 2026

BrowseBot ("the Extension") is an AI-powered userscript manager for Chrome. This policy explains what user data the Extension accesses, collects, processes, stores, and shares.

1. Data Collection

BrowseBot does not collect, transmit, sell, or store user data on servers operated by us. The Extension does not use analytics, advertising, tracking pixels, or behavioral profiling.

The Extension may access or process the following user data only to provide features you request:

• Account and configuration data: LLM API endpoint, model name, LLM API key, email notification settings, email recipient address, and email provider API key.
• User-generated content: chat messages, prompts, generated scripts, imported skills, workflows, scheduled tasks, page skills, and script execution logs.
• Website content: current page URL and title, DOM/accessibility snapshots, selected elements, screenshots, form fields visible in the page, pasted images, uploaded files selected by the user, and network request/response summaries or details captured while using AI, automation, network, or observer features.
• Authentication-related data: cookies, CSRF tokens, authorization headers, API keys, and similar credentials may be read from the browser or captured from network traffic when needed for a user-requested automation, background fetch, imported skill, or observer workflow. Cookie values are used only to perform the requested action or to maintain the user's existing login session.
• Browser activity needed for automation: tab IDs, tab URLs, click/type/scroll/navigation actions, task status, timestamps, and before/after screenshots for scheduled tasks.

2. LLM API Communication

When you use the AI chat feature, your messages, selected attachments, tool results, screenshots, and relevant page context (such as DOM snapshots and network request summaries or details) may be sent to the LLM API endpoint you configure in Settings. Your LLM API key is sent only to that configured endpoint as required for authentication.

The Extension does not add tracking identifiers to LLM requests. The privacy practices of the LLM provider you choose (for example OpenAI, Anthropic, Azure OpenAI, an OpenAI-compatible proxy, or a self-hosted endpoint) are governed by that provider's own privacy policy.

3. Page Access

The Extension requests access to all URLs (<all_urls>) because:

• User-created scripts may need to run on any website the user specifies.
• The AI assistant needs to read page content (DOM) to generate relevant scripts.
• Network monitoring (via fetch/XHR interception) helps the AI understand page behavior for script authoring.

Page data is processed locally unless you request an AI action, run a skill/tool that sends data to a configured endpoint, send an email notification, or create a script/workflow that intentionally sends data to another destination.

4. Data Storage

The Extension stores data locally in your browser using chrome.storage.local, IndexedDB, or in-memory storage. Local data can include settings, API configuration, chat history, conversations, scripts, skills, workflows, scheduled tasks, observations, network records, and temporary user-selected files.

Uploaded files used by automation tools are kept in memory while the Extension is running. Chat attachments, pasted screenshots, and conversation history may be stored locally with the conversation. Observation and network records are stored locally so the user can review or reuse them.

You can remove locally stored data by deleting conversations, scripts, skills, workflows, scheduled tasks, observations, clearing extension data in Chrome, or uninstalling the Extension.

5. Data Sharing

BrowseBot does not sell user data and does not share user data with advertisers, analytics providers, or data brokers. User data may be shared only with the following parties when needed for user-requested features:

• User-configured LLM providers: chat messages, page context, screenshots, attachments, network details, and tool results may be sent to the configured LLM endpoint.
• User-configured email providers: scheduled task notifications may be sent through Resend, SendGrid, or a custom endpoint. Email payloads may include recipient email address, task name, task URL, task result details, and optional before/after screenshots.
• Websites or APIs chosen by the user: user-created scripts, skills, background fetches, page-context fetches, uploads, downloads, and network rules may send requests to sites selected by the user. These requests may include page data, uploaded files, headers, or cookies when required by the requested automation.
• Chrome/browser APIs: data is processed by Chrome locally to provide extension features such as storage, tabs, screenshots, cookies, downloads, alarms, scripting, and declarative network rules.

6. Data Use

User data is used only to provide and improve the Extension's user-facing functionality: generating and running userscripts, answering user prompts, automating browser actions, capturing observations, debugging workflows, saving user preferences, sending optional notifications, and maintaining authentication for user-requested actions. We do not use user data for advertising, creditworthiness, resale, or unrelated profiling.

7. Permissions Justification

• scripting: Inject and execute user-created scripts on matching pages.
• storage: Persist scripts, settings, and chat history locally.
• activeTab / tabs: Identify the current page for script injection and AI context.
• webNavigation: Trigger script injection at the correct page lifecycle moment.
• downloads: Allow AI-generated scripts to export data as files.
• alarms: Schedule recurring script execution.
• sidePanel: Display the AI chat interface.
• declarativeNetRequest: Apply user-defined network rules (block/redirect/modify headers).
• cookies: Read cookies for a target domain when the user triggers an HTTP request via the background fetch tool or a custom tool. Cookies are attached to the outgoing request header to maintain the user's existing authentication session. They are never stored, logged, or transmitted to any third party. Access is gated by a per-tool configuration flag and restricted to the tool's specified target origin.
• offscreen: Create an offscreen document that bridges the service worker and a sandboxed iframe. MV3 service workers cannot host iframes or use eval. The offscreen document relays execution requests between the service worker and the sandbox page where user-authored custom tool code runs safely. No user data is persisted in the offscreen document.

8. Third-Party Services

The Extension does not integrate with analytics, advertising, or tracking services. External communication can occur only when required by features configured or initiated by the user, including LLM API endpoints, email providers, websites/APIs contacted by user-created scripts or skills, file upload/download targets selected by the user, and pages opened or automated by the user.

9. Data Security

API keys, settings, scripts, conversations, and observations are stored locally in the browser. API keys are transmitted only to the provider endpoints configured by the user for authentication. Cookie values and other credentials are not sold or sent to our servers. User-authored scripts and imported skills can access data according to the permissions the user grants, so users should import or run only scripts and skills they trust.

10. Data Retention

Local data remains in the browser until the user deletes it, clears Chrome extension data, or uninstalls the Extension. Temporary in-memory files are cleared when removed by the user or when the Extension process is restarted. Data sent to configured third-party providers is retained according to those providers' own policies.

11. Children's Privacy

The Extension is not directed at children under 13 and does not knowingly collect information from children.

12. Changes to This Policy

We may update this policy from time to time. Changes will be posted on this page with an updated effective date.

13. Contact

If you have questions about this privacy policy, please open an issue on our GitHub repository or contact us at: hyy4592@qq.com