Privacy Policy — DecodAI
Effective date: June 19, 2026
DecodAI is a browser extension that lets you highlight text on any webpage and send it to an AI provider for explanations, summaries, and rewrites. This policy describes what data the extension handles and how.
How the Extension Works
DecodAI is completely inactive until you explicitly invoke it — by right-clicking selected text and choosing a template, or by pressing a keyboard shortcut. The extension registers a content script on all pages solely to display the response overlay when you request it. It does not read, scan, collect, or transmit any page content unless you select text and choose to send it to an AI provider.
The extension does not load or execute any remote code. All functionality is bundled within the extension package.
Data the Extension Collects
Data you provide
- API keys — You enter your own API keys for your chosen AI provider. Keys are encrypted locally using AES-256-GCM with PBKDF2 key derivation (600,000 iterations, SHA-256) and stored in your browser's local storage. They are never sent to any server other than the AI provider you select.
- Vault password — Used to encrypt and decrypt your API keys. It is held only in browser session memory (
chrome.storage.session) and is never transmitted or persisted to disk.
Data processed during use
- Selected text — When you highlight text and invoke a template, the highlighted text is sent to the AI provider you have selected to generate a response. The text is not sent anywhere else and is not stored remotely by the extension.
- Conversation messages — Follow-up messages you type in the overlay are sent to the same AI provider as part of the ongoing conversation context. These are held in memory only for the duration of the browser tab and are not persisted.
Data stored locally
- Response history — The last 10 AI responses (with up to 200 characters of the original selected text) are saved in your browser's local storage. You can clear this at any time from the popup.
- Token usage — Cumulative counts of input and output tokens per provider are stored locally. You can reset these at any time.
- Settings — Your selected provider, model, tone preference, and custom prompt templates are stored locally.
Data the Extension Does NOT Collect
- Browsing history or visited URLs
- Page content (unless you explicitly select and send it)
- Cookies or session data from websites
- Personal information (name, email, location)
- Analytics, telemetry, or usage tracking of any kind
- Crash reports or error logs
The extension does not use cookies, does not set or read any cookies, and does not use any tracking technologies.
Third-Party Services
The extension communicates only with the AI provider you explicitly select and configure. Supported providers and their privacy policies:
Your selected text and conversation messages are sent to the chosen provider's API under their respective privacy policies and terms of service. DecodAI does not operate any servers and does not receive, store, or process your data remotely. No data is shared with any other third party.
International Data Transfer
When you send selected text to an AI provider, that data may be processed on servers located outside your country of residence, including in the United States. By using the extension and configuring an AI provider, you consent to this transfer. Each provider's handling of your data is governed by their own privacy policy linked above.
Legal Basis for Processing (GDPR)
If you are in the European Economic Area (EEA), the legal basis for processing your data is:
- Consent — You explicitly choose to select text, invoke a template, and send your data to a provider. No data is processed without your direct action.
- Legitimate interest — Local storage of settings, history, and encrypted keys is necessary to provide the functionality you requested.
Your Rights
Because all data is stored locally in your browser and the extension operates no servers, you have full and immediate control over your data:
- Access — All stored data is visible in the extension popup (history, usage, settings).
- Deletion — Clear history, reset usage, and reset the vault from the popup at any time. Uninstalling the extension removes all data.
- Portability — Your settings and templates are stored in
chrome.storage.local and can be exported via Chrome's developer tools.
- Restriction — You can stop all data processing by simply not invoking the extension. No background processing occurs.
If you are a California resident, you have the right under the CCPA to know what personal information is collected and to request its deletion. As described above, DecodAI collects no personal information and all data is stored locally under your control.
Data Retention
All data is stored locally in your browser and retained only as long as the extension is installed. You can delete it at any time by:
- Clearing history and usage from the popup
- Resetting the vault (removes all stored API keys)
- Uninstalling the extension (removes all local data)
Children's Privacy
DecodAI is not directed at children under 13 and does not knowingly collect data from children.
Extension Permissions Explained
- contextMenus — Adds the right-click menu items that appear when text is selected.
- activeTab — Allows reading the text you have selected on the current tab, only when you invoke the extension.
- storage — Stores your encrypted API keys, settings, templates, and history locally in your browser.
- scripting — Injects the response overlay into the current page when you invoke a template.
- Content scripts on all URLs — Required to display the response overlay and listen for your invocations on any webpage. The content script does not read or collect any page content on its own.
Changes to This Policy
If this policy is updated, the new version will be published with an updated effective date. Continued use of the extension after changes constitutes acceptance of the revised policy.
Contact
If you have questions about this privacy policy or your data, contact us at:
unikdevelopment@gmail.com