Privacy Policy

1. Introduction

Welcome to the Sybil AI ("the Extension"), provided by [Spyros Galanis] ("we," "us," or "our"). We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Extension.

By installing and using the Extension, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this privacy policy, please do not use the Extension.

2. Information We Collect

We collect information that is essential for the Extension to function. This data is collected only when you actively use the Extension's features.

2.1. Information You Provide Directly

• API Keys: If you choose to use third-party Large Language Models (LLMs) like OpenAI, Anthropic (Claude), Google (Gemini), or Groq, you must provide your personal API key for that service. We handle these keys securely as described in the "Data Security" section.
• Custom Personas: Any custom "personas" you create and save are stored locally on your device.

2.2. Information for Service Functionality

• User Account Information: To manage free and premium tiers, we use the chrome.identity API to retrieve your non-personally identifiable Google User ID. This ID is a unique string of numbers associated with your Google account and is used solely to check your subscription status with our backend server and to provide access to the customer billing portal (managed by Stripe). We do not retrieve your name, email address, or profile picture from this API.

2.3. Information Collected During an Active Session

When you start a Browse session with the AI agent, we collect data about that specific session to provide the service and generate your final report. This data includes:

• Browse Activity: A log of actions the AI agent takes on your behalf, including URLs visited, search terms used, links clicked, and timestamps of these events.
• Page Content Data: To make decisions, the AI agent needs to process the content of the web pages it visits. This includes the page title, URL, and snippets of text or link information from the page. This data is sent to the selected LLM provider via our secure backend.
• Session Cookies: Cookies set by websites during an active AI session are collected and included in your final, user-facing report. This helps you understand the digital footprint of the Browse session.
• LLM Interactions: The prompts sent to the LLM (which include page content and instructions) and the JSON-formatted actions returned by the LLM are logged as part of the session data.

2.4. Information We DO NOT Collect

To be perfectly clear, we prioritize your privacy. We DO NOT:

• Collect or monitor any of your Browse history or activity that occurs outside of an active AI Persona Browse session. The Extension is completely inactive until you explicitly start a session.
• Collect sensitive information like passwords, credit card numbers (except when you are on the Stripe billing portal), or personal data from forms on web pages.

3. How We Use Your Information

We use the information we collect in the following ways:

• To Provide and Maintain the Service: To run the AI Browse sessions, execute commands, and generate session reports.
• To Manage Your Account: To verify your user status (Free vs. Premium) and provide access to the customer billing portal.
• To Process LLM Requests: To securely send your prompts and page data to the LLM provider you have selected and return the response to the agent. Our backend server acts as a proxy to protect your API key.
• To Personalize Your Experience: To use the persona you have selected or created to guide the AI agent's behavior.

4. Data Sharing and Disclosure

We do not sell your personal information. We may share information with third parties under the following circumstances:

4.1. With Third-Party LLM Providers

When you run a session, the page content data and prompts are sent to the LLM provider you have configured (e.g., OpenAI, Google, Anthropic). This is necessary to get the AI-generated commands. We recommend you review the privacy policy of the LLM provider you choose to use.

4.2. With Our Service Providers

• Backend Hosting (Render): Our backend services are hosted on Render. Information like your Google User ID and its associated subscription status is stored here.
• Payment Processing (Stripe): We use Stripe for payment processing and subscription management. When you manage your subscription, you are interacting directly with Stripe's secure portal. We do not handle or store your credit card information.

4.3. For Local Network Communication (Ollama)

If you select "Ollama" as your LLM provider, the Extension will make direct requests to your local network (e.g., http://127.0.0.1:11434). This data is not sent over the internet by our Extension and remains on your local machine and network.

4.4. For Legal Compliance

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).

5. Data Storage and Security

5.1. Local Storage

Most of your data is stored locally on your computer using the browser's built-in storage capabilities (`chrome.storage.local`). This includes:

• Your API Keys.
• Your saved custom personas.
• Your session history and final reports (`lastSessionData`).
• Extension settings.

This data is not sent to our servers unless required for a specific action you initiate (e.g., using an API key for an LLM call).

5.2. Server Storage

Our backend server stores the minimal information necessary for account management: your Google User ID and the corresponding Stripe subscription status.

5.3. Security Measures

We take the security of your data seriously. We use administrative, technical, and physical security measures to help protect your information. Your API keys are sent via HTTPS to our secure backend, which then proxies the request to the LLM provider, preventing your key from being exposed in client-side network traffic. While we have taken reasonable steps to secure the information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable.

6. Your Data Rights and Choices

• Access and Deletion: You can access and delete most of your data directly. You can clear API keys and custom personas within the Extension's settings. Uninstalling the Extension will remove all locally stored data.
• Download Your Data: The "Download Report" feature allows you to download a complete log of any session's activity.
• Managing Your Subscription: You can manage or cancel your premium subscription at any time through the customer portal.

7. Children's Privacy

Our service is not intended for use by children under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personally identifiable information from children. If we become aware that we have collected personal data from a child without verification of parental consent, we will take steps to remove that information.

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.

9. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

Spyros Galanis

Email: lyric_39_ampere@icloud.com

For more information, please also review our Terms of Service.