Privacy Policy

Last updated: June 23, 2025

Privacy Policy for Chirpy Chrome Extension

Last Updated: June 23, 2025

Welcome to Chirpy! This Privacy Policy explains how Chirpy ("we," "us," or "our") collects, uses, and discloses information when you use our Chrome extension ("Chirpy" or "Extension"). Your privacy is important to us, and we are committed to protecting it.

Please read this Privacy Policy carefully. By installing and using Chirpy, you agree to the collection, use, and disclosure of your information as described in this Privacy Policy.

1. Information We Collect and How We Use It

Chirpy is designed to enhance your web browsing safety by analyzing web pages and emails for potential threats and biases using third-party AI services. To provide these features, Chirpy interacts with certain types of information:

a. Google Account Information (via Chrome Identity API):

  • Information Accessed: When you choose to sign in to Chirpy using your Google account (via the chrome.identity API), we access your Google Account ID, email address, and name.
  • Purpose:
    • Authentication: To identify you as a Chirpy user.
    • Personalization & Synchronization: To save and sync your Chirpy settings (such as feature toggles), trusted websites list, and alert history across your browsers where you are signed into Chirpy. Your Google Account ID is used as a unique key for this data in chrome.storage.sync.
  • Note: We do not access or store your Google account password. Authentication is handled securely by Google through the Chrome Identity API.

b. Website Content and URLs (Web History):

  • Information Accessed:
    • The URL of the web pages you visit.
    • Text content extracted from the web pages you visit.
  • Purpose:
    • Analysis: To analyze the content for potential phishing threats, fake news, biased news, and dark patterns. This analysis is performed by sending the URL and page text to a third-party AI service (OpenAI - see Section 3).
    • Trusted Sites: To check if the current website is on your list of trusted sites, where Chirpy's analysis will be disabled.
    • Alert History: To record the URL where an alert was generated, allowing you to review it later.
  • Storage: URLs are stored as part of your alert history in chrome.storage.sync. Page text content is processed for analysis and is not permanently stored by the Extension after the analysis is complete.

c. Email Content (Personal Communications):

  • Information Accessed: When you are viewing an individual email within a supported webmail client (e.g., Gmail) and Chirpy is active, the text content of that email may be accessed.
  • Purpose:
    • Email Phishing Detection: To analyze the email content for potential phishing indicators. This analysis is performed by sending the email text to a third-party AI service (OpenAI - see Section 3).
  • Storage: Email text content is processed for analysis and is not permanently stored by the Extension after the analysis is complete.

d. User-Provided Chat Messages (Personal Communications):

  • Information Accessed: Text messages you type into the "Ask Chirpy" chat interface within an alert card.
  • Purpose:
    • Conversational AI: To provide you with contextual information and answer your questions about a detected alert or website content. These messages are sent to a third-party AI service (OpenAI - see Section 3) to generate a response.
  • Storage: Chat messages are maintained temporarily during an active chat session for context and are not permanently stored by the Extension in chrome.storage.

e. Chirpy Settings and Usage Data (Non-Personally Identifiable):

  • Information Accessed/Stored:
    • Your enabled/disabled features within Chirpy.
    • Your list of trusted websites.
    • Your alert history (type of alert, URL, timestamp, title).
  • Purpose: To provide and personalize Chirpy's functionality and allow you to manage your preferences.
  • Storage: This data is stored locally using chrome.storage.sync and is associated with your Google Account ID to sync across your devices.

2. How Information is Stored and Secured

  • Local Storage (chrome.storage.sync): User settings, trusted sites, and alert history are stored using Chrome's synchronized storage. This data is associated with your authenticated Google Account ID and synced by Google across your signed-in Chrome browsers. Google provides security for this synced data.
  • Temporary Processing: Website content, email content, and chat messages sent for AI analysis are processed in memory and are not permanently stored by the Chirpy Extension itself.
  • We implement reasonable administrative, technical, and physical security measures to protect your information from unauthorized access, use, alteration, and destruction. However, no security system is impenetrable, and we cannot guarantee the absolute security of your information.

3. Third-Party Services and Data Sharing

Chirpy utilizes third-party services to provide its core functionality:

OpenAI API:

  • Data Shared: To analyze web pages, emails, and respond to chat queries, Chirpy sends the relevant text content (from websites or emails), URLs (for context), and your chat messages to OpenAI's API.
  • Purpose: For AI-powered detection of phishing, fake news, biased news, dark patterns, and to generate chat responses.
  • OpenAI's Privacy Policy: Your interaction with OpenAI through Chirpy is also subject to OpenAI's policies. We encourage you to review OpenAI's Privacy Policy and Terms of Use. Chirpy is not responsible for the privacy practices of OpenAI. The data sent to OpenAI is processed according to their terms. We do not send your Google Account PII (email, name, ID) directly to OpenAI as part of the content analysis requests.

Google (Chrome Identity API):

  • Data Shared/Accessed: As described in Section 1a, for authentication. This is governed by Google's Privacy Policy.

We do not sell, trade, or otherwise transfer your personally identifiable information to other outside parties except as described in this policy (e.g., for the functioning of the OpenAI API).

4. User Controls and Choices

  • Signing In/Out: You can sign in or out of Chirpy at any time through the Extension's popup. Signing out will prevent the synchronization of settings, trusted sites, and alert history.
  • Enabling/Disabling Chirpy: You can enable or disable Chirpy's analysis features globally through the settings in the Extension's popup.
  • Feature Toggles: You can enable or disable specific analysis features (e.g., phishing detection, fake news detection) individually.
  • Trusted Sites: You can add or remove websites from your trusted list. Chirpy will not perform analysis or show alerts on trusted sites.
  • Clearing Storage: You can clear Chirpy's stored data (settings, trusted sites, alert history) by uninstalling the Extension or by clearing your browser's synchronized data for extensions (though this is a more general browser setting).
  • Permissions: Chirpy requests only the necessary permissions to function. You can review these permissions in your Chrome browser's extension settings.

5. Children's Privacy

Chirpy is not intended for use by children under the age of 13 (or the relevant age of consent in your jurisdiction). We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will take steps to delete such information.

6. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy and updating the "Last Updated" date at the top of this policy. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page. Your continued use of the Extension after any modification to this Privacy Policy will constitute your acceptance of such modification.

7. Data Retention

Data stored in chrome.storage.sync (settings, trusted sites, alert history) is retained as long as you use the Extension and are signed in, or until you clear it or uninstall the Extension. Data sent to OpenAI is subject to OpenAI's data retention policies.

8. International Data Transfers

Information processed by Chirpy, including data sent to OpenAI, may be transferred to, and maintained on, computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction.

9. Contact Us

If you have any questions about this Privacy Policy, please contact us at: anambhatia22@gmail.com