Email confirmed
Your email is confirmed. Return to the AID extension popup and sign in.
AID Privacy Policy
Effective date: March 13, 2026
AID ("we", "our", "the extension") is a browser extension for ChatGPT and Claude that builds a behavioral profile from supported AI chat interactions. The profile is used to personalize how those AI assistants respond to you.
This policy explains what data AID stores, where it is stored, how it is used, which third parties process it, and what security controls are currently in place.
Short version: We do not collect your general browsing history or data from sites other than ChatGPT and Claude. We do not store full chat transcripts in AID's main Supabase profile database. We do store behavioral observations, short evidence quotes, and some on-device conversation caches that help the extension analyze supported chats in real time.
1. Data We Collect and Store
| Data |
Why we use it |
Where it is stored |
| Email address and password |
Account creation and sign-in |
Supabase Auth |
| Device-session auth data (session handle, user ID, email, counters, auth timestamps) |
Keep you signed in without storing long-lived access tokens in extension storage |
Browser extension local storage |
| Device private signing key |
Sign challenge responses for device-session auth |
Browser IndexedDB on your device |
| Encrypted refresh token, public key, one-time challenges, lockout counters, hashed IP auth-abuse records |
Refresh auth securely and protect against abuse |
Supabase device-session tables |
| Recent chat snippets from supported chats (latest message and a rolling recent-turn window) |
Realtime behavioral analysis and same-chat continuity |
Stored locally in extension cache on your device and sent to our backend/model providers for processing |
| Local conversation state, injection state, context summary lines, session observations, and diagnostics |
Remember what has already been injected, avoid duplicate work, and keep realtime analysis stable |
Browser extension local storage |
| Behavioral observations, short evidence quotes, conversation IDs, platform/source labels, summaries, and timestamps |
Build and maintain your profile |
Supabase database |
| Consolidation queue/run metadata, errors, and status records |
Operate profile synthesis jobs and diagnose failures |
Supabase database |
| Extension telemetry (event type, platform, limited metadata, extension version, timestamp) |
Operational monitoring and debugging |
Supabase database |
2. How We Use Your Data
- Authentication: We use Supabase Auth plus a signed device-session flow so the extension can refresh auth without persisting long-lived access tokens in extension storage.
- Realtime extraction: We analyze supported ChatGPT and Claude turns to extract behavioral patterns such as communication style, planning preferences, and response-format preferences.
- Profile personalization: We use your stored profile observations and summaries to tailor future AI replies to your style.
- Profile consolidation: We periodically synthesize raw observations into higher-confidence profile entries and tag summaries.
- Operations and security: We keep limited telemetry and auth-abuse records to detect failures, protect the auth flow, and monitor the pilot safely.
3. Important Limits
- We do not collect browsing history, bookmarks, downloads, personal files, or data from sites other than ChatGPT and Claude.
- We do not run on arbitrary websites. The extension host permissions are limited to chatgpt.com, chat.openai.com, and claude.ai.
- We do not store full chat transcripts in AID's primary Supabase profile database.
- We do store short evidence quotes server-side and limited supported-chat snippets locally on your device for realtime analysis.
- We do not sell your personal data or use it for advertising.
4. Third-Party Services
| Service |
Purpose |
Data involved |
| Supabase |
Authentication, database, edge functions, device-session storage |
Email/password auth data, profile data, telemetry, and auth-security records |
| OpenRouter |
Model gateway for realtime extraction and profile consolidation |
Latest supported-chat message text, recent supported-chat snippets, behavioral observations, summaries, and consolidation inputs |
| DeepSeek (via OpenRouter) |
Model used for extraction and consolidation |
Message content and profile-context inputs sent through OpenRouter |
| Railway |
Hosted worker infrastructure for queued consolidation jobs |
Profile-consolidation processing performed by our worker deployment |
| Google Fonts |
Popup and dashboard typography |
Your IP address and standard browser request metadata when those extension pages load fonts |
| GitHub Pages |
Hosts this public policy page and the email-confirmation landing page |
Your IP address and standard browser request metadata when you visit this page |
5. On-Device Storage
The extension stores some data locally on your device in addition to server-side profile data:
- Auth storage: a device-session record in browser extension storage and a private signing key in IndexedDB. Access tokens are kept in memory only.
- Conversation state: injection history, message counters, and related metadata for supported ChatGPT/Claude conversations.
- Realtime session cache: recent verbatim turns, rolling same-chat summaries, session observations, and diagnostics for supported conversations.
Local extension data remains on your device until it is overwritten, removed by the extension, or cleared from browser extension storage. Signing out removes stored auth-session material but may not clear every non-auth conversation cache automatically.
6. Data Security
- All traffic between the extension, Supabase, and our service endpoints is sent over HTTPS/TLS.
- Supabase Row Level Security is used on user-facing profile tables so authenticated users can access only their own data.
- Device-session tables and telemetry ingestion are restricted to server-side/service-role paths.
- Refresh tokens are stored server-side in encrypted form. The extension stores a device handle and private signing key, not a long-lived refresh token.
- The auth flow uses signed challenge-response exchanges, per-IP rate limiting, and lockout controls.
- Telemetry event types are allowlisted and metadata is truncated.
7. Data Retention and Deletion
- Profile data is retained while your account is active unless you delete specific items or request full deletion.
- Superseded raw observations may be removed by backend maintenance after they age out of the active pool.
- Short-lived auth challenge rows are temporary; telemetry and auth-abuse records are retained as operational/security data for as long as needed.
- You can reset your profile from the AID dashboard, which clears stored profile observations and summaries.
- You can delete individual observations from the dashboard.
- To request full account deletion, contact us at the email below.
8. Browser Permissions
- storage: stores auth/session state, supported-conversation caches, and profile-related local state on your device.
- alarms: schedules deferred background retries for extension tasks such as consolidation retries.
- activeTab: allows the extension to interact with the active supported tab.
- Host access: limited to https://chatgpt.com/*, https://chat.openai.com/*, and https://claude.ai/*.
9. Children's Privacy
AID is not intended for children under 13, and we do not knowingly collect personal data from children under 13.
10. Changes to This Policy
We may update this policy from time to time. When we do, we will update the effective date on this page.
11. Contact
If you have questions about this privacy policy or want to request account deletion, contact:
gavin@aidpersonality.com