Privacy Policy

1. Information We Collect

A. Account Information

When you create an account or sign in using Google OAuth, we may collect:

• Your name
• Your email address
• Basic profile information provided by Google

If you voluntarily subscribe to product updates, we collect your email address for communication purposes.

B. Payment Information

Payments for QuillMonkey are processed by Stripe. We do not store or have access to your full credit card information. Stripe processes payment information in accordance with its own privacy policy.

C. Webpage Content

When activated by you, the extension may access and process webpage content in order to provide AI-powered functionality. This includes:

• Reading the HTML content of the active page when you ask the AI to analyze it
• Executing JavaScript expressions on the page to inspect its structure, when invoked by you through the AI assistant
• Capturing a screenshot of the visible tab for visual analysis, only with your explicit permission
• Detecting page metadata (URL, title, and structural element counts) when the side panel is open, to provide context to the AI

Webpage content:

• May be transmitted to QuillMonkey servers and forwarded to third-party AI providers (via OpenRouter) for processing
• Screenshots may be sent to AI providers for visual analysis and are not stored on our servers
• Is cached temporarily on our servers for operational purposes
• Is not retained for more than 24 hours
• Is not sold or used for advertising purposes

D. Technical and Usage Data

We collect certain technical data necessary to operate and secure the service, including:

• IP address
• Request timestamps
• API endpoints used
• Model usage
• Token counts
• Duration and cost metrics
• Error logs

This information is used for:

• Security and abuse prevention
• Rate limiting
• Service reliability
• Operational monitoring

IP addresses and usage logs are retained for up to 6 months and are not sold or used for advertising.

E. Voice Input

When you activate voice input, microphone audio is recorded locally and transmitted to OpenAI's Whisper API for transcription. Audio data is not stored on our servers; only the resulting text transcription is returned to the extension and included in your conversation.

F. Anonymous Device Identifier

On first launch, the extension generates a random unique identifier (UUID) stored locally on your device. This identifier is sent with requests to associate usage with your session, even if you have not signed in. It is not shared with third parties and is used solely for usage tracking and rate limiting.

G. Google Drive Sync (Optional)

If you choose to enable Google Drive sync, your user-created scripts are synced to Google Drive's app-isolated storage. Only scripts are synced; conversation history is never uploaded to Drive. This feature uses the drive.appdata scope, which stores data in a private folder that cannot access or read your other Google Drive files.

H. Local Data Storage

Conversation history, user-created scripts, and extension settings are stored locally in your browser using IndexedDB and Chrome storage APIs. This data remains on your device and is not transmitted to our servers unless you explicitly interact with the AI assistant or enable Google Drive sync. Uninstalling the extension removes all locally stored data.

2. How We Use Information

We use collected information to:

• Provide AI-powered functionality
• Authenticate users
• Process payments
• Improve service performance and reliability
• Prevent abuse and unauthorized access
• Communicate product updates (if you opt in)

We do not sell personal information.

3. Data Retention

We retain data for the following periods:

• Webpage content and screenshots: Not stored; cached for no more than 24 hours
• Audio recordings: Not stored; only transcription text is returned
• Usage logs and IP addresses: Up to 6 months
• Account information: Until you request deletion or close your account
• Local data (conversations, scripts, settings): Stored on your device until you clear it or uninstall the extension
• Payment records: As required for accounting and legal obligations

4. Data Sharing and Third Parties

We may share information with the following service providers:

• Google — Authentication via OAuth; optional Google Drive sync for user scripts
• Stripe — Payment processing
• OpenRouter — AI model routing and processing (receives conversation content, page content, and screenshots)
• OpenAI — Audio transcription via Whisper API (receives voice recordings)
• Resend — Email delivery service (receives email address and first name for welcome emails)
• Railway — Backend infrastructure hosting
• Vercel — Website hosting

These providers process data in accordance with their own privacy policies. We do not sell, rent, or transfer personal data to data brokers, advertisers, or information resellers.

5. User Rights

You may request:

• Access to your account information
• Correction of inaccurate data
• Deletion of your account and associated personal data

To make a request, contact: sean@quillmonkey.com

6. Security

We implement reasonable technical and organizational safeguards designed to protect information against unauthorized access, disclosure, or misuse. However, no system can be guaranteed to be completely secure.

All data transmitted between the extension and our servers, and between our servers and third-party providers, is encrypted using HTTPS. No data is transmitted over unencrypted connections.

7. Children's Privacy

QuillMonkey is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13.

8. Chrome Extension Permissions

The QuillMonkey Chrome extension requests the following permissions:

• identity — Google OAuth sign-in. Users can choose to sign in through Google.
• storage — Persist user conversations and scripts locally, so that users fully control their data.
• sidePanel — QuillMonkey operates via a browser side panel.
• scripting — Programmatically injecting scripts into pages. QuillMonkey is a userscript manager.
• userScripts — Running user-created scripts in an isolated environment on web pages. QuillMonkey is a userscript manager.
• activeTab — Temporary access to the focused tab when the user explicitly invokes the extension.
• contextMenus — A right-click menu option that allows users to select specific page elements for more detailed identification.
• offscreen — Creating an offscreen document for microphone recording when the user clicks the voice input button.
• webNavigation — Detecting when the user navigates to a new page while the side panel is open, so that generated userscripts are relevant to the active page.
• host_permissions (all URLs) — Required so the extension can analyze page content when you ask the AI to examine a page, and inject user-created scripts on any website you configure them for.
• web_accessible_resources — A permission request page used to obtain microphone access when you activate voice input.

A content script runs on all pages but only listens for messages from the extension (for features like the element picker and microphone input). It does not read, collect, or transmit page content on its own.

9. Google API Limited Use Disclosure

QuillMonkey's use of information received from Google APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be posted on this page with a revised effective date.

Continued use of the service after changes constitutes acceptance of the updated policy.

If you have any questions about this Privacy Policy, please contact:

Sean Hollen
sean@quillmonkey.com
https://www.quillmonkey.com/