Privacy Policy

Effective Date: January 3, 2026

OpenInsight ("we," "our," or "the Extension") is committed to **Epistemic Minimalism**. We believe that clarity and truth should not come at the cost of your privacy. This policy explains how we handle data and why your security is our priority.

      The Core Principle: OpenInsight is a "Zero-Knowledge"
      architecture. We do not own servers that store your personal data, your
      browsing history, or your API keys.
    

1. Data Collection & Usage

OpenInsight only processes data when you explicitly interact with it (i.e., when you highlight text and click an action).

Selected Text: When you highlight a sentence (10–2000 characters) and request an "Explanation" or "Fact-Check," that specific snippet is sent to OpenRouter via their API.
API Keys: We do not collect or see your OpenRouter API key. It is stored exclusively on your local machine.
No Tracking: We do not use Google Analytics, cookies, or any tracking pixels within the extension.

2. Storage & Security

We prioritize the security of your credentials through modern cryptographic standards:

Local Storage: Your settings and API keys are stored using chrome.storage.local.
Encryption: API keys are encrypted using the Web Crypto API before being saved. This ensures that even other processes on your machine cannot easily access your key.
Sandboxing: The extension operates in a sandboxed environment to prevent cross-site scripting (XSS) or malicious actors from intercepting your data.

3. Third-Party Services (OpenRouter)

OpenInsight functions as an interface for OpenRouter. When you use the extension, the text you highlight is sent to the Large Language Model (LLM) you have selected via OpenRouter. This data is subject to the OpenRouter Privacy Policy.

We recommend reviewing the privacy settings of the specific model provider (e.g., OpenAI, Anthropic, Google) you choose within the OpenRouter dashboard.

4. Permissions Justification

To function, the extension requires the following permissions:

activeTab: To access the text you highlight on the page you are currently viewing.
storage: To save your theme preferences and your encrypted API key locally.
host permissions: To allow the extension to provide insights across various websites you visit.

5. GDPR Compliance (EU Users)

Since OpenInsight does not collect, store, or transmit personal data to its own servers, we do not act as a "Data Controller" for your browsing habits. You have full control over your data: to "delete" your data, simply uninstall the extension or clear the extension's local storage in your browser settings.

6. Changes to This Policy

We may update this policy occasionally to reflect changes in browser requirements or extension features. Updates will be noted by the "Effective Date" at the top of this page.

7. Contact

If you have questions regarding this policy or our security practices, please contact us through our official GitHub repository or the Chrome Web Store support channel.