Privacy Policy

Last updated: January 2, 2026

What Data We Collect

FranzAI Bridge collects and stores the following data locally on your device only:

• API Keys: The API keys you enter (OpenAI, Anthropic, Google, Mistral, or custom keys) are stored in Chrome's extension storage.
• Google OAuth Tokens: If you use the Google authentication feature (franzai.google.*), we store your OAuth access token, refresh token, email address, and authorized scopes locally.
• Configuration: Your settings including allowed origins, allowed destinations, and custom injection rules.
• Request Logs: A temporary log of recent requests (up to 200 entries) is stored in memory for the request inspector. These logs are cleared when you close Chrome or click "Clear".

How We Use Your Data

• API Keys: Used solely to authenticate your requests to AI providers. Keys are injected into request headers by the extension and sent directly to the respective API endpoints.
• Google OAuth Tokens: Used solely to authenticate your requests to Google APIs (Search Console, Analytics, etc.). Tokens are automatically refreshed when expired and sent directly to Google's API endpoints.
• Configuration: Used to determine which pages can use the bridge and which APIs can be called.
• Request Logs: Displayed in the side panel for debugging purposes only.

Data Storage

All data is stored locally using Chrome's chrome.storage.local API. This means:

• Data is stored on your device only
• Data is not synced across devices (we do not use chrome.storage.sync)
• Data persists until you uninstall the extension or clear extension data

Data Transmission

FranzAI Bridge transmits data only in the following ways:

• To AI API providers: When you make a request through the bridge, your request data (including the injected API key) is sent directly to the API endpoint you specified.
• To Google APIs: When you use the Google authentication feature, requests are sent directly to Google's API endpoints with your OAuth token. We use Google's OAuth 2.0 for authentication.
• No analytics: We do not send any usage data, telemetry, or analytics to any server.
• No third parties: We do not share your data with any third parties.

Security

• API keys are stored in extension storage, which is not accessible to web pages or other extensions.
• Google OAuth tokens are stored securely in extension storage and automatically refreshed when expired.
• The extension uses allowlists to control which pages can make requests and which APIs can be called.
• Requests are made directly from the extension to the API provider with no intermediary servers.

Google Authentication

When you use the Google authentication feature (franzai.google.*):

• OAuth Flow: We use Chrome's built-in identity API (chrome.identity) to securely authenticate with Google.
• Scopes: We only request the specific permissions (scopes) needed for your use case, such as Search Console or Analytics access.
• Token Storage: OAuth tokens are stored locally and used only to authenticate your API requests.
• Token Refresh: Access tokens expire after 1 hour and are automatically refreshed using your refresh token.
• Revocation: You can revoke access at any time via Google Account Permissions or by using franzai.google.logout().
• No Server: All authentication happens directly between your browser and Google. We have no server that sees or stores your tokens.

Your Rights

You have full control over your data:

• View: All stored data is visible in the extension's side panel.
• Delete: Use the "Reset All Settings" button to delete all stored data, or uninstall the extension.
• Google Logout: Use franzai.google.logout() to clear Google OAuth tokens, or revoke access at Google Account Permissions.
• Export: Request logs can be exported as JSON from the side panel.

Changes to This Policy

We may update this privacy policy from time to time. Any changes will be reflected in the "Last updated" date at the top of this page.

Contact

If you have questions about this privacy policy:

• Open an issue on GitHub
• Email: [email protected]