# Privacy Policy for HAL Chrome Extension

**Last Updated**: [Date]

## Introduction

HAL ("we", "our", or "the extension") is committed to protecting your privacy. This Privacy Policy explains how we handle data when you use the HAL Chrome extension.

## Data Collection and Storage

### Local Storage Only

HAL stores all data locally in your browser. We do not operate any external servers or databases. All data remains on your device.

### Data We Store Locally

The extension stores the following information in your browser's local storage:

1. **API Configuration**
   - Your OpenAI-compatible API endpoint URL
   - Optional API key (if you choose to provide one)
   - Selected AI model preference

2. **Extension Settings**
   - Language preference
   - Font size settings
   - Other user preferences

3. **Temporary Data**
   - Current page content (processed in memory, not stored)
   - Generated summaries and mind maps (displayed only, not stored)

### What We Do NOT Collect

- Personal information
- Browsing history
- Search queries
- Location data
- Contact information
- Payment information
- Any data beyond what you explicitly configure

## Data Usage

### How Your Data is Used

1. **API Configuration**: Used to connect to your configured AI service provider
2. **Settings**: Used to customize your extension experience
3. **Page Content**: Extracted from web pages you visit and sent only to your configured API endpoint for processing

### Data Transmission

- **To Your API Endpoint**: Page content and prompts are sent to the API endpoint you configure (e.g., OpenAI, Anthropic, or your own server)
- **No Third-Party Sharing**: We do not share your data with any third parties except the API endpoint you explicitly configure
- **No Analytics**: We do not track usage, collect analytics, or send data to any tracking services

## API Key Security

If you choose to provide an API key:
- Your API key is stored locally in your browser's secure storage
- It is only sent to your configured API endpoint
- We never have access to your API key
- You can delete your API key at any time through the extension settings

## Permissions Explanation

HAL requires the following permissions:

1. **activeTab**: To access the current tab's content for summarization
2. **scripting**: To inject content scripts for page content extraction
3. **storage**: To save your settings and API configuration locally
4. **tabs**: To access tab information for the extension functionality
5. **sidePanel**: To display the extension interface
6. **Host Permissions (https://*/*, http://*/*)**: To extract content from web pages you visit
7. **Host Permissions (http://localhost:3000/*)**: To connect to local AI proxy servers (e.g., Ollama)

These permissions are necessary for the extension's core functionality and are not used for any other purpose.

## Data Security

- All data is stored locally in your browser using Chrome's secure storage APIs
- API communications use HTTPS when available
- No data is transmitted to servers we control
- Your API keys are encrypted in browser storage

## User Rights

You have the right to:
- **Access**: View all stored data through browser developer tools
- **Delete**: Remove all stored data by uninstalling the extension or clearing extension data
- **Control**: Configure or remove your API endpoint and API key at any time
- **Opt-out**: Stop using the extension at any time

## Children's Privacy

HAL is not intended for children under 13. We do not knowingly collect personal information from children.

## Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:
- Updating the "Last Updated" date
- Posting the new Privacy Policy in the extension repository

## Open Source

HAL is open source software. You can review the source code at:
https://github.com/easynet-world/7179-HAL-0

## Contact

If you have questions about this Privacy Policy, please:
- Open an issue on GitHub: https://github.com/easynet-world/7179-HAL-0/issues
- Review the source code to verify our privacy practices

## Compliance

This Privacy Policy complies with:
- General Data Protection Regulation (GDPR)
- California Consumer Privacy Act (CCPA)
- Chrome Web Store Developer Program Policies

---

**Summary**: HAL stores your settings locally and sends page content only to your configured API endpoint. We don't collect, share, or sell your data.