Privacy Policy

skiller Chrome Extension — Last updated: April 2026

Summary

skiller does not collect, store, or transmit any of your data to its own servers. There are no skiller servers. All processing happens locally in your browser or via direct API calls to the services you configure (your chosen AI provider, and optionally GitHub or GitLab via a Personal Access Token you supply).

What data does skiller access?

Data	Purpose	Stored where	Shared with
Jira issue content (title, description, labels, comments)	Extracted from the current Jira page to generate QA skill files	Browser memory only (not persisted beyond the session, except history)	Your AI provider when you click "Generate"
GitHub PR / Issue / file / repo content	Extracted from the current GitHub page (via DOM and optionally the GitHub REST API) to generate context-aware skill files	Browser memory only (not persisted beyond the session, except history)	Your AI provider when you click "Generate"; GitHub REST API to fetch diff/files (only when a GitHub PAT is configured)
GitLab MR / Issue / file / repo content	Extracted from the current GitLab page (via DOM and optionally the GitLab REST API v4) to generate context-aware skill files	Browser memory only (not persisted beyond the session, except history)	Your AI provider when you click "Generate"; GitLab REST API to fetch diff/files (only when a GitLab PAT is configured)
AI provider API key (Anthropic, OpenAI, or Google Gemini)	Authenticate with your AI provider to generate skill files	Encrypted in chrome.storage.local (AES-256-GCM)	Your AI provider only, via HTTPS
GitHub Personal Access Token (optional)	Authenticate with the GitHub REST API to fetch richer PR/file context for private or large repositories	Encrypted in chrome.storage.local (AES-256-GCM)	GitHub REST API (`api.github.com`) only, via HTTPS
GitLab Personal Access Token (optional)	Authenticate with the GitLab REST API to fetch richer MR/file context	Encrypted in chrome.storage.local (AES-256-GCM)	GitLab REST API (`gitlab.com/api/v4`) only, via HTTPS
Generated skill files	Displayed in the extension and available for download	Browser memory; last 20 in chrome.storage.local (history)	Nobody — stays in your browser
Extension settings (model, theme, depth preferences, templates, custom skills)	Remember your preferences	chrome.storage.local	Nobody

What data does skiller NOT access?

Your Jira, GitHub, or GitLab credentials or session passwords
Other browser tabs or your browsing history
Files on your computer
Your identity, email, or personal information
Content from pages you haven't actively opened in skiller
Any repository content beyond what is needed to generate skills for the currently active page

GitHub and GitLab API access

When you provide a Personal Access Token (PAT), skiller uses it to call the GitHub or GitLab REST API only for the repository corresponding to the page you are currently viewing. Specifically, it may fetch:

PR/MR diff and changed file list
Pipeline/CI status
Repository file tree (up to 100 entries)
Raw content of up to 8 core source files (e.g. src/index.ts, src/app.ts)
Config files such as package.json, .github/workflows/*.yml, .gitlab-ci.yml, or an OpenAPI spec if present

This data is used in-memory to build the prompt sent to your AI provider. It is not persisted to storage beyond the current generation history entry.

Without a PAT, skiller falls back to DOM extraction using the browser's rendered page content and, where available, the browser's existing authenticated session cookies.

Third-party services

skiller sends data to the AI provider you choose in Settings, and optionally to GitHub or GitLab if you supply a PAT.

Anthropic — story/PR/MR/file content is sent to api.anthropic.com. See Anthropic's Privacy Policy.
OpenAI — content is sent to api.openai.com. See OpenAI's Privacy Policy.
Google Gemini — content is sent to generativelanguage.googleapis.com. See Google's Privacy Policy.
GitHub REST API (api.github.com) — repository context is fetched when a GitHub PAT is configured. See GitHub's Privacy Statement.
GitLab REST API (gitlab.com) — repository context is fetched when a GitLab PAT is configured. See GitLab's Privacy Policy.

skiller does not send analytics, telemetry, or tracking data to any service.

Permissions explained

Permission	Why it's needed
`activeTab`	Read the current Jira, GitHub, or GitLab page to extract story/PR/MR/file details when you open the extension
`storage`	Save your settings, API keys and PATs (encrypted), and generation history locally
`sidePanel`	Display the skiller interface as a Chrome side panel
`scripting`	Inject the content script into Jira, GitHub, and GitLab pages to extract context data
`host_permissions: *.atlassian.net`	Access Jira Cloud pages for story extraction
`host_permissions: github.com, api.github.com`	Extract context from GitHub pages and call the GitHub REST API (when a PAT is configured)
`host_permissions: gitlab.com`	Extract context from GitLab pages and call the GitLab REST API (when a PAT is configured)
`host_permissions: api.anthropic.com, api.openai.com, generativelanguage.googleapis.com`	Make API calls to your chosen AI provider for skill file generation

Data retention

AI provider API keys and PATs — stored until you clear them in Settings or uninstall the extension
Generation history — last 20 entries stored locally; cleared via the History screen or on uninstall
Session data — story/PR/MR/file content from the current session is not persisted after you close the side panel (beyond the history entry)
Templates and custom skills — stored locally until you delete them in Settings or uninstall the extension

Security

All API keys and PATs are encrypted using AES-256-GCM before storage in chrome.storage.local
All API calls use HTTPS
No data leaves your browser except API calls to your chosen AI provider and the optional GitHub/GitLab REST API
The extension has no backend server, database, or analytics pipeline
PAT validation calls (the "Test" button in Settings) are made directly from your browser to the respective API — no proxy involved

Your rights

Since all data is stored locally in your browser, you have full control:

View — check Settings to see stored API keys, PATs, templates, and preferences
Delete — clear history, remove API keys/PATs, delete templates, or uninstall the extension to remove all data
Export — download generated skill files at any time

Changes to this policy

If this policy changes, the update will be included in the extension update. The "Last updated" date at the top will reflect the change.

Contact

Questions about privacy? Open an issue on the project's GitHub repository or contact the developer directly.