Privacy Policy
01 Overview
Opticlick Engine ("the Extension", "we", "our") is a Manifest V3 Chrome Extension that acts as an autonomous web agent. It analyzes web pages using computer vision and executes user-defined browsing tasks by simulating hardware-level mouse events via the Chrome DevTools Protocol.
This Privacy Policy explains what information the Extension collects, how it is used, and your rights regarding that information. By installing and using the Extension, you agree to the practices described here.
02 Data we collect
We distinguish between data that stays on your device and data transmitted to external services.
| Data type | Where it stays | Purpose |
|---|---|---|
| Gemini API key | Your device only (chrome.storage.local) |
Authenticate requests to Google's Gemini API |
| Page screenshots | Transmitted to Gemini API; not retained by us | Vision input for the AI decision loop |
| Task prompt / goal text | Transmitted to Gemini API; not retained by us | Instruction for the AI model |
| Agent execution state | Your device only (chrome.storage.session) |
Resume after service worker restarts |
| Conversation / task history | Your device only (IndexedDB) | Long-term context for multi-step tasks |
| Element coordinate mappings | Your device only (chrome.storage.session) |
Map AI-selected element IDs to CDP click targets |
We do not collect names, email addresses, IP addresses, browsing history, or any personal identifiers.
03 Your API key
The Extension requires a Google Gemini API key to function. You enter this key through the Extension's
popup interface. It is stored exclusively in chrome.storage.local on your device and is
never transmitted to our servers (we have none) or any party other than Google's Gemini API endpoint.
You can delete your stored API key at any time by clearing the Extension's storage via chrome://extensions → Opticlick Engine → Details → Clear storage, or by uninstalling the Extension.
04 Page data & screenshots
When you run a task, the Extension captures a screenshot of the current browser tab using
chrome.tabs.captureVisibleTab and transmits it — along with your task description — to the
Google Gemini API. This is the core mechanism that gives the AI "eyes" to understand the page.
- Screenshots are base64-encoded and sent over HTTPS directly to Google's API.
- We do not store, cache, or log screenshots on any server we control.
- Screenshots are held in memory only for the duration of a single Think–Act–Observe loop iteration.
- If your active tab contains sensitive information (passwords, financial data, personal messages), be aware that content will be included in the screenshot sent to Google.
Google processes the screenshot under its own Privacy Policy and Gemini API terms. We encourage you to review those documents.
05 Local storage
The Extension uses three browser storage mechanisms, all local to your device:
- chrome.storage.local — Stores your Gemini API key and user preferences. Persists until you clear it or uninstall the Extension.
- chrome.storage.session — Stores ephemeral agent state (current task step, element coordinate mappings). Cleared when the browser session ends.
- IndexedDB — Stores long-form conversation history and large payloads needed for multi-step tasks. Persists locally and can be cleared via browser developer tools or Extension settings.
None of this data is synchronized to cloud services, shared with us, or accessible to any third party.
06 Third-party services
The only external service the Extension communicates with is the Google Gemini API.
- Endpoint:
generativelanguage.googleapis.com(gemini-3.1-pro-preview) - Data sent per request: your task prompt, a base64-encoded screenshot of the active tab.
- Authentication: your API key, sent as an HTTP header.
Google's handling of this data is governed by Google's Privacy Policy and the Gemini API Additional Terms. We have no control over and assume no responsibility for Google's data practices.
We do not integrate any analytics services, advertising networks, crash reporters, or telemetry tools.
07 Chrome permissions explained
The Extension requests the following permissions. Each is necessary for core functionality:
- activeTab — Grants temporary access to the currently active tab when you invoke the Extension. Used to inject content scripts and capture screenshots.
- scripting — Required to programmatically inject the annotation content script into page frames, including cross-origin iframes.
-
debugger — Attaches the Chrome DevTools Protocol to the active tab so the Extension
can dispatch hardware-level mouse events via
Input.dispatchMouseEvent. This is necessary to interact correctly with React, Vue, and Angular applications. -
storage — Enables use of
chrome.storage.localandchrome.storage.sessionfor persisting the API key and agent state.
No broad host permissions (<all_urls>) are requested. Access is scoped to the active tab only.
08 Children's privacy
Opticlick Engine is not directed at children under 13 years of age. We do not knowingly collect personal information from children. If you believe a child has provided information through this Extension, please contact us so we can address the situation.
09 Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page and, for material changes, notify users via the Extension's update notes in the Chrome Web Store.
Continued use of the Extension after changes are posted constitutes your acceptance of the revised policy. We encourage you to review this page periodically.
10 Contact us
If you have questions, concerns, or requests related to this Privacy Policy or the Extension's data practices, please contact us:
- Email: privacy@opticlick.dev
- GitHub Issues: github.com/opticlick/engine/issues
We will respond to privacy inquiries within 30 days.