← Back

Privacy Policy

JoltBot Chrome Extension · Effective: April 7, 2026

1. Overview

JoltBot is a Chrome extension that provides an AI writing assistant accessible from any webpage. It uses Google Sign-In for authentication and the Google Gemini API to generate responses. This policy describes what data is collected, how it is stored, which third-party services are involved, and what rights you have over your data.

2. Data We Collect

Sent to JoltBot servers when you use the extension

  • Your Google OAuth access token (sent once at sign-in to authenticate your account)
  • Your Google profile: name and email address (retrieved from Google at sign-in)
  • Your messages and prompts sent to the AI
  • Your “memory” context: a free-form personal context string you configure in the extension popup
  • Your active “skills”: named text snippets (up to 5,000 characters each) you configure as reusable AI context
  • Session metadata: session name and conversation turn count

Stored locally in your browser (chrome.storage.local)

  • Your Google profile: name, email, and profile picture URL
  • Your Google OAuth access token
  • Your active session identifier
  • Your memory context text

Note: Individual conversation messages are not stored on JoltBot servers. Only the turn count per session is recorded server-side. Conversation continuity is maintained via a reference ID returned by the Gemini API.

3. How Your Data Is Stored

Server-side (Cloudflare D1 SQLite)

  • users: your Google account identifier (OAuth sub), name, email, and account timestamps
  • sessions: session UUID, name, turn count, last Gemini interaction ID, and timestamps
  • skills: skill UUID, name, context text, description, and active status

Browser-side

Data is stored in Chrome extension local storage, which is isolated to the extension and inaccessible to any website you visit.

Cloudflare Workers runtime logs, if any, are ephemeral and not retained persistently.

4. Third-Party Services

  • Google OAuth2 API — Used to authenticate your sign-in and fetch your profile (name, email, account ID, profile picture). Governed by Google’s Privacy Policy.
  • Google Gemini API (generativelanguage.googleapis.com) — Your prompts, memory context, and active skills are sent to Gemini to generate responses. Requests are made with store: true, meaning Google retains conversation turns on their infrastructure to support multi-turn conversation continuity. This data is governed by Google’s Gemini API Terms of Service.
  • DuckDuckGo — Queried only when you explicitly use the /websearch() command in a prompt. No personal identifiers are included in this request. Governed by DuckDuckGo’s Privacy Policy.

5. Chrome Permissions

  • storage — Stores your session, memory, and profile data locally in the extension’s isolated storage.
  • identity — Enables Google Sign-In via Chrome’s built-in OAuth flow.
  • clipboardRead — Your clipboard is read only when you explicitly type /clipboard in a prompt. The clipboard content is sent to Gemini as part of that prompt and is not stored.
  • <all_urls> (host permission) — The extension’s content script runs on all pages so you can invoke JoltBot from any tab. The extension does not read or transmit page content unless you explicitly trigger /jolt.

The extension logs the current page URL, your raw prompt, and the AI response to the browser’s developer console for debugging. These logs are local to your browser and are never transmitted to any server.

6. Data Retention and Deletion

  • Local browser data persists until you uninstall the extension or clear extension storage via Chrome Settings → Extensions → JoltBot → Clear storage.
  • Server-side data (account, sessions, skills) persists until you request deletion.
  • To request deletion, contact the developer (see Section 8). Your user record, all sessions, and all skills will be permanently removed.

7. Your Rights

  • You may request access to the data stored about you at any time.
  • You may request permanent deletion of your account and all associated data at any time.
  • You may revoke JoltBot’s access to your Google account at any time via myaccount.google.com/permissions. This will invalidate your stored token and sign you out of JoltBot.
  • No data is sold or shared with third parties beyond the service integrations described in Section 4.

8. Contact

For questions, data access requests, or deletion requests, reach out via: