Privacy Policy — ChatVibes AI

Effective Date: March 14, 2026
Last Updated: April 2, 2026

TL;DR

ChatVibes AI reads the conversation visible in your active messaging tab to provide summaries, reply suggestions, and answers to your questions. When you use an AI feature, that conversation context is securely transmitted to ChatVibes AI's servers for processing. We do not sell your data. Your conversations are not used to train AI models. We do not use your data for advertising.

Overview

ChatVibes AI is a Chrome browser extension that provides AI-powered analysis of your messaging conversations. This privacy policy explains what data the extension accesses, how it is stored, what is transmitted externally, and the controls available to you.

How it works: ChatVibes AI reads the visible conversation on your screen, stores it locally on your device (if you enable caching), and lets you ask questions or get reply suggestions via our AI service. When you use an AI feature, your conversation context is sent to ChatVibes AI's servers, which process it using Google's Gemini API and stream the response back to you.

1. Data the Extension Accesses

When you use ChatVibes AI on a supported messaging platform, the extension's content script reads the visible page DOM to extract:

Message content: Text of messages in the active conversation, including emoji-rendered content
Sender information: Display names of conversation participants (not phone numbers or account IDs, unless displayed in the chat)
Timestamps: Message dates and times as displayed in the chat interface
Message metadata: Message direction (incoming/outgoing), forwarded status, reply/quote context, and reactions
Media placeholders: Descriptive labels for images, GIFs, voice notes (including duration), stickers, files/documents (filename, type, size), and contact cards — the extension does not download or store actual media files, photos, or audio recordings
Call event indicators: Voice/video call status labels (initiated, received, missed) as displayed in the conversation
Chat recipient details: Conversation name, group chat status, participant list, and profile icon URL as rendered by the platform
Your profile icon URL: The current user's avatar URL as displayed by the platform (used only for UI rendering in the side panel)

Supported platforms: WhatsApp Web, LinkedIn Messaging, Telegram Web, X/Twitter DMs, and Google Messages Web.

What the Extension Does NOT Access

Your messaging account credentials, passwords, or authentication tokens
Messages from conversations you have not opened
Actual media files (photos, videos, audio recordings, documents) — only metadata labels
Phone numbers or email addresses (unless they appear in visible message text)
Browser history, bookmarks, or data from other websites
Data from any website other than the supported messaging platforms listed in the manifest

2. How Data Is Used

ChatVibes AI uses the data it accesses solely to provide its core features:

Generate AI responses: conversation context and your prompt are sent to our server to produce summaries, reply drafts, and answers
Maintain conversation continuity: prior AI turns are included to keep follow-on questions coherent
Authenticate your session and enforce plan limits: your Firebase token is used to verify your account tier and track usage against your daily/monthly quota
Render the side panel UI: recipient name, icon URL, and message history are displayed locally in the extension panel
Persist local history: messages and AI threads are cached in your browser so the panel loads instantly on return visits

We do not use your data for advertising, profiling, or any purpose beyond the above. We do not sell your data. Your conversation content is not used to train AI models — including by our upstream provider, Google, whose Gemini API terms prohibit training on API-submitted data by default.

3. Data Storage

Local Device Storage

All conversation data and AI thread history is stored locally on your device using browser-provided storage mechanisms.

IndexedDB (Browser Local Database — `chatvibes-cache`)

Store	What It Contains	Retention
`conversations`	Conversation metadata: platform name, chat name, group status, participant names, icon URL, last-updated timestamp	Until you delete it via the Saved Memory view
`messages`	Cached message records: text, sender, timestamp, message type, reply context, media metadata labels, forwarded status. Capped at 5,000 messages per conversation (oldest are trimmed).	Until you delete the conversation cache or clear browser data
`aiThreads`	AI session metadata: thread ID, associated conversation, recipient name, platform, timestamps, turn count, preview text	Until you delete the thread via AI History
`aiTurns`	Individual AI interaction turns: user prompts and AI responses with timestamps. Capped at 200 turns per thread.	Until the parent thread is deleted

Chrome Local Storage (`chrome.storage.local`)

Key	What It Stores
Selected AI model	Your model preference (e.g., Quick, Smart, Genius)
Cache toggle	Whether the conversation cache feature is enabled
AI thread memory	Follow-on conversation context per AI thread (recent turn summaries, open questions, decisions) — used to maintain continuity across AI sessions
Firebase auth session	Your sign-in state, persisted by Firebase so you stay logged in across sessions

ChatVibes AI Server Storage

When you sign in and use AI features, ChatVibes AI's servers store the following account-level data:

Data	Purpose	Retention
Google account identity (Firebase UID, email, display name)	Account identification and authentication	Until you delete your account
Plan tier (`free`, `plus`, or `pro`)	Access control and billing	Until you delete your account or change plans
Daily and monthly AI usage counts	Enforcing rate limits and plan quotas	Rolling window; reset per period
Stripe customer and subscription records	Billing management	Per Stripe's data retention policies

Conversation content: ChatVibes AI's servers currently do not store the content of your conversations or your AI prompts and responses. Conversation payloads are processed in memory and immediately forwarded to Google's Gemini API. This may change in the future — if we introduce server-side conversation storage, this policy will be updated before that change takes effect.

4. Data Transmitted Externally

ChatVibes AI Server (`api.chatvibes.ai`)

When you use any AI feature (Summarize, Draft, Query, or Reflect), the extension sends a request to ChatVibes AI's proxy server. This is the primary external data transmission for AI features.

What is sent to our server:

A structured conversation payload containing: raw message text, sender display names (with the current user normalized to a generic "me" role), timestamps, message types, and relevant metadata (reply context, forwarded labels, media description labels, call event types)
Your query or prompt text
Prior AI conversation turns for the active thread (to maintain continuity)
A compressed summary of older conversation history when the conversation is large
Your Firebase authentication token (as a Bearer header, used for rate limiting and plan enforcement)

What our server does with it:

Authenticates your request against your account tier and enforces usage limits
Forwards the conversation payload to Google's Gemini API
Streams the Gemini response back to your browser via SSE
Does not currently persist conversation content or AI responses

Firebase / Google (Authentication)

When you sign in with Google, ChatVibes AI uses Firebase Authentication. This involves:

chrome.identity.getAuthToken: Chrome's built-in OAuth flow retrieves a Google OAuth 2.0 token. Your Google account email and profile are shared with Firebase.
Firebase Auth creates and persists an authenticated session, generating a Firebase ID token used to authorize requests to our server.
Your Google account information (UID, email, display name, profile photo URL) is stored in our Firebase project and used solely for account management.

Firebase is a Google product. Your use of Firebase Auth is governed by Google's Privacy Policy and Firebase's Terms of Service.

Google Gemini API

After our server receives your AI request, it forwards the conversation payload to Google's Generative Language API (generativelanguage.googleapis.com). ChatVibes AI holds the API key used for this call — you do not need to provide your own. Google's handling of this data is governed by Google's API Terms of Service and Google's Privacy Policy.

Stripe (Billing)

If you upgrade to a paid plan, your payment is processed by Stripe. ChatVibes AI does not handle or store your payment card details. Stripe's data practices are governed by Stripe's Privacy Policy.

5. Permissions Explained

The extension requests the following Chrome permissions:

Permission	Why It Is Needed
`sidePanel`	To display the ChatVibes AI interface in Chrome's side panel
`tabs`	To detect which tab is active and whether it contains a supported messaging platform, so the side panel can scope its content to the correct tab
`storage`	To persist your settings, model preference, cache toggle, AI thread memory, and Firebase auth session locally
`identity`	To initiate Google Sign-In via `chrome.identity.getAuthToken`, which obtains an OAuth token for Firebase authentication
Host: `web.whatsapp.com`	To inject the content script that reads conversation data from WhatsApp Web
Host: `www.linkedin.com`	To inject the content script that reads conversation data from LinkedIn Messaging
Host: `web.telegram.org`	To inject the content script that reads conversation data from Telegram Web
Host: `x.com`, `twitter.com`	To inject the content script that reads conversation data from X/Twitter DMs
Host: `messages.google.com`	To inject the content script that reads conversation data from Google Messages Web
Host: `generativelanguage.googleapis.com`	To communicate with the Google Gemini API directly (used in the local API key build variant)

6. Your Controls and Data Deletion

You have full control over all data stored by the extension:

Delete individual conversation caches: Open Saved Memory from the header menu and delete any saved conversation
Delete all conversation caches: Use the "Delete All" action in Saved Memory
Delete individual AI threads: Open AI History from the menu and delete any saved AI session
Disable conversation caching: Toggle off conversation caching in Settings to prevent new message data from being persisted
Sign out: Sign out from the Settings page to remove your authenticated session; subsequent AI requests will be unauthenticated (rate-limited free tier)
Delete your account: Contact us at the address in Section 10 to request deletion of your server-side account data (Firebase account, usage records, Stripe subscription)
Clear all local extension data: Remove the extension from chrome://extensions or clear site data for the extension, which removes all IndexedDB and local storage entries
Revoke host access: Disable the extension or remove host permissions via Chrome's extension settings to stop all DOM reading

7. Data Security

All local data is stored using Chrome's built-in storage APIs (IndexedDB and chrome.storage.local), which are sandboxed to the extension and inaccessible to other extensions or websites
All communication with ChatVibes AI's servers and Google's APIs occurs over HTTPS
Firebase ID tokens used to authenticate server requests are short-lived and automatically refreshed
The extension does not include any third-party analytics SDKs, tracking pixels, advertising libraries, or telemetry frameworks
The production build minifies and obfuscates JavaScript to reduce exposure of internal logic

8. Children's Privacy

ChatVibes AI is not directed at children under the age of 13. The extension does not knowingly collect personal information from children. If you believe a child has used this extension, all locally stored data can be removed by uninstalling the extension, and server-side account data can be deleted by contacting us.

9. Changes to This Policy

We may update this privacy policy to reflect changes in the extension's functionality, including if we begin storing conversation content server-side. When we do, we will update the "Last Updated" date at the top of this page. For material changes — particularly those affecting how conversation data is handled — we will make reasonable efforts to notify users through the Extension's interface or release notes. Continued use of the extension after changes constitutes acceptance of the revised policy.

10. Contact

If you have questions or concerns about this privacy policy, the extension's data practices, or to request account deletion, please contact:

Pair and Pivot, LLC
pairandpivot@gmail.com

Summary: ChatVibes AI reads your visible chat messages locally on supported platforms (WhatsApp, LinkedIn, Telegram, X/Twitter, Google Messages). When you use an AI feature, your conversation context is sent to ChatVibes AI's servers, which forward it to Google Gemini and stream back the response — your conversation content is not currently stored on our servers. We store account-level data (your Google identity, plan tier, and usage counts) to manage your account and enforce plan limits. All local conversation data and AI history stays on your device and can be deleted at any time.

← Back to ChatVibes