Privacy Policy

1. Who we are

BrowserAI is a browser extension (Chrome, Brave, Edge, and other Chromium-based browsers) that acts as an AI assistant on top of any web page. This policy explains what information we process, for what purposes, and with whom we share it.

Data controller: the operator of the domain chat-gpt-ia.com. For any privacy inquiries, write to soporte@chat-gpt-ia.com.

2. What data we collect

If you use the Free (BYOK) plan

• Your API keys from the providers you configure (OpenAI, Anthropic, Google, etc.). Stored encrypted locally in your browser with AES-256 (PBKDF2, 600,000 iterations). They never reach our servers.
• Your conversations and prompts: stored only in your browser's local storage.
• Visited page content: only when you explicitly request it (summarize, translate, rewrite). Sent directly from your browser to your chosen AI provider using your API key.

If you use the Pro or Team plan (managed)

• Email linked to your PayPal account when you complete payment.
• Subscription and license identifiers (format NOVA-XXXX-XXXX) generated on activation.
• Prompts and responses you send through our proxy server (required to deliver the model response). See section 4.
• Technical usage data: requests per month, tokens consumed, model used. Needed to apply monthly quota.
• Source IP in server logs for 30 days (abuse defense).
• PayPal webhook events: subscription state changes (activation, cancellation, payments).

3. How we use your data

• Provide the service: send your prompts to the AI provider and return the response.
• Manage your subscription: validate license, control quotas, process plan changes.
• Support: respond to inquiries and resolve incidents.
• Security: detect and prevent fraud, abuse, or attacks.
• Legal compliance: respond to legitimate authority requests when legally required.

We do not use your data to train AI models, we do not sell it to third parties, and we do not share it with advertisers. There is no advertising inside the extension.

4. AI provider processing

On the Free (BYOK) plan, you choose the provider, and the connection is direct from your browser to your chosen provider (OpenAI, Anthropic, Google, etc.). Their own privacy policies apply.

On Pro/Team plans, requests are routed through our proxy server (api.chat-gpt-ia.com) and from there to a premium model provider selected to optimize latency and quality. Data sent to the provider includes prompt content and, if you enable them, page content or attached images. The providers we work with comply with no-retention data policies for API traffic. To learn the current provider, contact soporte@chat-gpt-ia.com.

5. Local storage vs server

In your browser (always local)

• API keys encrypted with AES-256 (Free/BYOK)
• Conversation history
• Preferences (theme, language, default model)
• Local license NOVA-XXXX-XXXX (encrypted, Pro/Team)

On our servers (Pro/Team only)

• Account (email + status)
• License (hashed key, plaintext never stored)
• Devices linked to your license (opaque fingerprint, no personal info)
• Quota counters (requests/month, tokens)
• PayPal webhook logs (60 days)
• Application logs (30 days, auto-rotated)

6. Third parties involved

• PayPal: processes your payments. Receives your email and card data, which we never see. Policy: paypal.com/privacy.
• AI providers: receive the prompts you send. Pro/Team plans: see section 4. Free plan: whichever you configure.
• Hosting provider: Verpex (EU servers). Stores the server-side data listed above.
• Web search providers (optional): if you enable "🔍 Web", the prompt first goes to Tavily or Brave Search to enrich the response.

We do not use Google Analytics, Facebook Pixel, or any tracker. No tracking cookies. Only strictly necessary cookies (admin panel session for administrators).

7. Retention & deletion

• Active account: while you have an active subscription or valid license.
• After cancellation: 90 days for reactivation, then irreversible anonymization.
• Application logs: 30 days.
• PayPal events: 60 days (accounting + payment audit obligation).
• Browser local data: persists until you delete it (uninstall the extension or "Clear conversations").

You may request immediate account deletion by emailing support.

8. Your rights

Under GDPR (EU) and equivalent regulations (LGPD Brazil, CCPA California, etc.), you have the right to:

• Access the data we hold about you
• Rectify incorrect data
• Delete your account and associated data ("right to be forgotten")
• Portability: export your conversations (feature available in-extension)
• Object to processing
• Complain to the competent data protection authority (AEPD in Spain, ANPD in Brazil, etc.)

To exercise any of these rights, write to soporte@chat-gpt-ia.com. We respond within 30 days max.

9. Security

• API keys encrypted with AES-256-GCM, PBKDF2 key derivation, 600,000 iterations
• HTTPS/TLS 1.3 enforced on all server communications
• PayPal webhooks cryptographically validated (digital signature + allowlist)
• Admin panel passwords hashed with bcrypt
• 2FA enforced on the admin panel
• Strict isolation: your conversations are not visible to other users or to our team (except technical incidents explicitly notified)

No security measure is perfect. If you discover a vulnerability, please report responsibly to soporte@chat-gpt-ia.com.

10. Minors

BrowserAI is not directed to children under 16. We do not knowingly collect data from minors. If you are a parent/guardian and believe a minor has provided us data, contact us for deletion.

11. Changes to this policy

If we materially modify this policy, we will notify active-account users by email at least 15 days in advance. The current version will always be at chat-gpt-ia.com/legal/privacidad with the last update date.

12. Contact

For any inquiry about this policy, exercising rights, or incidents:

• 📧 Email: soporte@chat-gpt-ia.com
• 🌐 Web: chat-gpt-ia.com