Privacy Policy
📋 Quick Summary:
- ✅ We do NOT collect or store your data on our servers
- ✅ Your API key is stored locally in your browser (encrypted)
- ✅ Form data is sent to OpenAI when you use autofill
- ✅ We do NOT track you, sell data, or use analytics
- ✅ You control your data and can delete it anytime
Introduction
Formageddon ("we", "our", or "the extension") is a Chrome browser extension that helps users autofill web forms using AI-generated, context-aware text powered by OpenAI's GPT models. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.
By installing and using Formageddon, you agree to this Privacy Policy.
1. Information We Collect
1.1 Information You Provide
OpenAI API Key:
- You must provide your own OpenAI API key to use this extension
- The API key is stored locally in your browser using Chrome's secure storage (
chrome.storage.sync) - The API key is encrypted by Chrome and synced across your devices (if Chrome sync is enabled)
- We do NOT have access to your API key
- We do NOT transmit your API key to any server we control
Extension Settings:
- Model selection (e.g., GPT-4o, GPT-4, etc.)
- Temperature and max tokens settings
- User preferences (e.g., "Ignore existing input")
- These settings are stored locally in Chrome's storage
1.2 Information Automatically Collected
Form Data:
- When you use the autofill feature, the extension analyzes form fields on the current webpage
- This includes: field labels, placeholders, attributes, form structure, values already entered, field types
- This data is sent to OpenAI's API to generate contextually appropriate content
- We do NOT store, log, or transmit this data to any server we control
⚠️ Important: The extension does NOT collect analytics, telemetry, or usage statistics. We do NOT track which websites you visit or monitor how often you use the extension.
2. How We Use Your Information
2.1 API Key
Your OpenAI API key is used exclusively to:
- Authenticate requests to OpenAI's API
- Generate contextually appropriate text for form fields
- The API key is sent directly from your browser to OpenAI's servers
- We never receive, store, or log your API key on our servers
2.2 Form Data
Form data collected from web pages is used to:
- Understand the context of form fields
- Generate appropriate and relevant content
- Improve the accuracy of AI-generated suggestions
⚠️ Important: Form data is sent to OpenAI's API for processing. Please refer to OpenAI's Privacy Policy for information on how OpenAI handles this data.
3. Data Sharing and Third Parties
3.1 OpenAI
What is shared:
- Form context (field labels, placeholders, form structure, surrounding text)
- Your OpenAI API key (for authentication)
Why: To generate contextually appropriate text for form fields
How: Data is sent directly from your browser to OpenAI's servers via HTTPS
📝 Note: OpenAI may log API requests for security, debugging, and service improvement. You are responsible for understanding and accepting OpenAI's Privacy Policy and Terms of Service.
3.2 No Other Third Parties
✅ We do NOT:
- Share your data with advertisers
- Sell your data to anyone
- Send your data to any analytics services
- Track your browsing activity
- Use your data for any purpose other than providing the autofill functionality
4. Data Storage and Security
4.1 Local Storage
- All data (API key, settings) is stored locally in your browser
- Chrome's
storage.syncAPI is used, which encrypts data at rest - If Chrome sync is enabled, settings are synced across your devices securely
4.2 Security Measures
We implement the following security measures:
- HTTPS for all API communications
- No plaintext storage of sensitive data (Chrome handles encryption)
- No server-side data storage (all data stays in your browser)
- Input validation and sanitization to prevent XSS attacks
- Content Security Policy (CSP) to prevent code injection
Your Responsibility:
- Keep your OpenAI API key secure
- Do not share your API key with others
- Regularly rotate your API key if you suspect compromise
- Monitor your OpenAI API usage for unauthorized access
4.3 Data Retention
- API Key and Settings: Stored until you uninstall the extension or manually delete them
- Form Data: NOT stored; only sent to OpenAI's API in real-time
- No logs or history: We do not keep any history of generated content or forms you've filled
5. Your Rights and Choices
5.1 Access and Control
You can:
- View your stored API key and settings at any time (via the extension popup)
- Modify or delete your API key and settings
- Uninstall the extension to remove all stored data from your browser
5.2 Data Deletion
To delete your data:
- Open the extension popup
- Clear your API key
- Uninstall the extension
- This will remove all data stored by the extension from your browser
📝 Note: Data already sent to OpenAI is governed by OpenAI's data retention policies. Contact OpenAI directly for data deletion requests related to API usage.
6. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
📧 Email: info@metinet.de
🐛 GitHub Issues: github.com/metinet-de/formageddon/issues
⏱️ Response Time: We will respond within 30 days
7. International Users
This extension is available worldwide. By using Formageddon:
- Your API key and settings are stored locally in your browser
- Form data is sent to OpenAI's servers, which may be located in different countries
- Data transfers to OpenAI are governed by OpenAI's privacy policy
If you are located in the European Economic Area (EEA), Switzerland, or the UK, please note that OpenAI's data processing practices are subject to their GDPR compliance measures.
8. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, applicable laws, or new features.
When we update this policy:
- The "Last Updated" date at the top will be revised
- We will notify you of significant changes (via extension update notes or other means)
- Your continued use of the extension after changes constitutes acceptance of the updated policy
9. Legal Rights (GDPR & CCPA)
California Residents (CCPA)
If you are a California resident, you have the right to:
- Know what personal information we collect (see Section 1)
- Request deletion of your personal information (see Section 5)
- Opt-out of the sale of personal information (we do NOT sell your data)
European Residents (GDPR)
If you are located in the EEA, Switzerland, or the UK, you have the following rights:
- Right to Access: Request information about data we process
- Right to Rectification: Correct inaccurate data
- Right to Erasure: Delete your data
- Right to Restriction: Limit how we use your data
- Right to Portability: Receive your data in a structured format
- Right to Object: Object to data processing
📝 Note: Since we do NOT collect or store your data on our servers, most GDPR requests will involve deleting data from your local browser storage (which you can do yourself) or contacting OpenAI regarding data sent to their API.
10. Acceptance of This Policy
By using Formageddon, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.
If you do not agree with this Privacy Policy, please do not use the extension.
Summary - In Plain Language
- We do NOT collect or store your personal data on our servers
- Your API key and settings are stored locally in your browser (encrypted by Chrome)
- Form data is sent to OpenAI when you use the autofill feature (governed by OpenAI's privacy policy)
- We do NOT track you, sell your data, or use analytics
- You control your data and can delete it anytime by uninstalling the extension
- You are responsible for understanding OpenAI's data policies when using their API
External Links
- OpenAI Privacy Policy: openai.com/privacy/
- OpenAI Terms of Service: openai.com/terms/
- Chrome Web Store: chrome.google.com/webstore