Privacy Policy

Last updated: 2 May 2026

Summary

SecurePaste exists to increase your privacy. It does not collect, transmit, or sell any data. All processing is local to your browser.

What the extension reads

• Text you paste into the input field of a supported LLM site (claude.ai, chatgpt.com, gemini.google.com)
• The current tab's ID (used to scope mappings to that tab)
• Your custom keywords list (text you explicitly type into the popup's "Custom Keywords" section)

What the extension stores

• Per-tab token mappings in chrome.storage.session. This data is cleared automatically when the tab is closed or the browser quits.
• Custom keywords in chrome.storage.sync. This is synced across the Chrome instances signed into your own Google account; it never leaves Google's sync infrastructure.
• Theme preference in chrome.storage.local. Stays on this device.

What the extension transmits

Nothing. The extension makes zero outbound network requests. It has no analytics, no error reporting, no third-party SDKs. The masked text you paste is sent to the LLM by the LLM's own page via its normal request path — the extension only modifies what the page can see before the page sends it.

Permissions used

• storage — to persist token mappings, keywords, and theme preference (as described above)
• tabs — to read the current tab ID so mappings are scoped per tab and the extension badge shows the active token count
• Host permissions on claude.ai, chatgpt.com, gemini.google.com — to inject the content script that detects and masks sensitive text

Third parties

None. The extension does not embed third-party scripts, fonts loaded at runtime, or trackers.

Children

The extension is not directed at children under 13.

Changes to this policy

If this policy changes, the version updated date above will change and the new policy will be published at the same URL.

Contact

Questions or concerns: open an issue on the GitHub repository.