Legal

Privacy Policy

Last updated: June 7, 2026

The short version. If you bring your own API key, it stays in your browser and your messages go straight to the model provider — we never see them. If you create an account, we store only what's needed to run it: your email, a hashed password, and per-request usage counts. No ad trackers, no selling your data, ever.

01 Who we are & scope

CleverMateAI (“we”, “us”) is a Chrome extension and companion website that let you chat with multiple AI models from inside any webpage. This policy explains what we collect, why, and your choices. It covers the extension, the website at clevermateai.xhuljano.dev, and the backend API at api.clevermateai.xhuljano.dev.

CleverMateAI works in two independent modes, and what we collect depends entirely on which you use.

02 BYOK mode — bring your own key

When you supply your own provider API key, the extension operates entirely on your device:

  • Your API key is stored locally in chrome.storage.sync (synced by your own Google account, never to us).
  • Chat requests go directly from your browser to the model provider (OpenAI, Anthropic, Google, etc.). They do not pass through our servers.
  • We do not receive, log, or store your key, your prompts, or the responses.

In this mode, the provider you choose processes your data under their privacy policy. The extension only accesses the content of a page when you explicitly summon it there.

03 Account mode — what we store

If you create a CleverMateAI account (to use our managed credits instead of your own key), we store the minimum needed to operate it:

  • Email address — your identifier and how we contact you about your account.
  • Password — never stored in plain text; only a salted scrypt hash is kept.
  • Plan & credit balance — your tier (free, pro, power) and remaining usage credits.
  • Usage log — per request we record the model used, token counts, computed cost, and a timestamp. This powers your dashboard and metering.
  • Activation codes — if you redeem one, we record that it was redeemed and bound to your account.

That's it. We do not collect your name, address, phone number, location, or browsing history.

04 Your conversations

In account mode, your messages are relayed through our server to the upstream model provider so we can meter usage. We record only the metadata of each call — token counts and cost — to deduct credits. We do not store the content of your prompts or the AI's replies in our database.

The upstream provider processes the message content to generate a response, under its own terms. Conversation history shown in the extension is kept locally in your browser, not on our servers.

05 Payments

Paid plans are handled by Stripe. Card details are entered on Stripe's checkout and are never sent to or stored by us. We keep only the Stripe customer and subscription identifiers needed to link a payment to your account and manage renewals. See Stripe's Privacy Policy for how they handle payment data.

06 Browser storage & cookies

We do not use advertising or tracking cookies. To keep you signed in, the website stores a couple of items in your browser's localStorage:

  • cm_token — your session token (a signed JWT).
  • cm_user_cache — a cached snapshot of your account so the dashboard loads instantly.

The extension additionally stores your settings and (in BYOK mode) your API key in chrome.storage. Clearing your browser data or logging out removes these.

07 Sharing & third parties

We do not sell, rent, or trade your personal data. We share data only with the service providers strictly required to run CleverMateAI:

  • AI model providers — to generate responses to your messages.
  • Stripe — to process payments (account mode, paid plans only).

We may disclose information if required by law or to protect the rights, safety, and security of our users and service.

08 Data retention

We keep account data for as long as your account is active. Usage logs are retained to support billing and your dashboard history. When you delete your account, we remove your personal data and associated records, except where we must retain limited information to meet legal or accounting obligations.

09 Your rights

You can, at any time:

  • Access the data tied to your account from your dashboard.
  • Correct your email or reset your password.
  • Delete your account and the personal data we hold — just contact us.
  • Export a copy of your account data on request.

Depending on where you live, you may have additional rights under the GDPR, UK GDPR, or CCPA. We honor those requests.

10 Security

Passwords are hashed with scrypt, sessions use signed tokens, and all traffic is served over HTTPS/TLS. No system is perfectly secure, but we apply sensible safeguards and keep the data we hold deliberately minimal to reduce risk.

11 Children

CleverMateAI is not directed to children under 13 (or the minimum age in your jurisdiction). We do not knowingly collect data from children. If you believe a child has provided us data, contact us and we'll remove it.

12 Changes & contact

We may update this policy as the product evolves. Material changes will be reflected by the “Last updated” date above. Questions, data requests, or concerns? Reach us at support@clevermateai.xhuljano.dev.