Privacy Policy
This page lists every piece of data BetterSkillsMD touches, where it goes, and who else sees it. Short version: not much, and almost none of it touches our servers.
1. What we collect
BetterSkillsMD does not run a backend. We do not host an analytics endpoint, a log server, or a user database. The extension's only network destinations are the API endpoints it has explicit host permission for in the Chrome manifest:
api.openai.com— when you've selected OpenAI as your providergenerativelanguage.googleapis.com— when you've selected Google Geminiextensionpay.com— for one-time-purchase checkout and license verification
Your browser cannot reach any other domain through the extension. This is enforced by Chrome's host-permission model, not by our promise.
2. Where each piece of data goes
| Data | Stored where | Sent where |
|---|---|---|
| Your OpenAI / Gemini API key | chrome.storage.local on your machine, isolated to this extension |
Sent in the Authorization header to the chosen provider only. Never logged. Never sent to us. |
| Screenshots you capture | chrome.storage.local on your machine (history, last 20 by default) |
Sent to your chosen provider (OpenAI or Gemini) for analysis. Not stored or transmitted by us. |
Generated design.md output |
chrome.storage.local on your machine |
Nowhere by us. You copy / download / paste it manually. |
| Email + payment details (paying customers only) | Held by ExtensionPay and Stripe under their own terms | ExtensionPay (for license check) and Stripe (for payment). See their privacy policies. |
We — the BetterSkillsMD developer — have no access to your screenshots, your API key, or the markdown the model generates. They live on your machine in extension-isolated storage and are removed when you uninstall.
3. Third parties
The extension talks to exactly three third-party services, all over HTTPS:
-
OpenAI — when OpenAI is your active provider. The screenshot and your prompt are sent to
api.openai.com/v1/chat/completions. Their terms govern what they do with the data; per their policy as of writing, API content is not used for training. -
Google (Gemini) — when Gemini is your active provider. The screenshot and your prompt are sent to
generativelanguage.googleapis.com. Their terms govern what they do with the data; per their policy as of writing, API content from paid tiers is not used for training. -
ExtensionPay — only if you choose to upgrade. They handle Stripe-backed payment and email-keyed account state for paid customers. We receive an opaque
paid: trueflag for your account; we do not see your card or email.
4. What we do NOT do
- No tracking pixels, no analytics, no fingerprinting.
- No telemetry or error reporting back to any server we control.
- No ad networks or third-party scripts on this website.
- No selling, renting, or sharing your data — we do not have it to sell.
5. Permissions, explained
Chrome will tell you the extension wants these permissions on install. Each one is justified by a specific feature; none is broader than it needs to be.
activeTab— to read pixels from the page you're actively on when you trigger a capture.scripting— to run small temporary scripts in the active tab during capture (for example, scrolling and stitching a full-page screenshot, or showing the drag-a-region overlay).storage— to save your settings, capture history, and (briefly, in session memory) your API key.sidePanel— to render the side-panel UI where the markdown streams in.downloads— to let you save the generateddesign.mdas a file.offscreen— to run the long-lived streaming request to the AI provider in a context that can outlive the service-worker idle timer.alarms— to keep the service worker awake during a long capture.
6. Your rights
Because we hold no data about you on our infrastructure, there's nothing for us to delete, export, or correct. To remove all of the extension's data from your machine, uninstall the extension from chrome://extensions — Chrome clears the extension's local storage on uninstall. For data held by OpenAI, Google, ExtensionPay, or Stripe, request export or deletion through those providers directly.
7. Contact
Questions, security reports, or refund requests: open an issue on github.com/aroramit17/betterskillsmd.
Last updated: .