Back to Connect My AI / Terms of Service
Connect My AI Privacy Policy
# Connect My AI Privacy Policy Effective date: 2026-06-18 Version: 2026-06-18 Connect My AI helps you connect AI tools to browser tabs with user-approved browser control. This Privacy Policy explains what data the website, dashboard, server, browser extension, and desktop companion process during the current release. ## Data We Process Connect My AI may process account email, subscription status, browser extension status, desktop companion status, tab metadata, local tab-recovery snapshots, page text or page state when requested, action requests and results, timestamps, risk labels, audit events, permission approval or denial records, extension health information, and support ticket or Help Assistant details that you choose to send. ## Sensitive Data The extension attempts to detect sensitive fields such as password, credit card, banking, address, private, token, and account-number fields. Sensitive or high-risk actions require confirmation. Do not intentionally store passwords, credit card numbers, authentication tokens, private keys, or private secrets in prompts, support tickets, workflow recipes, or saved instructions. Connect My AI does not store website passwords. Sign-In Assist can focus login fields and may perform an optional one-time, origin-checked fill into the matching browser tab, but passwords are not saved to Connect My AI servers or returned to AI tools. Respect My Tabs snapshots are stored locally by the extension or desktop companion. They contain URLs and basic tab/window state for recovery, not page contents, passwords, form entries, or payment information. ## How Data Is Used Data is used to execute user-approved browser automation, show connection health and action status, enforce permissions and policies, maintain permission records and audit trails, support security reviews, respond to support requests, verify subscription access, and provide optional AI-assisted help responses. ## Data Sharing Connect My AI does not sell personal data or browsing data. Data is shared only with service providers needed to operate the product, such as payment processors, hosting providers, authentication providers, email and ticket routing providers, and optional AI support providers when Help Assistant is enabled. ## Local-First Storage and Retention During the current release, the app stores operational records in a local JSON store for the deployed server instance and in browser or desktop local storage for local companion features. - Account records include your email, subscription state, Terms acceptance status, and session metadata. User sessions expire based on the configured session lifetime. - Magic links are hashed, expire, are single-use, and are capped in the local store. The configured magic-link window controls the expiry time. - Browser pairing codes are hashed, expire, are single-use, and are capped in the local store. The current pairing window is about 10 minutes. - Audit events are capped in the local store and record operational events such as login, pairing, policy changes, approvals, revocation, support activity, and browser action status. - Support tickets are capped in the local store and may also be sent by email when support email delivery is configured. - Extension diagnostics are scoped and redacted for support. Public diagnostics do not expose active tab URLs or page content. - Permission records in the extension and desktop companion are capped locally. - Action queues and results are retained as queue/status records needed for browser control and troubleshooting. Raw page content is processed only when requested and is not retained by default unless included in an action result, audit event, support ticket, or local diagnostic record. - Extension and agent credentials are stored as token hashes. Signing secrets are part of the local-first storage model and must be protected by the operator's host and file permissions. Connect My AI keeps operational records limited, scoped, and reviewable. ## User Control You can pause browser control, trigger Panic Stop, deny risky actions, limit allowed domains and actions, revoke browser extension access, rotate or revoke AI-agent credentials, and request support. ## Browser API Limited Use The use of information received from browser APIs and connected services is limited to providing and improving Connect My AI's single purpose: user-approved browser automation for user-selected AI tools. We do not use browsing data for advertising or sell browsing data. ## Security Action requests are signed by the server and verified by the extension before execution. Agent credentials are token or HMAC based. The current release protects credentials with token hashing, scoped credentials, revocation, secure cookies in production, origin checks, rate limits, and host/file-system controls. Commercial SaaS v1 requires encryption-at-rest for stored signing secrets. ## Contact Contact: connectmyai.sabbath735@aleeas.com