For the purposes of this policy the following terms have the meanings below, regardless of whether they appear in singular or plural form.
chrome.storage.sync, Chrome's built-in key-value store for extension settings.Canvas Phantom does not collect, transmit, or store any personal data on the Company's servers. There are no analytics, telemetry, tracking pixels, crash reporters, or usage-reporting mechanisms built into the Extension. The Company has no back-end server that receives data from the Extension.
Specifically, we never collect:
The Extension stores the following data in your browser using chrome.storage.sync. This storage is local to your browser profile and - if you have Chrome Sync enabled - may be synced by Google to your Google Account across your devices. The Company has no access to this data.
| Data item | Purpose | Retention |
|---|---|---|
| AI provider preference (e.g. "Claude" or "Gemini") |
Remembers which AI service you selected so the Extension uses it on subsequent page loads. | Until you change the setting or uninstall the Extension. |
| API key(s) (Anthropic or Google key you supply) |
Required to authenticate AI assistant requests sent directly from your browser to the AI provider. The key is never transmitted to the Company. | Until you delete it in the settings panel or uninstall the Extension. |
| Model selection (e.g. "claude-3-5-sonnet") |
Stores the specific AI model you chose within the selected provider. | Until you change the setting or uninstall the Extension. |
| Site rules (URL patterns you configure) |
Defines which websites the Extension's content scripts activate on. | Until you remove the rule or uninstall the Extension. |
No other data is written to chrome.storage.sync, local storage, IndexedDB, cookies, or any other persistent store.
Conversation history within the AI assistant panel is held in JavaScript memory only for the duration of the current page session. It is not written to disk, not sent to the Company, and is discarded when you close or navigate away from the tab.
When you use the AI assistant feature, the Extension sends your typed question - and any text you have highlighted on the page and chosen to ask about - directly from your browser to the AI provider you configured. No other data is transmitted.
| Recipient | Data sent | Condition |
|---|---|---|
| Anthropic (Claude API) | Your AI assistant queries and any highlighted text you submit. | Only if you select Claude as your AI provider and initiate an AI query. |
| Google (Gemini API) | Your AI assistant queries and any highlighted text you submit. | Only if you select Gemini as your AI provider and initiate an AI query. |
These API calls are made directly from your browser to the provider's servers using the API key you supplied. The Company does not proxy, intercept, log, or have access to these requests or their responses. Your use of these APIs is governed by the respective provider's terms of service and privacy policy:
No data is shared with any other third party. The Company does not sell, rent, or otherwise transfer your data to advertisers, analytics providers, data brokers, or any other entity.
| Permission | Why it is required |
|---|---|
activeTab |
Reads the current tab's URL to determine whether the Extension's protection is active and to display status in the popup. |
storage |
Saves your settings (API keys, provider choice, model selection, site rules) in Chrome's extension storage as described in Section 3. |
scripting |
Dynamically registers content scripts on pages that match your configured site rules. Without this permission the tab-switch detection bypass cannot function. |
tabs |
Reads tab URLs to display protection status and to open the options page in a new tab. |
| Host permissions (all URLs) | Users can configure custom site rules for any domain; broad host permissions are required to allow the Extension to inject scripts on user-specified domains. Scripts are only injected on pages matching an enabled rule. |
chrome.storage.sync and are transmitted only to the AI provider endpoint you configured - never to the Company.Because all data is stored locally in your browser, you are in full control of retention. All stored data (API keys, preferences, site rules) can be deleted at any time by:
In-memory session data (AI conversation history) is discarded automatically when you close or navigate away from the tab - no action is required.
The Company holds no copy of your data and therefore cannot be requested to delete it on your behalf. If you have concerns about data processed by an AI provider (Anthropic or Google), please refer to that provider's privacy policy and data deletion procedures.
API keys are stored using Chrome's built-in chrome.storage.sync API, which encrypts data at rest within your browser profile. Transmission to AI providers occurs over HTTPS (TLS). Because the Company does not receive or store your data on any server, there is no Company-side database that could be breached.
You are responsible for keeping your API keys confidential. If you believe an API key has been compromised, revoke it immediately in the respective provider's developer console and generate a new one.
Because the Company does not collect or store personal data on its own servers, most standard data-subject rights (access, correction, portability, erasure) are exercised directly through your browser's extension storage controls described in Section 7.
If you are located in the European Economic Area, United Kingdom, or a jurisdiction with applicable data-protection legislation, and you believe the Company has processed personal data about you, you may contact us at the address in Section 12. We will respond within the timeframe required by applicable law.
The Company (based in Vietnam) does not transfer your personal data internationally because it does not receive your personal data. AI queries you send via the Extension travel from your browser directly to the AI provider's servers; those transfers are governed by the respective provider's data-transfer safeguards and privacy policy.
This Extension is not directed at or designed for use by children under the age of 13 (or under 16 where required by local law). The Company does not knowingly collect personal information from children. If you believe a child has provided personal information in connection with this Extension, please contact us and we will take appropriate steps.
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For material changes, we will provide a prominent notice within the Extension or through the Chrome Web Store listing. Continued use of the Extension after any change constitutes acceptance of the updated policy. We encourage you to review this page periodically.
If you have questions or concerns about this Privacy Policy or the Extension's data practices, please contact:
Canvas Phantom
Email: logmilo12@gmail.com
Country: Vietnam