Chrome Extension Privacy Policy
How the WebLLM Chrome Extension handles your data, permissions, and privacy.
Last updated: November 2025
Overview
The WebLLM Chrome Extension is a privacy-first tool that enables websites to access AI capabilities through the browser-native navigator.llm API. This extension acts as an orchestration layer between websites and AI providers you configure.
Extension Permissions Explained
The extension requests certain permissions to function. Here's exactly what each permission does:
Why needed: To inject the WebLLM API (navigator.llm) into web pages so websites can request AI capabilities.
What it does: Allows the extension's content script to run on any website you visit.
Privacy note: The extension only activates when a website explicitly calls the WebLLM API. It does not read, collect, or transmit any page content unless you grant permission to a specific site's AI request.
Why needed: To store your settings, API keys, conversation history, and permission grants locally in IndexedDB.
What it stores:
- Provider configurations and API keys (encrypted)
- Per-website permission grants
- Conversation history for your reference
- User preferences and settings
Privacy note: All data remains in your browser's local storage. Nothing is sent to WebLLM servers.
Side Panel: Displays the extension's settings interface where you configure providers and manage permissions.
Alarms: Used for scheduled cleanup of old conversation history based on your retention settings (7, 30, or 90 days).
What Data We Collect
We Do Not Collect Any Data
The WebLLM extension does not collect, transmit, or store any data on external servers. There is no analytics, telemetry, crash reporting, or usage tracking of any kind.
Data stored locally in your browser:
Stored:
- Your API keys (for providers you configure)
- Provider settings and preferences
- Per-site permission grants
- Conversation history (optional, configurable retention)
- Usage statistics (local only, for your reference)
NOT Stored or Transmitted:
- Browsing history
- Page content you view
- Personal information
- Any data to WebLLM servers
- Analytics or telemetry
Third-Party AI Providers
When You Use Cloud AI Providers
If you configure cloud AI providers (OpenAI, Anthropic, Google, etc.), your prompts and conversations are sent directly to those providers using your own API keys. Each provider has their own privacy policy governing how they handle your data.
Recommendation: For maximum privacy, use local AI providers like Ollama or LM Studio, which process everything on your device with zero external data transmission.
Security Measures
Your Rights & Controls
Clear all data at any time via Settings → Storage → "Clear All Data". This removes all conversations, permissions, API keys, and settings.
Your data is stored in standard IndexedDB format and can be accessed through browser developer tools if needed.
Revoke AI access for any website at any time through the Permissions panel. Sites will need to request permission again.
Removing the extension automatically deletes all associated local data from your browser.
Open Source Transparency
WebLLM is fully open source under the MIT license. You can audit the entire codebase to verify our privacy claims:
Contact
For privacy-related questions, concerns, or data requests, please open an issue on our GitHub repository.
Changes to This Policy
This privacy policy may be updated as the extension evolves. Significant changes will be noted in the extension's changelog and GitHub repository. The "Last updated" date at the top of this page indicates when changes were last made.