Back to home
Privacy

Your data stays yours.

Chromfy extensions are designed to be local-first. We collect the minimum we need to make products work, store it on your device whenever possible, and never sell it. This policy explains what that looks like in practice.

Last updated · May 2026

Overview

Chromfy, Inc. (“Chromfy”, “we”, “us”) builds Chrome extensions and the website at chromfy.com. This Privacy Policy covers all Chromfy extensions and the website. Individual extensions may also publish their own privacy notice when they handle a specific kind of data (for example, AI panels or sync features) — those notices add to, but never weaken, this one.

Our default position: process data on your device, encrypt anything that leaves it, and ship the smallest permission surface that lets the extension do its job.

What we collect

We try to keep this list short. Depending on which extensions and features you use, we may collect:

  • Account data — if you create an Chromfy account (only required for cloud sync): your email address and a hashed password.
  • Extension preferences — settings you configure, stored on your device. Only synced to our servers if you turn on sync, and only in end-to-end encrypted form.
  • Diagnostic data — anonymous crash reports and performance counters, with no page content, URLs, or user identifiers attached. You can opt out at any time in Settings.
  • Support correspondence — emails you send us, kept only as long as needed to resolve your issue.

What we don't collect

The following are explicit non-goals at Chromfy:

  • Browsing history. We do not record the pages you visit or your search queries.
  • Page content. Page text, form inputs, and DOM snapshots stay on your device. They never reach us, unless you explicitly send a prompt to a third-party AI provider you have configured (see “AI features” below).
  • Behavioural advertising data. We do not run ads, do not have an ads SDK, and do not embed third-party trackers.
  • Cross-site identifiers. We do not place tracking cookies, fingerprint browsers, or correlate activity across sites.

How we use data

We use the small amount of data we do collect to: operate the extensions and the website, authenticate accounts, sync settings if you opt in, prevent fraud and abuse, and improve product reliability. We do not use your data to train AI models, ours or anyone else's.

Sharing & third parties

We share data only in three narrow situations:

  • Service providers who help us run the product (hosting, transactional email, error reporting). They are bound by contracts that mirror this policy.
  • AI providers you configure. If you choose to send prompts to OpenAI, Anthropic, Google, or a local model, the prompt and selected context go directly from your browser to that provider. Their terms apply to that data — not ours.
  • Legal requirements. If we receive a valid legal request, we will challenge it where possible and disclose only what we are compelled to share.

We have never sold user data and we will not. If Chromfy is ever acquired, the acquirer must honour this policy or notify you with a meaningful opportunity to delete your data first.

AI features

Some extensions include AI features (for example, PromptLens). For these:

  • You choose the provider and supply the API key. Keys are stored locally and encrypted at rest.
  • Only the content you explicitly select or type is sent — never an entire page or your history.
  • We do not proxy AI traffic through Chromfy servers. Requests go directly from your browser to the provider.
  • We never use prompts, completions, or context for training.

Retention & deletion

Local data lives on your device until you uninstall the extension or clear it from Settings. Synced data lives until you delete your account; deletion takes effect within 30 days across backups. Diagnostic data is retained for 90 days.

Your rights

Depending on where you live, you may have the right to access, correct, port, or delete your personal data, and to object to or restrict certain processing. To exercise any of these, email privacy@chromfy.com. We respond to every request within 30 days, free of charge.

EU and UK users: we rely on legitimate interests and consent as our lawful bases. California users: we do not sell or share personal information as those terms are defined under the CCPA/CPRA.

Children

Chromfy is not directed to children under 13 (or the equivalent minimum age in your country), and we do not knowingly collect data from them. If you believe a child has provided us with personal data, contact us and we will delete it.

Changes

We will update this policy as the product evolves. Material changes will be announced in-product and via email to account holders at least 14 days before they take effect.

Contact

Questions, requests, or concerns: privacy@chromfy.com. For business and partnership questions, write to hello@sentosh.com.