Privacy Policy

Last updated: May 2026

Token Pilot ("the Extension", "we", "us", "our") is a Chrome extension that helps you optimize prompts and content before sending them to Large Language Models (Claude, GPT, Cursor and others). This Privacy Policy explains what data we collect, how we use it, where it is stored and your rights. Token Pilot is operated by Hammoudi Ismail.

1 Who we are

Token Pilot is a Chrome extension that runs inside your browser as a side panel. It processes content you explicitly submit to it (logs, JSON, pasted text, screenshots) and helps you reduce the number of tokens you send to AI assistants. Most processing happens locally in your browser; the only feature that transmits content off your device is the optional OCR module, described in section 4.

2 Data we collect

2.1 Chrome Extension (local data)

The following data is stored exclusively in your browser via chrome.storage.local and localStorage. It never leaves your device:

• Pasted content, log lines, JSON payloads and screenshot images — text and images you submit to the extension are processed locally to detect noise, strip whitespace and structure the output. None of this content is transmitted to our servers, except OCR images (see section 4).
• Last optimization result — the most recent before/after output, kept so you can copy it when reopening the side panel. Cleared with the "Clear" button or on logout.
• Monthly usage counter — number of optimizations performed in the current month, used to enforce the Free plan limit (20/month).
• User preferences — theme (dark/light) and the last active tab.
• JWT authentication token — a JSON Web Token issued by the Token Pilot backend after sign-in. Stored locally to authenticate API requests. Never transmitted to any third party.

2.2 Google Sign-in

Token Pilot offers the option to sign in using your Google account via OAuth 2.0. When you choose "Continue with Google", the following data is received from Google and used to create or identify your Token Pilot account:

• Email address — used as your unique account identifier. Stored in our database.
• Full name — used to display your name in the extension UI. Stored in our database.
• Google profile picture URL — public avatar URL. Stored in our database.
• Google account ID (sub) — used internally to link your Google identity to your Token Pilot account. Not exposed to any third party.

We do not receive or store your Google password, Google contacts, Google Drive files, Gmail messages, or any other Google service data. We do not store Google OAuth tokens beyond the one-time code exchange — only the Token Pilot JWT issued after successful authentication is kept locally in your browser. Google Sign-in is optional: you may also register with an email and password.

2.3 Account data (Cloudflare D1 database)

• Account information — your email address and (when you register with email/password) a salted hash of your password.
• Subscription plan — your current plan (free, pro or team) and your Stripe customer ID once you have subscribed.
• Account creation date — the timestamp at which your account was created.

3 Data we do NOT collect

• The content of your logs, JSON payloads or pasted text — all cleaning is performed locally in your browser.
• Your browsing history, page content, cookies or session tokens from any website you visit.
• Your Google password, Google contacts, Gmail content, Google Drive files, or any other Google account data.
• Your credit card number or any billing card details (handled exclusively by Stripe).
• Telemetry, click-tracking, scroll-tracking, advertising identifiers or behavioural analytics.
• Personal data from children under 16.

4 OCR processing (optional)

The Screenshot tab uses Optical Character Recognition (OCR) to extract text from images you submit. When you upload a screenshot or capture a screen area and click "Extract & Optimize Text", the image is transmitted over HTTPS to our backend (Cloudflare Workers), which forwards it to a Hugging Face Space running PaddleOCR for text extraction. The Space returns the extracted text along with a confidence score.

Submitted images are not stored on our servers, in Cloudflare logs (beyond the standard request log of ~24h) or by Hugging Face beyond the request lifetime. The OCR module is the only feature of the extension that transmits content off your device. The other tabs (Logs, JSON, Paste) process content entirely locally.

5 Third-party services

We share data only with the following sub-processors, for the purposes described:

• Google LLC — identity provider for Google Sign-in (OAuth 2.0). When you choose to sign in with Google, your browser is redirected to Google's authentication servers. Google shares your email address, name, picture URL and account ID with us upon successful authentication. We do not share any of your data back with Google. Subject to Google's Privacy Policy.
• Cloudflare, Inc. — infrastructure provider for our serverless backend (Cloudflare Workers) and database (Cloudflare D1). All backend API calls and account data at rest transit through or are stored on Cloudflare infrastructure (EU region). Subject to Cloudflare's Privacy Policy.
• Hugging Face, Inc. — OCR inference provider. Screenshot images you submit through the Screenshot tab are sent to a private Hugging Face Space running PaddleOCR. Images are not retained after inference. Subject to Hugging Face's Privacy Policy.
• Stripe, Inc. — payment processor. Billing, subscription management and payment card data are handled exclusively by Stripe Checkout. We never receive or store your card details. Stripe sends us only your email, subscription plan and customer ID via webhook. Subject to Stripe's Privacy Policy.
• Legal requirements — we may disclose data if required by applicable law, court order or to protect the rights and safety of Token Pilot or its users.

We do not sell, rent or trade your personal data to any third party for any purpose.

6 Chrome Extension permissions

The Token Pilot Chrome extension requests the following browser permissions and uses them solely as described:

• storage — to save your authentication token, usage counter, theme preference and last optimization result locally via chrome.storage.local and localStorage.
• activeTab — to inject a file picker in the current tab (workaround for a Chromium limitation that closes side panels when a native file dialog opens) and to capture the visible area when you use the "Capture Screen Area" feature.
• scripting — to inject the file picker helper described above into the active tab when you click the screenshot upload zone.
• tabs — to open the Google Sign-in tab, the Stripe Checkout tab and to send messages between the side panel and the active tab during screen capture.
• sidePanel — to display the Token Pilot UI in Chrome's persistent side panel.
• Host permission: <all_urls> — required only to allow the "Capture Screen Area" feature to overlay a selection rectangle on the page you are currently viewing. No content of the pages you visit is read, stored or transmitted.
• externally_connectable: token-pilot-api.friggi-isham.workers.dev — allows our authentication callback page to send the Google sign-in code back to the extension, so the side panel can complete the sign-in without you having to copy and paste a token.

7 Data retention

• Account data (email, name, plan, Stripe customer ID) is retained for as long as your account is active.
• You can delete your account and all associated data at any time by emailing us — we will process the request within 30 days.
• Local browser data (chrome.storage.local, localStorage) is cleared when you uninstall the extension or click the logout button in the side panel header.
• Stripe retains billing records according to its own retention policy and applicable tax law (typically 7 years), independently of Token Pilot.
• OCR images are not retained — they are processed in memory and discarded as soon as the OCR response is returned.

8 Security

All data in transit is encrypted via HTTPS/TLS. Account passwords are stored as salted PBKDF2 hashes (100 000 iterations, SHA-256) and never in plain text. Authentication uses signed JWT tokens. Backend code runs on Cloudflare Workers with no long-running shell access. We follow industry-standard security practices and perform regular dependency reviews.

9 Your rights (GDPR)

If you are located in the European Economic Area, the United Kingdom or Switzerland, you have the right to:

• Access the personal data we hold about you.
• Rectify inaccurate data.
• Request deletion of your data ("right to be forgotten").
• Object to or restrict processing of your data.
• Receive your data in a portable format.
• Withdraw consent at any time, where processing is based on consent.

To exercise any of these rights, contact us at [email protected].

10 Cookies

The Token Pilot extension does not use cookies. Cloudflare and Stripe may set technical cookies required for fraud prevention and payment processing on the Stripe Checkout page; these are governed by their respective privacy policies linked in section 5. We do not use tracking cookies or third-party advertising cookies.

11 Children

Token Pilot is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we may have inadvertently collected data from a child, please contact us and we will delete it promptly.

12 Changes to this policy

We may update this Privacy Policy from time to time. We will notify registered users by email of any material change. The "Last updated" date at the top of this page always reflects the most recent revision. Continued use of the Extension after changes constitutes acceptance of the revised policy.

13 Contact

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

Token Pilot
Email: [email protected]