Privacy Policy
Last updated: March 31, 2026
Summary: DOZ does not collect, store, or transmit any personal data to our servers. All data stays on your device and is sent only to the LLM provider you choose (DeepSeek or Nemotron). We do not have servers, analytics, or tracking.
1. Introduction
This Privacy Policy describes how DOZ ("the Extension", "we", "our") handles information when you use our Chrome browser extension. DOZ is an AI-powered browser automation tool that helps users control websites using natural language.
We are committed to protecting your privacy. DOZ is designed with a privacy-first approach - your data never touches our servers because we don't have any.
2. Information We Collect
2.1 Information We Do NOT Collect
- We do not collect any personal information
- We do not collect browsing history or browsing activity
- We do not collect form data or passwords
- We do not use cookies or tracking technologies
- We do not collect analytics or usage statistics
- We do not have any servers that receive your data
- We do not sell, share, or transfer any user data
2.2 Data Stored Locally on Your Device
DOZ stores the following data locally on your device using Chrome's built-in storage API (chrome.storage.sync):
- API Key: Your LLM provider API key (DeepSeek or Nemotron), stored locally to authenticate with the AI service you choose
- Settings: Your preferences such as selected provider, temperature, control mode, and email settings
- OAuth Tokens: If you connect Gmail or Outlook, authentication tokens are stored locally to access your email
This data is stored exclusively on your device and is synced only through your Chrome profile if you have Chrome Sync enabled (a Google feature, not ours).
3. How Your Data Is Used
3.1 Page Content
When you give DOZ a task, the extension reads the content of your current browser tab to understand the page context. This content is:
- Processed locally in your browser
- Sent directly from your browser to your chosen LLM provider (DeepSeek or NVIDIA Nemotron) for AI processing
- Not stored, logged, or transmitted to any other party
- Not retained after the task is complete
3.2 Screenshots
DOZ captures screenshots of your active tab to show you what actions are being taken. These screenshots are:
- Created and displayed locally in the extension's side panel
- Not sent to any server
- Not stored permanently - they exist only during the active session
3.3 Email Integration
If you choose to connect Gmail or Outlook:
- Gmail: Uses Google's OAuth2 via Chrome's identity API. DOZ requests only the permissions you authorize (read, send, modify). Email data is fetched directly from Google's servers to your browser.
- Outlook: Uses Microsoft's OAuth2 via Chrome's identity API. Email data is fetched directly from Microsoft's servers to your browser.
- Email content is processed locally and sent to your LLM provider only when you ask DOZ to read or respond to emails
- We never store, cache, or log your email data
4. Third-Party Services
DOZ communicates directly with the following third-party services based on your configuration:
- DeepSeek API (api.deepseek.com) - when selected as your LLM provider. Subject to DeepSeek's Privacy Policy
- NVIDIA NIM API (integrate.api.nvidia.com) - when Nemotron is selected. Subject to NVIDIA's Privacy Policy
- Google Gmail API (googleapis.com) - only if you connect Gmail. Subject to Google's Privacy Policy
- Microsoft Graph API (graph.microsoft.com) - only if you connect Outlook. Subject to Microsoft's Privacy Policy
Communication with these services happens directly from your browser. DOZ does not proxy, intercept, or log this traffic.
5. Data Security
We take the following measures to protect your data:
- All API communications use HTTPS encryption
- API keys are stored in Chrome's secure storage
- OAuth tokens are managed through Chrome's built-in identity system
- No data is transmitted to or stored on any DOZ-operated server
- The extension's source code is open-source and available for audit on GitHub
6. Permissions
DOZ requests the following Chrome permissions and why:
- activeTab / tabs: To read and interact with your current browser tab when you give a task
- scripting: To inject the content script that performs browser actions (clicks, typing, scrolling)
- storage: To save your settings and API key locally
- sidePanel: To display the DOZ interface in Chrome's side panel
- identity: To authenticate with Gmail and Outlook using OAuth2
- host_permissions: To communicate with LLM APIs and email APIs
7. Children's Privacy
DOZ is not directed at children under the age of 13. We do not knowingly collect any information from children.
8. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. Continued use of DOZ after changes constitutes acceptance of the updated policy.
9. Your Rights
Since all data is stored locally on your device, you have full control over it:
- You can view your stored settings in the extension's options page
- You can delete all data by using the "Reset" button in Settings, or by removing the extension
- You can disconnect Gmail or Outlook at any time from the Email settings
- You can revoke Google OAuth access from your Google Account permissions
10. Open Source
DOZ is open-source software. The complete source code is available on GitHub for transparency and security auditing.
11. Contact
If you have any questions about this Privacy Policy, please contact us:
- GitHub Issues: github.com/khasawn2-dotcom/doz-extension/issues