Privacy Policy for GPT Island

Effective Date: May 16, 2025

Welcome to GPT Island! This Privacy Policy describes how GPT Island ("we," "us," or "our," referring to the extension developer) collects, uses, shares, and protects your personal information when you install and use the GPT Island Chrome extension (the "Extension") and its related services (collectively, the "Services").

By using our Extension and Services, you agree to the collection and use of information in accordance with this policy.

1. Developer Information

Extension Name: GPT Island
Contact Email for Privacy Concerns: support@gptisland.com

2. Information We Collect

We collect information to provide and improve our Services to you. The types of information we collect are:

A. Information You Provide Directly:

• Google Account Information: When you authenticate using Google OAuth, we collect your Google ID and email address. This is used for account creation, authentication, and communication.
• Payment Information (via Stripe): To subscribe to premium features, you will be directed to Stripe, our third-party payment processor. We do not directly collect or store your full payment card details. Stripe provides us with your Stripe Customer ID and subscription status, which we store to manage your account and verify payments.
• User-Provided API Keys: If you use the "bring your own API key" feature for AI services, you will provide your API key directly to the Extension. This key is stored locally within your browser's chrome.local.storage and sent directly from your browser to the chosen AI provider. We do not store these user-provided API keys on our servers.
• Prompts and Interactions: Your prompts and the content you submit to AI services through the Extension are not stored on our servers. They are sent directly to the respective AI API (e.g., ChatGPT, DeepSeek, or the service linked to your own API key) to obtain a response.

B. Information Collected Automatically:

• API Token Usage: We monitor the usage of API tokens (for services provided through GPT Island, not your own keys) to manage monthly allocations, reset quotas, and ensure fair use of the Services. This usage data is associated with your account.
• Server Logs: Our servers automatically log certain information when you interact with our Services. This may include your IP address, browser type, operating system, the date and time of your request, and other standard server log information. These IP hits are logged for security and operational monitoring but are not directly associated with your user account details in these logs.
• Usage Data (Potentially via Google Analytics): We may use third-party analytics services like Google Analytics to collect information about how you use our Extension (e.g., features used, frequency of use). This data is typically aggregated and anonymized or pseudonymized and is used to understand user behavior and improve the Extension. If Google Analytics is used, its data collection is subject to Google's privacy policy.

C. Information Stored Locally on Your Device:

• Chat History: The Extension stores your chat history with AI services within your browser's chrome.local.storage. This information is stored locally on your device and is not transmitted to or stored on our servers. You have control over this local data through your browser settings.
• Extension Settings: Any user preferences or settings for the Extension are also stored locally in chrome.local.storage.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To Provide and Maintain Our Services:
  • Authenticate your access to the Extension using your Google account.
  • Process your subscriptions and manage your account status using information from Stripe.
  • Forward your prompts to the selected AI API providers to generate responses.
  • Manage API token usage and enforce quotas.
  • Enable the "bring your own API key" functionality.
• To Communicate With You:
  • To send you important information regarding your account, subscription, or updates to our Services or policies, using your email address.
  • To respond to your inquiries and provide support via support@gptisland.com.
• For Security and Operations:
  • To monitor for and prevent fraudulent or unauthorized activity.
  • To diagnose technical issues and maintain the stability of our servers and Services.
• To Improve Our Services:
  • To understand how users interact with the Extension (potentially through analytics) to improve features, usability, and overall user experience.

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following limited circumstances:

• AI API Providers (e.g., OpenAI, DeepSeek): When you use the Extension to interact with an AI service, your prompts (and your user-provided API key, if applicable) are sent directly from your browser or forwarded by our server to the respective AI provider to obtain a response. Their use of your data is governed by their own privacy policies. We recommend you review the privacy policies of these providers (e.g., OpenAI, DeepSeek, or any service you connect with your own API key).
• Stripe (Payment Processing): For subscription payments, you will be redirected to Stripe. Stripe processes your payment information directly. We share necessary information with Stripe to facilitate these transactions (like your email or user ID for account linking) and receive subscription status and customer ID in return. Stripe's use of your information is governed by Stripe's Privacy Policy.
• Google (for Authentication): When you sign in using Google OAuth, certain information is exchanged with Google as part of the authentication process, governed by Google's Privacy Policy.
• Google Analytics (if used): If we use Google Analytics, usage data may be shared with Google to provide analytics services. This data is typically handled as described in Google's Privacy Policy.
• Legal Requirements and Protection of Rights: We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to:
  • Comply with a legal obligation or governmental request.
  • Protect and defend our rights or property.
  • Prevent or investigate possible wrongdoing in connection with the Services.
  • Protect the personal safety of users of the Services or the public.
  • Protect against legal liability.
• Business Transfers: If we are involved in a merger, acquisition, or asset sale, your Personal Information may be transferred. We will provide notice before your Personal Information is transferred and becomes subject to a different Privacy Policy.

5. Data Storage, Retention, and Security

• Data Stored on Our Servers:
  • Your Google ID, email address, Stripe Customer ID, and subscription status are stored on our servers for as long as your account is active and as necessary to provide you with our Services, comply with our legal obligations, resolve disputes, and enforce our agreements.
  • API token usage data (for tokens we manage) is stored to manage monthly cycles and may be archived or deleted after a certain period.
  • Server logs (including IP addresses) are retained for a limited period for security and operational analysis (e.g., 30-90 days) and then deleted or anonymized.
• Data Stored Locally (chrome.local.storage):
  • Your chat history and user-provided API keys are stored in your browser's local storage. This data remains on your device until you clear your browser's storage or uninstall the Extension. We do not access this locally stored data.
  • Extension Settings: Any user preferences or settings for the Extension are also stored locally in chrome.local.storage.
• Data Security:
  • We use HTTPS to encrypt data transmitted between your browser, our servers, and third-party APIs.
  • Access to personal data on our servers is restricted to authorized personnel.
  • While we implement reasonable security measures to protect your information, please be aware that no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security.
  • Sensitive payment information is handled directly by Stripe, which maintains its own robust security measures.

6. Your Data Rights and Choices

You have certain rights regarding your personal information:

• Access, Correction, or Deletion: You can request to access, correct, or delete your personal data stored on our servers (Google ID, email, Stripe information, API usage linked to your account) by contacting us at support@gptisland.com. We will respond to your request within a reasonable timeframe.
• Managing Subscription: You can change or cancel your Stripe subscription via the interface provided within the Extension or by contacting Stripe directly, subject to their terms.
• Revoking Google OAuth Consent: You can revoke GPT Island's access to your Google account at any time through your Google account security settings. If you revoke consent, you may lose access to some or all of our Services.
• Managing Locally Stored Data: You can clear your chat history and any locally stored API keys by clearing your browser's local storage for the Extension or by uninstalling the Extension.
• Analytics Opt-Out: If we use Google Analytics, you may be able to opt-out of their data collection by using the Google Analytics Opt-out Browser Add-on or other mechanisms provided by Google.
• Communications: You can opt-out of non-essential communications by contacting us, though we may still send you essential service-related emails (e.g., security notices, payment confirmations).

7. Children's Privacy

Our Services are not directed to individuals under the age of 13 (or a higher applicable age of digital consent in your jurisdiction, e.g., 16 in some parts of Europe). Furthermore, to use features requiring payment through Stripe, you must be of an age to enter into a legally binding contract with Stripe (typically 18 or older, or 13-17 with parental consent where Stripe's terms allow). We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without verification of parental consent, we will take steps to remove that information from our servers. If you believe that a child has provided us with personal information, please contact us at support@gptisland.com.

8. Third-Party Services and Links

Our Extension interacts with third-party services (AI API providers, Stripe, Google). This Privacy Policy does not apply to the practices of third parties that we do not own or control. We encourage you to review the privacy policies of any third-party services you interact with through our Extension.

9. International Data Transfers

Our servers are primarily located in the United States. If you are accessing our Services from outside the United States, please be aware that your information, including personal data, may be transferred to, stored, and processed in the United States. By using our Services, you consent to the transfer of your information to the U.S.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new Privacy Policy within the Extension, on our website (if applicable), or by sending you an email if the changes are material. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page. Your continued use of the Services after any modification to this Privacy Policy will constitute your acceptance of such modification.

11. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

support@gptisland.com