Legal

Privacy Policy for Nexpot Chrome Extension

Effective date: May 13, 2026

Nexpot provides an AI-powered assistance platform through the Nexpot Chrome Extension and related web, desktop, account, billing, speech, and automation services.

This Privacy Policy explains how the Nexpot Chrome Extension collects, uses, processes, stores, and shares information when users interact with the extension and related services. Nexpot is the controller of the information described here unless a separate agreement says otherwise.

By using the Nexpot Chrome Extension or related services, you agree to the practices described in this Privacy Policy.

Information we collect

Account and authentication data

email address, password hash for email/password accounts, Google account identifier, display name, profile picture, session tokens, account status, credit balance, and sign-in metadata
password reset tokens and related email delivery records when you request account recovery

Chrome extension and browser context data

visible tab screenshots or visual representations of webpages or applications when initiated by the user or required for requested extension functionality
browser tab context needed to capture the active tab and render requested overlays, such as the current active tab URL and page title
Autopilot action decisions based on screenshots and task context rather than webpage DOM, HTML structure, visible text extraction, or interactive element lists
requested Autopilot actions and action results, such as click, type, select, scroll, wait, or navigation outcome

Voice, prompt, and assistant data

microphone audio when you actively use push-to-talk or voice input
speech transcripts, typed prompts, assistant replies, and recent conversation context stored locally for continuity
text sent for speech synthesis and generated audio returned to the app or extension

Billing and usage data

Stripe customer ID, checkout session ID, subscription ID, invoice ID, payment intent ID, package purchased, price, currency, credit grants, and receipt delivery status
usage events such as feature source, credits used, provider cost estimate, billing amount, and timestamps

Website and contact data

prompts, chat messages, commands, feedback, support requests, name, email address, company name, company website, social or website link, estimated seats, and request type when you submit a form
technical information such as browser type, extension version, operating system, device type, IP-derived request metadata, cookies, error logs, performance diagnostics, usage statistics, analytics events, and security signals needed to operate the website and hosted service

How we use information

We use information to:

authenticate users and maintain signed-in sessions
provide answers, tab overlays, voice transcription, text-to-speech, Autopilot actions, account management, credits, billing, and downloads
analyze screenshots and user-provided request context so Nexpot can provide contextual assistance requested by the user
process payments, subscriptions, receipts, refunds, disputes, and tax or accounting records
prevent abuse, investigate security incidents, debug failures, measure reliability, and enforce usage limits
improve accuracy, reliability, diagnostics, and extension functionality
respond to support, team plan, affiliate, and account recovery requests
comply with legal obligations and protect the rights, safety, and security of Nexpot, users, and third parties

We do not use collected data for:

advertising
data brokerage
cross-site tracking
personalized marketing
selling user data
creditworthiness or lending decisions
unauthorized profiling
analytics unrelated to user-facing Nexpot functionality

Chrome extension data handling

The Chrome extension uses browser permissions only for user-facing Nexpot features. It does not continuously collect browsing history. It captures the current normal browser tab only after you grant tab access and actively ask Nexpot to use the page, speak to Nexpot, or enable Autopilot.

The extension stores local settings, account metadata, session tokens, permission state, and recent conversation context in Chrome extension storage. You can clear this local data by signing out, removing the extension, or clearing the extension storage in Chrome.

Screenshots and request context may contain sensitive information depending on the page or application you are using. Avoid using Nexpot on webpages containing highly sensitive personal, financial, medical, or confidential information unless you intentionally want that visual context processed for your request.

AI processing and service providers

To provide AI-powered functionality, certain data may be securely processed by trusted infrastructure, AI, speech, analytics, authentication, email, database, and payment service providers. Data shared with providers is limited to what is necessary to provide the requested functionality, and we require appropriate security and confidentiality protections.

AI, speech, and automation providers

Anthropic may process prompts, screenshots, conversation context, and Autopilot task data to generate assistant responses and browser action decisions
OpenAI may process audio for speech-to-text and requests for Codex-related hosted features
AssemblyAI may process streaming speech data or provide transcription tokens for voice features
ElevenLabs may process text to generate spoken replies

Infrastructure, account, and operations providers

Google may process Google sign-in data when you choose Google authentication
Stripe processes billing, payment, customer, invoice, subscription, and payment method data; Nexpot does not receive or store full card numbers
Neon, Vercel, Resend, and similar infrastructure providers may process data needed for database hosting, web hosting, analytics, logs, email delivery, and service operations

Legal and safety disclosures

we may disclose information if required by law, legal process, security investigation, fraud prevention, or to protect the rights and safety of Nexpot, users, or others
we may transfer information as part of a merger, acquisition, financing, reorganization, or sale of assets, subject to this Privacy Policy or equivalent protections

Data sharing

We do not sell personal information or user data. We only share information in these limited circumstances:

with service providers necessary to operate requested Nexpot functionality
when required by law or legal process
to protect security, rights, safety, or prevent abuse
during business transfers such as mergers, acquisitions, financing, reorganizations, or asset sales
with explicit user consent

Human access to data

Nexpot does not allow humans to review user screenshots, prompts, or other sensitive request data except:

when a user explicitly requests support that requires reviewing submitted information
when necessary for security investigations, abuse prevention, or service integrity
when required by law or legal process
when users explicitly consent

Storage, retention, and security

Account, session, credit, usage, billing, and support records are stored in hosted databases and service systems. Session records expire, password reset tokens are time-limited, and billing records may be retained as needed for accounting, tax, fraud prevention, and legal compliance.

Raw microphone audio, visible tab screenshots, prompts, and assistant requests are transmitted to Nexpot and relevant service providers to complete the request. Nexpot does not intentionally store raw microphone audio or visible tab screenshots in its database after the request completes, but service providers may process and retain submitted data under their own terms and data processing commitments.

We use safeguards such as HTTPS, modern cryptography for transmission, hashed passwords, hashed session tokens in the hosted database, access controls, and least-necessary provider access. No system can be guaranteed completely secure.

Chrome Web Store compliance

Nexpot complies with the Chrome Web Store User Data Policy. Any access to personal or sensitive user data is used solely to provide or improve user-facing functionality requested by the user.

The use of information received from Google APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements. We do not use or transfer Google user data, browser context data, screenshots, transcripts, or prompts for advertising, creditworthiness determination, data brokerage, unauthorized profiling, unrelated analytics, or sale to third parties.

Data retention

We keep personal data only for as long as reasonably necessary for the purposes described in this policy, including account operation, billing, security, support, legal compliance, dispute resolution, and backup recovery. When data is no longer needed, we delete it or de-identify it where practical.

Your choices

You may sign out to remove the active session from your browser or extension. You may also clear local extension storage in Chrome, uninstall the extension, or stop using voice, screenshot, or Autopilot features if you do not want that data processed for a request.

You may contact us to request access, correction, deletion, restriction, portability, or objection where these rights apply. Some data may need to be retained for billing, security, legal, or legitimate business reasons.

International transfers

Nexpot and its providers may process information in the United States, the European Economic Area, and other countries where we or our providers operate. When required, we rely on appropriate transfer safeguards.

Children

Nexpot is not intended for children under 13, and we do not knowingly collect personal data from children under 13. If you believe a child has provided personal data, contact us so we can review and delete it where required.

Changes to this policy

We may update this Privacy Policy from time to time. Updated versions will be posted at https://nexpot.ai/privacy with a new effective date. Continued use of the extension after updates constitutes acceptance of the revised policy.

Contact

If you have questions about this Privacy Policy, you can contact us at:

hello@nexpot.ai