PastePilot

Privacy Policy

Last updated: August 14th, 2025

Summary

PastePilot is a Chrome extension that helps you solve coding problems and type AI‑generated text using your own API key. We do not operate any backend for this extension and we do not collect, sell, or share your personal data. All settings (like your API key) are stored locally on your device using Chrome storage. When you trigger a hotkey, page content needed to fulfill your request is processed in‑memory and sent directly from your browser to the model provider you configure (e.g., OpenAI) using your API key.

What data we process

  • Locally stored settings: Your OpenAI API key, your selected model name (e.g., GPT‑4 family), and a small amount of app state such as the last generated text buffer to enable key‑gated typing. These are saved in chrome.storage.local on your device and are never sent to us.
  • Page content you’re on: When you use a hotkey, the extension reads relevant on‑page text (e.g., LeetCode problem text) to craft the prompt. This happens in your browser. The extracted text is then sent to your model provider via their API using your key so a response can be generated.
  • Keystrokes for explicit capture flows: Some flows briefly capture what you type (e.g., language override or a free‑form prompt) until you press Enter or Esc. That input is used only to form your request and is not stored after the action completes.

What we do NOT collect

  • No personally identifiable information (PII).
  • No health information.
  • No financial or payment information.
  • No passwords or authentication secrets (your OpenAI API key is stored locally and never sent to us).
  • No personal communications (emails, texts, chat messages).
  • No location data (e.g., GPS, IP stored).
  • No browsing history. We only check the active tab’s URL in‑session to confirm context (e.g., LeetCode).
  • No user activity tracking (no click/scroll/keystroke logging). We only simulate typing you explicitly trigger.
  • We do not proxy, collect, or store page content on our servers.

Permissions and how they’re used

  • storage: Save your API key and settings locally on your device.
  • activeTab, tabs: Confirm the active tab (e.g., LeetCode), send messages to that tab, and focus editors for typing. Access is temporary and scoped to the active tab after a user action.
  • scripting: Inject our own bundled content script (no remote code) to extract visible text (e.g., problem statements), find editable fields, and perform key‑gated typing after you trigger a hotkey.
  • webNavigation: Used only to enumerate frames in the current tab (e.g., nested iframes on LeetCode) so we can find the right editor. We do not subscribe to navigation events for tracking.
  • host permissions: api.openai.com to call the OpenAI API directly from your browser using your key; leetcode.com and leetcode.cn to enable problem detection and editor interaction after you trigger Solve.

Where your data goes

When you use PastePilot, the relevant page text and your prompt are sent directly from your browser to your configured model provider (e.g., OpenAI) using your API key. PastePilot does not proxy or inspect these requests.

Important: Your usage with the model provider is governed by their terms and privacy policy. Review your provider’s data retention and model‑training settings (for OpenAI API, see their documentation/policies).

Data retention and deletion

  • Local storage: Settings remain until you remove them, clear extension data, or uninstall the extension.
  • Model provider: Any retention is governed by your provider and your account settings.
  • Deleting your data: Remove your API key via the extension Options, clear extension data (chrome://extensions → Details → Clear data), or uninstall the extension.

Security

  • Your API key is stored in chrome.storage.local and is never transmitted to us.
  • We do not load or execute remote code; only our packaged content script is injected after user action.
  • The content script avoids password fields and only operates when you invoke a hotkey.
  • Keep your browser up to date and revoke/rotate your API key if compromised.

Children’s privacy

PastePilot is not directed to children under 13 and should not be used by them.

Changes to this policy

We may update this policy as the extension evolves. Material changes will be reflected here with an updated “Last updated” date.

Contact

Questions? Contact us at shaikh20251@gmail.com.