Idlen
Join the waitlist
Idlen
Join the waitlist
Privacy First

Privacy Policy

We built Idlen with privacy at its core. Your code, your prompts, and your conversations are yours alone.

Last updated: December 24, 2024

Quick Navigation

Data Practices Summary Overview Chrome Web Store Compliance Extension Permissions Data We Collect How We Process Your Data Data Transmitted to Servers Data We Do NOT Collect How We Use Your Data Data Sharing & Third Parties Data Storage & Security Data Retention Your Rights Cookies & Tracking Children's Privacy Policy Changes Contact Us

Data Practices Summary

Chrome Web Store Disclosure

This section provides a complete summary of all data collection, processing, storage, and sharing practices for the Idlen browser extension, in compliance with Chrome Web Store requirements.

The table below provides a complete overview of what data we collect, why we collect it, who we share it with, and how long we keep it:

Data Type Collected? Purpose Shared With Retention
Email addressAccount identification and loginSupabase (authentication provider)Until account deletion
Password (hashed)Secure authenticationSupabase (authentication provider)Until account deletion
Ad impression recordsCalculate and track your earningsSupabase (database), Advertisers (anonymized stats only)7 years (legal requirement)
Ad click recordsTrack earnings and fraud preventionSupabase (database), Advertisers (anonymized stats only)7 years (legal requirement)
Platform name (e.g., chatgpt)Analytics and ad targetingSupabase (database)7 years (legal requirement)
Session identifierFraud preventionSupabase (database)30 days
Hour of day (0-23)Aggregated performance analyticsSupabase (database)7 years (legal requirement)
Prompts or AI conversationsN/A - Never collectedN/AN/A
Page content or DOMN/A - Never collectedN/AN/A
Browsing historyN/A - Never collectedN/AN/A
Keystrokes or form inputsN/A - Never collectedN/AN/A
Location dataN/A - Never collectedN/AN/A

Data Lifecycle Summary

1. Collection

Data collected when you view or click ads

2. Processing

Used to calculate earnings and prevent fraud

3. Storage

Stored securely on Supabase (EU/US servers)

4. Deletion

Deleted within 30 days of account deletion

Overview

Idlen ("we", "our", or "us") operates the Idlen browser extension and related services. This Privacy Policy explains how we collect, use, store, and share your information when you use our extension on AI platforms like ChatGPT, Claude, Lovable, and others.

Our Core Privacy Commitment

We never read, store, or transmit your prompts, AI conversations, or the content of your interactions with AI assistants. Your intellectual property stays on your device.

Chrome Web Store Compliance

Limited Use Disclosure

The use of information received from Google APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements.

This extension complies with all Chrome Web Store policies regarding user data privacy and protection. We are committed to transparency in how we handle your information.

Remote Code & Server Communication

The Idlen extension communicates with our servers (hosted on Supabase) for the following purposes only:

  • Authentication: To verify your identity when you log in
  • Ad retrieval: To fetch ads to display during your AI usage
  • Impression/click recording: To record when ads are viewed or clicked
  • Earnings synchronization: To sync your earnings with the dashboard

We do not execute any remote code. All extension logic is bundled in the extension package reviewed by Chrome Web Store.

Browser Extension Permissions

The Idlen browser extension requires specific permissions to function. Here is a detailed explanation of each permission, why it is necessary, and what data it allows us to access:

identity

Purpose: Allow users to sign in securely using their Google account.

Data accessed via this permission:

  • Email address (for account identification)
  • Basic profile information (name, for display purposes)

We do NOT access your Google contacts, calendar, files, or any other Google services. We only use Google Sign-In for secure authentication.

storage

Purpose: Save your preferences and settings locally on your device.

Data accessed via this permission:

  • Extension enabled/disabled state
  • Ad format preferences (overlay, toast)
  • Frequency settings (cooldown between ads)
  • List of enabled/disabled platforms
  • Cached session earnings for popup display
  • Authentication token for API calls

This data is stored locally on your device using Chrome's storage API. It is never transmitted to our servers unless you are logged in and we sync your earnings.

activeTab

Purpose: Detect when you are on a supported AI platform to show ads at the right moment.

Data accessed via this permission:

  • The current domain/hostname only (e.g., "claude.ai")
  • Click events on send buttons to know when you submit a prompt

We do NOT read the content of the page, your prompts, AI responses, or any text you type. We only detect that a send button was clicked.

host_permissions

Purpose: Inject our content scripts only on specific AI platforms to display ads.

Domains we access (exhaustive list):

  • chat.openai.com, chatgpt.com (ChatGPT)
  • claude.ai (Claude by Anthropic)
  • lovable.dev (Lovable)
  • v0.dev (v0 by Vercel)
  • perplexity.ai (Perplexity)
  • bolt.new (Bolt)
  • gemini.google.com, aistudio.google.com (Google Gemini)
  • copilot.microsoft.com (Microsoft Copilot)
  • replit.com (Replit)

We do NOT access any other websites. Your general browsing is never monitored. We only inject our ad display UI on these specific platforms.

Data We Collect

We collect only the minimum data necessary to provide our service. Here is the complete list:

Account Information (when you register)

  • Email address: Used for account identification, login, and communication
  • Password: Securely hashed using bcrypt, never stored in plain text

Usage Data (when you use the extension)

  • Ad impressions: Which ads were displayed to you and when (timestamp)
  • Ad clicks: Whether you clicked on an ad's call-to-action button
  • Platform name: Which AI platform triggered the ad (e.g., "chatgpt", "claude")
  • Hour of day: The local hour (0-23) when you interact with an ad, used for aggregated performance analysis
  • Session identifier: An anonymous session ID for fraud prevention

Local Storage (stored on your device only, never transmitted)

  • Extension settings and preferences
  • Enabled/disabled platforms list
  • Ad frequency preferences
  • Cached earnings for display in the popup
  • Authentication token (to keep you logged in)

How We Process Your Data

This section explains exactly how we process each type of data we collect:

Email Address

Collection: When you register an account

Processing: Used to authenticate you and send service-related emails

Storage: Stored in Supabase database (encrypted at rest)

Sharing: Shared with Supabase (auth provider) and Stripe (for payouts)

Ad Impression & Click Data

Collection: When an ad is displayed or clicked

Processing: Used to calculate your earnings and detect fraud

Storage: Stored in Supabase database (encrypted at rest)

Sharing: Aggregated (anonymized) statistics shared with advertisers

Platform Name

Collection: When an ad is triggered on a supported AI platform

Processing: Used for analytics and to show relevant ads

Storage: Stored in Supabase database

Sharing: Aggregated statistics shared with advertisers (e.g., "40% of impressions from ChatGPT")

Data Transmitted to Our Servers

When you use the Idlen extension, certain data is transmitted to our servers (hosted on Supabase). Here is exactly what is sent and when:

When You View an Ad (Impression)

{
  "ad_id": "uuid",
  "user_id": "uuid" // if logged in,
  "session_id": "anonymous-session-token",
  "platform": "chatgpt" // which AI triggered the ad,
  "timestamp": "2024-12-18T10:30:00Z"
}

When You Click an Ad

{
  "impression_id": "uuid",
  "platform": "claude",
  "hour_of_day": 10 // local hour (0-23),
  "timestamp": "2024-12-18T10:30:05Z"
}

When You Log In

{
  "email": "your-email@example.com",
  "password": "********" // sent securely via HTTPS, never stored in plain text
}

What is NEVER Transmitted

The content of your prompts or questions to AI
AI responses or conversation history
Page content, HTML, or DOM elements
URLs beyond the domain name
Keystrokes, clipboard data, or form inputs
Browser history or other tabs

Data We Do NOT Collect

We are committed to minimal data collection. We explicitly do not collect:

Your prompts or messages to AI assistants
AI responses or conversation content
Your browsing history outside supported platforms
Keystrokes, form inputs, or text you type
Page content or DOM data from websites
Personal files, code, or documents
Location data or device identifiers

How We Use Your Data

The data we collect is used solely for the following purposes:

  • Account management: Creating and maintaining your account, authenticating your sessions
  • Earnings tracking: Recording ad impressions and clicks to calculate your earnings accurately
  • Fraud prevention: Detecting and preventing fraudulent ad interactions to protect advertisers and honest users
  • Service improvement: Aggregated, anonymized analytics to improve our service and ad relevance
  • Communication: Sending important service updates, payout notifications (opt-out available for marketing emails)
  • Payouts: Processing your earnings withdrawals via Stripe

Data Sharing & Third Parties

We do not sell, rent, or trade your personal information. Below is an exhaustive list of all third parties who may receive your data:

Service Providers (Complete List)

Google LLCGoogle Sign-In Authentication

Provides secure authentication via Google Sign-In. We use Google's identity API to allow users to sign in with their Google account.

Data shared: None directly. Google provides us with your email and basic profile (name) when you sign in.

Purpose: Secure user authentication without storing passwords.

Google Privacy Policy →
Supabase Inc.Database & Authentication

Hosts our database and handles user authentication. Servers located in the EU (Frankfurt) and US (Oregon).

Data shared: Email address, hashed password, impression/click records, earnings data, session identifiers.

Purpose: Database storage, user authentication, data backup.

Supabase Privacy Policy →
Stripe Inc.Payment Processing

Processes payouts when you withdraw your earnings. We never store your banking details directly.

Data shared: Email address, payout amount, Stripe Connect account ID.

Purpose: Process earnings payouts to your bank account.

Stripe Privacy Policy →

Advertisers

Advertisers on our platform receive only aggregated, anonymized statistics about their campaigns:

  • Total number of impressions
  • Total number of clicks
  • Click-through rate (CTR)
  • Breakdown by platform (e.g., "40% from ChatGPT, 30% from Claude")
  • Performance by hour of day (aggregated)

Advertisers never receive your email, user ID, or any personally identifiable information. They cannot identify individual users from the statistics we provide.

Other Circumstances

We may share your data in these limited circumstances:

  • Legal requirements: If required by law, court order, or government regulation
  • Business transfers: In the event of a merger or acquisition, with advance notice to users
  • With your consent: If you explicitly authorize us to share specific data

Data Storage & Security

Where Your Data is Stored

  • Cloud servers: Data is stored on secure servers provided by Supabase (AWS infrastructure) in the EU (Frankfurt, Germany) and US (Oregon)
  • Local device: Settings and preferences are stored locally on your device using Chrome's storage API

Security Measures

  • All data transmission uses TLS 1.3 encryption (HTTPS)
  • Passwords are hashed using industry-standard bcrypt algorithm
  • Database encryption at rest (AES-256)
  • Row-level security (RLS) to prevent unauthorized data access
  • Regular security audits and vulnerability assessments
  • Two-factor authentication available for accounts

Data Retention

We retain your data only as long as necessary to provide our services. Here are the specific retention periods:

Account information (email, password)Until account deletion
Impression & click records7 years (legal requirement)
Session identifiers30 days
Local extension dataUntil extension uninstall
Payout records7 years (legal requirement)

Upon Account Deletion

When you delete your account:

  • Personal data (email, preferences) is deleted within 30 days
  • Anonymized statistical data may be retained for service improvement
  • Financial records (impressions, clicks, payouts) are retained for 7 years as required by law

Your Rights

Depending on your location, you may have the following rights regarding your data:

Access

Request a copy of all data we hold about you

Correction

Request correction of inaccurate data

Deletion

Request deletion of your account and data

Portability

Export your data in a machine-readable format

Objection

Object to certain data processing activities

Withdrawal

Withdraw consent at any time

To exercise any of these rights, contact us at privacy@idlen.io. We will respond within 30 days.

Cookies & Tracking

Browser Extension

The Idlen browser extension does not use cookies. All local data is stored using Chrome's built-in storage API (chrome.storage.local).

Website (idlen.io)

Our website uses minimal, essential cookies:

  • Authentication cookies: To keep you logged in to the dashboard
  • Preference cookies: To remember your settings (e.g., language)

We do not use third-party tracking cookies, advertising cookies, or analytics services that track individual users.

Children's Privacy

Idlen is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a minor, please contact us immediately at privacy@idlen.io and we will delete the data within 48 hours.

Policy Changes

We may update this Privacy Policy from time to time. When we make significant changes:

  • We will update the "Last updated" date at the top of this page
  • We will notify you via email for material changes
  • We will display a notice in the extension popup

Your continued use of Idlen after policy changes constitutes acceptance of the updated terms.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

privacy@idlen.io
https://idlen.io

We aim to respond to all privacy-related inquiries within 48 hours.

Questions about privacy?

We're happy to explain any aspect of our privacy practices.

Contact Privacy Team Learn More About Idlen
© 2025 Idlen Inc.Built for builders.