1. Introduction

Extendable ("we," "our," or "us") provides an AI-powered platform for building browser extensions. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our service at extendable.app.

2. Information We Collect

Account Information

When you create an account, we collect your email address and authentication credentials through our authentication provider (Supabase). This information is used to identify your account and provide access to your projects.

API Keys

If you provide your own Claude API key, it is stored securely in Supabase Vault with encryption at rest. Your API key is only used to execute AI requests on your behalf and is never shared with third parties.

Project Data

We store the browser extension projects you create, including code, configurations, chat history, and session data. This data is associated with your account and used to provide the service.

Usage Information

We collect information about how you use our service, including pages visited, features used, and interactions with the AI assistant. This helps us improve the product and user experience.

Technical Information

We automatically collect technical information such as browser type, device information, IP address, and referral URLs for security, analytics, and service optimization purposes.

3. How We Use Your Information

To provide, maintain, and improve our browser extension building service
To process AI requests and generate extension code on your behalf
To execute your projects in secure sandbox environments (E2B)
To provide live browser previews via VNC for testing your extensions
To communicate with you about your account and service updates
To detect, prevent, and address technical issues and security threats
To analyze usage patterns and improve user experience

4. Sandbox Execution Environment

Your extension projects are executed in isolated E2B sandbox environments. These sandboxes are ephemeral and are destroyed after your session ends. Code execution occurs in a secure, isolated environment separate from other users.

The VNC preview feature streams a visual representation of a Chromium browser running your extension. This stream is only accessible to your authenticated session.

5. Data Sharing and Third Parties

We share your information with:

Anthropic: Your prompts and extension code are sent to Claude AI for processing. Subject to Anthropic's privacy policy.
Supabase: Authentication and database services. Subject to Supabase's privacy policy.
E2B: Sandbox execution environments. Subject to E2B's privacy policy.
Analytics providers: Anonymized usage data for product improvement.

We do not sell your personal information to third parties.

6. Data Security

We implement industry-standard security measures to protect your data:

API keys are encrypted at rest using Supabase Vault
All data transmitted over HTTPS/TLS encryption
Isolated sandbox environments for code execution
JWT-based authentication for API access
Regular security reviews and updates

7. Data Retention

We retain your account information and projects for as long as your account is active. You can delete your projects at any time. Upon account deletion, we will delete your personal data within 30 days, except where retention is required by law.

Sandbox environments and their data are automatically destroyed after session termination.

8. Your Rights

Depending on your location, you may have the following rights:

Access and receive a copy of your personal data
Correct inaccurate personal data
Request deletion of your personal data
Object to or restrict processing of your data
Data portability (export your projects)
Withdraw consent where processing is based on consent

9. Cookies and Tracking

We use essential cookies for authentication and session management. We also use analytics tools to understand how our service is used. You can control cookie preferences through your browser settings.

10. Children's Privacy

Our service is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

12. Contact Us

If you have questions about this Privacy Policy or your personal data, please contact us at privacy@extendable.app.