Privacy Policy for KICHAN Chrome Extension
Effective Date: [Date you publish the policy - e.g., April 28, 2025]
1. Introduction
Thank you for using KICHAN ("KICHAN", "Extension", "we", "us", "our"). KICHAN is a browser extension designed to help you securely store and manage your Large Language Model (LLM) API keys (like those from OpenAI, Anthropic, Google, etc.) directly within your browser. It allows websites you approve to utilize these keys via the extension without the website ever directly accessing your secret keys.
This Privacy Policy explains what information KICHAN collects, stores, and processes, how that information is used and protected, and your choices regarding your information. Our core principle is privacy and security first, with sensitive data stored locally and encrypted on your device.
2. Information We Handle
KICHAN handles the following types of information:
- User-Provided API Keys: You provide API keys for various LLM providers you wish to use via the extension.
- Master Password: You create a Master Password to encrypt and decrypt your stored API keys. KICHAN does not store your Master Password directly. Instead, we use cryptographic techniques (like hashing and key derivation via the Web Crypto API) to secure your keys based on this password.
- Trusted Website Origins: When you grant permission for a website to use a key ("Allow Always"), we store the origin (e.g.,
https://example.com) of that website.
- Extension Settings: Configuration choices you make within the extension's Options page, such as selecting a default provider or model.
- Data Processed During Requests: When a website requests an LLM interaction via KICHAN, the prompts/messages provided by the website, and the responses received from the LLM provider, are processed (passed through) by the extension. This request/response data is NOT stored by KICHAN after the interaction is complete.
3. How We Use Your Information
The information handled by KICHAN is used solely for the core functionality of the extension:
- To securely store and manage your API keys locally.
- To encrypt and decrypt your API keys using a key derived from your Master Password.
- To identify websites you have previously trusted.
- To make API calls directly from your browser to the relevant LLM provider on your behalf, using your selected API key, when you approve a request from a website.
- To return the LLM's response to the requesting website.
- To manage your extension preferences and settings.
We do NOT use your information for:
- Tracking your browsing activity across unrelated websites.
- Building profiles for advertising.
- Selling or sharing your API keys or personal data with unrelated third parties.
4. How We Store and Protect Your Information
- Local Storage: All your API keys, trusted site origins, and settings are stored locally on your computer using the browser's
chrome.storage.local API. This data does not leave your device to be stored on servers operated by KICHAN in the current version.
- Encryption: Your API keys are encrypted at rest within
chrome.storage.local. Encryption and decryption happen locally within the extension's secure background context using the standard Web Crypto API, utilizing a key derived from your Master Password.
- Master Password Security: Your Master Password is the key to unlocking your API keys. We do not store it directly. If you forget your Master Password, there is no way for us to recover it or your encrypted API keys.
- Data Transmission:
- Your API keys and Master Password (or its derivatives) are NEVER transmitted to KICHAN servers.
- When an API call is made, the necessary prompt/request data and the relevant (decrypted) API key are sent directly from your browser to the third-party LLM provider's API endpoint (e.g.,
https://api.openai.com/...). This transmission is typically secured via HTTPS. KICHAN acts as a proxy but does not intercept or store this traffic on external servers.
5. Data Sharing and Third Parties
- KICHAN: We do not receive or store your API keys, Master Password, or prompt/response data on our servers (as of the current version).
- LLM Providers (e.g., OpenAI, Anthropic): When you authorize KICHAN to make a request, your prompt data and the corresponding API key are sent directly to the selected provider. Your interaction with that provider is governed by their respective Privacy Policies and Terms of Service.
- Websites Using KICHAN: Websites initiating requests receive the LLM response via the extension, but they do not receive your API key.
- No Sale of Data: We do not sell, rent, or share your stored API keys or personal information with third parties for marketing or unrelated purposes.
6. Data Retention
The data you store within KICHAN (API keys, trusted sites, settings) remains stored locally in your browser via chrome.storage.local for as long as you have the extension installed and do not manually delete the data via the Options page. Uninstalling the extension should typically remove this associated local storage.
7. Your Rights and Choices
You have full control over the data stored within KICHAN:
- Access and View: You can view your configured providers, masked keys, and trusted websites within the extension's Options page.
- Add and Delete: You can add new API keys and delete stored API keys and trusted website permissions at any time via the Options page.
- Master Password: You can change your Master Password (this will involve re-encrypting your stored keys).
8. Children's Privacy
KICHAN is not intended for use by children under the age of 13 (or the relevant age in your jurisdiction), and we do not knowingly collect information from them.
9. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page and potentially through other notices within the extension or on the Chrome Web Store listing. We encourage you to review this policy periodically. Your continued use of the extension after changes constitutes your acceptance of the new policy.
10. Contact Us
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:
info@vibesail.com