AI Chat Heatmap Privacy Policy

Last updated: 2026-05-02

AI Chat Heatmap ("the extension") helps users visualize AI chat activity using a local heatmap dashboard.

1) Data We Process

• timestamp of each interaction
• platform and model identifier
• character counts (input/output)
• estimated token counts and duration
• conversation identifier (if available from page traffic)
• current page URL

2) Optional: Local Log File Access (Claude Code, Gemini CLI, ...)

Starting in v0.2.0 the extension can optionally read JSONL session log files written by local AI command-line / desktop / IDE tools — currently Claude Code (CLI / IDE / Desktop) and Google Gemini CLI — so terminal and agent usage that bypasses the browser is also reflected on the heatmap. Additional locally-running tools may be added in future versions.

• This feature is off by default. It only activates after the user explicitly grants directory access via the browser's File System Access dialog (showDirectoryPicker) — typically pointing at directories such as ~/.claude/projects/ or ~/.gemini/. Each supported tool has its own separate row in the dashboard; the user grants access per source.
• The granted directory handle is persisted locally in IndexedDB (structured-clone) so the background service worker can resume incremental scans across browser restarts. The handle never leaves the device.
• Log files are read in-process, parsed line-by-line, and the same fields listed in section 1 are extracted. Raw message bodies, prompts, and assistant replies are never persisted — only counts and metadata.
• The user can revoke access at any time, per source, from the dashboard's "Disconnect" button. Revocation removes the stored handle for that source but leaves previously aggregated counts intact.

3) Where Data Is Stored

• Data is stored locally in your browser (chrome.storage.local and IndexedDB).
• We do not operate a backend for this extension.

4) Data Sharing and Transfer

• We do not sell or share your data with third parties.
• We do not upload your usage data to external servers by default.
• Export is user-initiated only (JSON file downloaded to your device).

5) Permissions and Why

• storage: save your history, aggregates, and preferences.
• alarms: schedule a periodic background task (every 2 minutes) that performs incremental sync of any connected local log directories (Claude Code, Gemini CLI, ...).
• notifications: surface a one-tap recovery prompt when File System Access permission for a connected log directory has lapsed (e.g. after a Chrome restart). No marketing or content notifications are ever shown.
• Host permissions on supported AI chat domains: collect usage metrics from those sites only.
• File System Access (browser-managed, no manifest permission required): used only for the optional local log features described in section 2; only the directory the user explicitly picks is ever opened.

6) Data Retention and Deletion

Data remains on your device until you delete it. You can clear data by removing extension storage or uninstalling the extension. Disconnecting any optional local log source removes the stored directory handle for that source.

7) Security

• The extension follows Manifest V3 packaged-code requirements.
• No remote code execution is used in extension logic.

8) Children's Privacy

The extension is not intended for children under 13.

9) Changes to This Policy

We may update this policy and will update the "Last updated" date accordingly.

10) Contact

For privacy requests, contact: xuchunyu.sh@gmail.com