Version 3.0.0
π Privacy Policy for kimaaka Chrome Extension
Effective Date: August 11, 2025
Last Updated: August 11, 2025
π Quick Summary: kimaaka is designed with privacy as a core principle. We do not collect, store, or track any personal information. The extension only processes screen content when you explicitly activate it, and all data is handled securely and temporarily.
π 1. Introduction
This Privacy Policy describes how the kimaaka Chrome Extension ("we," "our," or "the extension") handles information when you use our AI-powered multiple choice question assistance tool. kimaaka is designed to capture screenshots of your browser content and analyze them using Google's Gemini AI to provide visual answers to multiple choice questions.
Our Commitment: We are committed to protecting your privacy and being transparent about our data practices. This extension operates on a privacy-first basis with minimal data processing.
π« 2. What We DO NOT Collect
We do not collect, store, or transmit any of the following:
- Personal Information: No names, email addresses, phone numbers, or any personally identifiable information
- Account Data: No user accounts, passwords, or login credentials
- Browsing History: No tracking of websites you visit or your browsing patterns
- Persistent Storage: No long-term storage of any captured content or analysis results
- Cookies or Tracking: No cookies, web beacons, or tracking technologies
- Device Information: No collection of device identifiers, hardware information, or system details
- Location Data: No access to or collection of your geographical location
- Financial Information: No payment data, credit card information, or financial details
πΈ 3. What Data We Process (Temporarily)
The extension processes the following data only when you explicitly activate it by pressing the keyboard shortcut (Cmd+Shift+Y or Ctrl+Shift+Y) or clicking the analyze button:
3.1 Screenshot Data
- What: A PNG image of the currently visible content in your active browser tab
- When: Only when you manually trigger the analysis function
- Purpose: To analyze multiple choice questions and provide visual answer indicators
- Processing: Converted to base64 format and sent to Google's Gemini API
- Retention: Immediately discarded after analysis completion (typically within 2-5 seconds)
3.2 API Key Caching
- What: Temporary API keys from our backend server
- Purpose: Performance optimization to reduce server requests
- Storage: Locally in your browser for up to 2 hours
- Security: Encrypted and automatically expired
3.3 Server Status Information
- What: Information about which server instance is being used
- Purpose: Load balancing and failover management
- Storage: Locally in your browser temporarily
- Content: Server URLs and connection timestamps only
π 4. Data Processing and Third-Party Services
4.1 Google Gemini AI API
We use Google's Gemini AI service to analyze captured screenshots:
- Data Shared: Screenshot images and text prompts for analysis
- Purpose: AI-powered multiple choice question analysis
- Google's Policy: Subject to Google's Privacy Policy
- Processing: Google processes images ephemerally and does not store them
- Security: All communications are encrypted via HTTPS
4.2 Our Backend Servers
We operate backend servers to manage API keys and provide failover capabilities:
- Purpose: Secure API key distribution and load balancing
- Data Processed: API key requests and server health checks
- Logging: Minimal operational logs for debugging and monitoring
- Retention: Logs are automatically deleted after 30 days
- Security: All server communications are encrypted
π‘οΈ 5. Security Measures
We implement comprehensive security measures to protect any data processed by the extension:
5.1 Technical Safeguards
- Encryption: All network communications use HTTPS/TLS encryption
- Minimal Permissions: Extension requests only essential Chrome permissions
- Temporary Processing: All data is processed in memory and immediately discarded
- No Persistent Storage: No data is saved to disk or permanent storage
- Secure APIs: All API endpoints are secured and validated
5.2 Operational Security
- Access Controls: Restricted access to server infrastructure
- Regular Updates: Security patches and updates are applied promptly
- Monitoring: Continuous monitoring for security threats
- Incident Response: Established procedures for handling security incidents
π― 6. How We Use Processed Data
The temporarily processed data is used exclusively for:
- AI Analysis: Analyzing multiple choice questions in screenshots
- Answer Display: Generating color-coded visual answer indicators
- Service Optimization: Improving response times through caching
- Error Handling: Providing appropriate error indicators when analysis fails
- System Reliability: Managing server failover and load balancing
β οΈ Important: We never use processed data for advertising, marketing, profiling, or any purpose other than providing the core functionality of the extension.
π 7. Extension Permissions Explained
The extension requests the following Chrome permissions, and here's exactly why:
7.1 Required Permissions
- "activeTab": Required to capture screenshots of the current tab when you activate the extension
- "storage": Used to temporarily cache API keys locally for better performance
- "scripting": Needed to inject visual elements that display answer results on web pages
- "commands": Enables the keyboard shortcut functionality for quick activation
7.2 Host Permissions
- "<all_urls>": Allows the extension to work on any website with multiple choice questions
- "https://generativelanguage.googleapis.com/": Required to communicate with Google's Gemini AI API
π 8. International Data Transfers
When you use kimaaka, data may be processed in different locations:
- Google Gemini API: Data is processed by Google's global infrastructure according to their data handling practices
- Our Servers: Currently hosted in standard cloud computing regions with appropriate security measures
- Safeguards: All international transfers are protected by encryption and contractual safeguards
π€ 9. Your Rights and Control
You have complete control over the extension's functionality:
9.1 Usage Control
- Voluntary Activation: The extension only works when you explicitly activate it
- No Background Activity: No data processing occurs when the extension is inactive
- Easy Removal: You can disable or remove the extension at any time through Chrome settings
9.2 Data Control
- No Data Retention: Since we don't store data, there's nothing to delete or access
- Cache Clearing: You can clear local browser cache to remove any temporarily stored API keys
- Permission Revocation: You can revoke extension permissions through Chrome settings
π οΈ 10. Data Retention Policy
Our data retention policy is simple: We don't retain data.
- Screenshot Images: Processed immediately and discarded (0 seconds retention)
- Analysis Results: Displayed temporarily and not stored (0 seconds retention)
- API Keys: Cached locally for maximum 2 hours, then automatically deleted
- Server Logs: Operational logs are automatically deleted after 30 days
- Error Logs: Debug information is automatically purged after 7 days
βοΈ 11. Legal Basis for Processing (GDPR)
For users in the European Union, our legal basis for processing is:
- Legitimate Interest: Providing the core functionality you've requested by installing and using the extension
- Consent: Your explicit action to activate the extension constitutes consent for screenshot processing
- Contract Performance: Processing necessary to deliver the service functionality
π 12. Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in our practices or for legal compliance:
- Notification: Material changes will be communicated through the Chrome Web Store
- Version Control: Each version is clearly dated and numbered
- Continued Use: Continued use after changes constitutes acceptance of the new policy
- Review: We recommend reviewing this policy periodically
π’ 13. Business Changes
In the event of business changes:
- Service Discontinuation: Users will be notified at least 30 days in advance
- Ownership Transfer: Any new owner must maintain the same privacy standards
- Data Protection: Since we don't store user data, there's no data to transfer or protect
π 14. Age Restrictions
This extension is designed for educational purposes:
- General Use: Suitable for users of all ages for educational assistance
- Parental Guidance: Parents should superv children's use of AI assistance tools
- Educational Ethics: Users should follow their institution's academic integrity policies
π 15. Contact Information
π 16. Compliance and Certifications
kimaaka is designed to comply with major privacy regulations:
- GDPR: European Union General Data Protection Regulation compliant
- CCPA: California Consumer Privacy Act compliant
- COPPA: Children's Online Privacy Protection Act considerations
- Chrome Store Policies: Fully compliant with Google's Chrome Web Store policies
π― Privacy by Design
kimaaka was built with privacy as a fundamental principle. We collect minimal data, process it temporarily, and provide maximum transparency about our practices. Your privacy is not just protected by policyβit's protected by design.
Thank you for using kimaaka responsibly and trusting us with your privacy.
Last updated: August 11, 2025 | Version 3.0.0