Privacy Policy for PebbleFlow
Last Updated: November 25, 2025
Overview
PebbleFlow is a suite of AI tools that live in a browser extension, providing AI-powered assistance while browsing the web. We are committed to protecting your privacy. This policy explains what data the extension accesses, how it's used, and your rights.
Key Principle: Your data stays on YOUR device. PebbleFlow is designed with privacy as a core principle. We do not operate servers that collect your data from the apps, and we do not have access to your conversations, browsing history, or personal information. PebbleFlow is on-device software that allows you complete control over third party cloud services you interact with, websites you visit, and the AI models that you choose to use with it.
Data Collection and Storage
What We Do NOT Collect
- We do not collect your conversations or chat history
- We do not collect your browsing history or web activity
- We do not collect analytics, telemetry, or usage statistics
- We do not have access to your API keys (when using your own key)
- We do not have access to your Google account credentials or OAuth tokens. The software saves those tokens on your device, and only communicates with our server to validate that you are a google user and authorize the app to work with Google Workspace apps.
- We do not track which AI models you use or how you configure the extension
Data Stored Locally on Your Device
The following data is stored locally on your device using Chrome's built-in storage APIs and never transmitted to our servers:
| Data Type | Purpose | Storage Location |
|---|---|---|
| Conversation history | Display your chat history across all threads | Local Chrome storage |
| User profile | Store your name, addresses, email, phone, and custom variables | Local Chrome storage |
| Personal instructions | Remember your preferences and context | Local Chrome storage |
| Mode configurations | Custom modes, system prompts, and tool settings | Local Chrome storage |
| API keys (BYOK) | Authenticate with AI services (OpenRouter/Ollama) | Local Chrome storage |
| Google OAuth tokens | Authenticate with Google services | Local Chrome storage |
| UI preferences | Theme, font size, color tints | Local Chrome storage |
| Skills library | Custom prompt templates you create | Local Chrome storage |
Third-Party Services
OpenRouter API
When you use the AI features with OpenRouter, your messages are sent to OpenRouter (openrouter.ai), which routes requests to various AI model providers (Anthropic, OpenAI, Google, Meta, and others).
- What is sent: Your conversation messages, system prompts, and any page content you explicitly share with the AI
- What is NOT sent to us: Your API key is sent directly to OpenRouter, never to PebbleFlow servers
- User profile data: Your personal instructions and profile variables (name, location, etc.) are included in the system context sent to the AI model to personalize responses
- Their privacy policy: https://openrouter.ai/privacy
Ollama (Local AI - Optional)
PebbleFlow supports running AI models locally using Ollama:
- What is sent: When using Ollama, your messages are sent to your local Ollama server (default: http://localhost:11434)
- Privacy benefit: No data leaves your device when using local models
- Configuration: The Ollama base URL is stored locally in your settings
Google APIs (Optional)
If you choose to connect your Google account for Docs/Drive integration:
- Authentication: Uses Chrome's built-in OAuth flow (
chrome.identityAPI). Tokens are stored locally and sent directly to Google. - Data access: Only accesses Google services when you explicitly request it (e.g., "open my Google Doc" or "create a document")
- Developer access: We never receive, store, or have access to your Google credentials or OAuth tokens
- Their privacy policy: https://policies.google.com/privacy
API Keys and Subscription Plans
Bring Your Own Key (BYOK)
If you provide your own OpenRouter API key:
- Your key is stored locally on your device in Chrome's encrypted storage
- Your key is sent only to OpenRouter when making AI requests
- We never receive, store, or have access to your API key
- You have full control over your AI usage and billing through your OpenRouter account
Ollama (Self-Hosted)
If you use Ollama for local AI models:
- No API key is required
- All AI processing happens on your local machine
- No conversation data is transmitted to any external service
- The Ollama server URL is stored locally
Subscription Plans
If you purchase a subscription plan from us:
- We provision a dedicated API key for your account
- We manage this key on your behalf for billing and usage tracking
- Your conversations still remain local to your device
- We only track aggregate usage for billing purposes, not conversation content
User Profile and Personalization
PebbleFlow allows you to create a user profile with information like:
- Your name
- Home and work addresses
- Email and phone number
- Preferred language
- Custom variables (e.g., company name, project details)
- Personal instructions and preferences
How this data is used:
- Stored locally on your device only
- Included in the system context sent to AI models to personalize responses
- Never transmitted to PebbleFlow servers
- You can view, edit, or delete this information at any time in Settings → User Profile
Example: If you set your name to "Vassia" and location to "Akron, OH" the AI will know your name and can use PebbleFlow's tools to provide location-relevant information (weather, local businesses, etc.).
Modes and Custom Configurations
PebbleFlow supports multiple "modes" (e.g., General, Travel Agent, Shopping Agent, Helper) with different:
- System prompts
- AI models
- Tool permissions
- Temperature and iteration settings
- Mode-specific variables
Privacy implications:
- All mode configurations are stored locally on your device
- Custom modes you create remain on your device
- Mode settings (including system prompts) are sent to the AI provider as part of the conversation context
- We do not track which modes you use or how you configure them
Tools and Permissions
PebbleFlow includes several tool categories that can be enabled/disabled per mode:
Web Browsing Tools
- What they do: Navigate to URLs, search the web, extract page content, click elements, fill forms
- Privacy: Page content is only accessed when you explicitly ask the AI to analyze it
- Data flow: Page content is sent to the AI provider (OpenRouter/Ollama) for analysis
File Operations Tools
- What they do: Read, write, edit, and manage files on your device
- Privacy: Files are only accessed when you explicitly request it
- Data flow: File content may be sent to the AI provider when you ask for analysis or editing
API Integration Tools
- What they do: Make HTTP requests to external APIs
- Privacy: Only makes requests you explicitly authorize
- Data flow: API responses may be processed by the AI
Google Docs Tools
- What they do: Create, read, and edit Google Docs/Sheets
- Privacy: Requires explicit Google account connection
- Data flow: Document content is sent to the AI provider for analysis/editing
Profile Configuration Tools
- What they do: Allow the AI to modify your user profile and settings
- Privacy: Disabled by default; only available in Helper mode
- Data flow: Changes are made locally to your Chrome storage
Permissions Explained
PebbleFlow requests the following Chrome permissions:
| Permission | Why We Need It |
|---|---|
sidePanel | Display the assistant in Chrome's side panel |
storage | Save your settings, conversations, and user profile locally |
activeTab | Read page content when you ask the AI to analyze it |
scripting | Extract text from web pages and interact with page elements |
tabs | Show your open tabs for easy reference switching and navigation |
downloads | Export your conversations and settings as files |
unlimitedStorage | Store unlimited conversation history locally |
alarms | Keep the background service running for reliable responses |
identity | Optional Google sign-in (tokens stay local) |
<all_urls> | Read and interact with content from any page you want the AI to analyze |
nativeMessaging | (Future) Communicate with native applications for advanced integrations |
Data Sharing
We do not sell, trade, or transfer your personal information to third parties.
Data is only transmitted in these scenarios:
- To OpenRouter (or your chosen AI provider): When you send a message, your conversation context (including messages, system prompts, user profile, and any shared page content) is sent to generate a response
- To Ollama (if configured): When using local models, data is sent to your local Ollama server only
- To Google: When you use Google Docs/Drive features, requests go directly to Google's APIs using your OAuth token
- To external APIs: When you explicitly use API integration tools to make HTTP requests
- To us (subscription only): If you purchase a subscription, we receive billing information and aggregate usage data (not conversation content)
Data Retention
- Local data: Stored indefinitely until you clear it or uninstall the extension
- Clearing conversations: You can delete individual threads or all conversation history from the UI
- Clearing settings: You can reset settings to defaults or delete custom modes/variables
- Clearing all data: Uninstalling the extension removes all local data from Chrome storage
- Subscription data: If you cancel a subscription, billing records are retained as required by law
Your Rights
You have the right to:
- Access: View all your data (it's stored locally on your device in Chrome's storage)
- Edit: Modify your user profile, settings, and conversations at any time
- Delete: Remove individual conversations, custom variables, or all data
- Export: Export your conversations, settings, and configurations using the built-in export feature (Settings → Backup & Restore)
- Portability: Import/export settings to move between devices or create backups
- Opt-out: Use the extension without a subscription (BYOK model with your own API key)
Extended Thinking Feature
Some AI models (e.g., Claude 4.5 Sonnet) support "extended thinking" - a feature that allows the model to reason through complex problems before responding.
Privacy implications:
- Extended thinking tokens are sent to the AI provider as part of the request
- Thinking content is processed by the AI model but not stored by PebbleFlow
- You can configure the thinking token budget in mode settings
- This feature can be disabled entirely in mode settings
Canvas and Document Editing
PebbleFlow includes a "Canvas" feature for editing code and documents:
- What it does: Opens an in-app editor for code, markdown, and HTML files
- Privacy: All editing happens locally in your browser
- Data flow: Document content may be sent to the AI for suggestions or modifications
- Version history: Previous versions are stored locally for undo/redo functionality
Children's Privacy
PebbleFlow is not intended for children under 13. We do not knowingly collect information from children under 13.
Security
PebbleFlow employs several security measures:
- Local storage encryption: Chrome's storage APIs use the operating system's encryption
- No server-side storage: We don't store your data on servers, reducing breach risk
- Direct API communication: API keys are sent directly to providers, never through our servers
- OAuth tokens: Google tokens are managed by Chrome's identity API and stored securely
Your responsibilities:
- Keep your API keys secure and never share them
- Use strong passwords for your Google account
- Regularly review your user profile and settings
- Only install PebbleFlow from the official Chrome Web Store
Changes to This Policy
We may update this privacy policy from time to time. Changes will be posted on this page with an updated revision date. Significant changes will be communicated through:
- Update notes in the Chrome Web Store
- In-app notifications (if applicable)
- Email (for subscription users)
Contact Us
If you have questions about this privacy policy, please contact us at:
- Email: privacy@pebbleflow.ai
- Website: https://pebbleflow.ai
- Support: Use the Helper Agent (? icon) within the extension
Summary
| Question | Answer |
|---|---|
| Do you collect my conversations? | No - stored locally on your device |
| Do you see my API key? | No - unless you use our subscription service |
| Do you have access to my Google account? | No - tokens go directly to Google |
| Do you track my browsing? | No |
| Do you use analytics? | No |
| Where is my data stored? | On your device only (Chrome local storage) |
| Is my user profile sent to AI models? | Yes - to personalize responses, but not to PebbleFlow servers |
| Can I use PebbleFlow completely offline? | Yes - with Ollama local models |
| Can I export my data? | Yes - via Settings → Backup & Restore |
| What happens if I uninstall? | All local data is deleted from Chrome storage |
Technical Details for Privacy-Conscious Users
Data Flow Diagram
- User Input → Stored locally in Chrome storage
- User Profile + Conversation → Sent to AI provider (OpenRouter/Ollama)
- AI Response → Stored locally in Chrome storage
- No data → Sent to PebbleFlow servers (except subscription billing)
Storage Locations
- Chrome Local Storage:
chrome.storage.localAPI - Chrome Sync Storage: Not used (all data stays on device)
- IndexedDB: Not currently used
- Cookies: Not used for tracking
Third-Party Dependencies
PebbleFlow uses the following third-party services:
- OpenRouter: AI model routing and inference
- Google APIs: Optional Docs/Drive integration
- Ollama: Optional local AI inference
- Chrome Web Store: Extension distribution and updates
We do not use:
- Analytics services (Google Analytics, Mixpanel, etc.)
- Advertising networks
- Social media trackers
- Error tracking services that send data to external servers