Privacy Policy

This privacy policy (“Policy”) is issued by Wensen Wu (“we,” “us,” or “our”) and describes how we collect, use, and protect personal information in connection with the products listed below. Each product section details the specific data practices applicable to that product.

For questions or data requests, contact us at contact@wensenwu.com. We aim to respond within 30 days, as required by applicable data protection law.

tl;air

tl;air is a browser extension that generates personalized summaries of web pages. The extension operates entirely within your browser. We do not operate a backend server, do not require user accounts, and do not include analytics or telemetry of any kind.

Summary

• Your API keys, profile, and preferences are stored locally in chrome.storage.local. They are not transmitted to any server we operate.
• When you initiate a summary or chat interaction, the current page’s visible text and your profile context are sent directly to the AI provider you configured (Anthropic, OpenRouter, OpenAI, or a local model server such as Ollama or LM Studio).
• We do not operate a backend server for tl;air. We do not receive, store, or have access to your data on any server.

Legal basis for processing

We process your data on the following bases under the General Data Protection Regulation (GDPR): (a) your consent, which you provide by configuring the extension and initiating a summary or chat interaction; and (b) legitimate interest, to deliver the summarization functionality you requested.

You may withdraw consent at any time by resetting your data via Options → Account → Reset or by uninstalling the extension. Withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal.

Where our data practices are not closely related to the extension’s core functionality as described on the Chrome Web Store listing, we provide prominent in-product disclosure and obtain your affirmative consent before collecting or processing such data.

Data stored locally on your device

The following data is stored in chrome.storage.local, the browser’s per-extension local storage. This data is sandboxed by Chrome to your browser profile, is not accessible to other extensions or websites, is not synced to any external service, and is deleted when you uninstall the extension.

• API key(s) for the AI provider you configured.
• Profile information provided during onboarding: name or handle, role, current projects, technology stack, topic interests, anti-interests, and style preferences.
• Imported memory: any text you provided during the memory-import step, such as ChatGPT memory exports, Claude.ai memory, personal bios, or Claude Code memory files.
• Learned preferences: feedback you provide on summaries (thumbs up, thumbs down, or refinement notes), as well as preferences the extension’s chat reflection feature identifies as relevant. Automatically inferred preferences are labeled auto in Options and may be reviewed or deleted at any time.
• Summary history: up to the 200 most recent summaries (URL, page title, summary body, and timestamp), used for caching.
• Settings: model selection, summary length/tone/layout preferences, and keyboard shortcut configuration.

Data retention

All data stored by tl;air remains on your device until you delete it or uninstall the extension. Summary history is limited to the 200 most recent entries; older entries are automatically removed. API keys, profile information, imported memory, learned preferences, and settings are retained indefinitely until you manually delete them via Options or uninstall the extension. We do not retain any data on servers we operate, because we do not operate any.

Data transmitted to third-party AI providers

When you initiate a summary or chat turn, the extension transmits the following data to your configured AI provider’s API over HTTPS:

• The current page URL and title.
• The page’s visible text content (extracted from document.body.innerText, capped at 16,000 characters; or via Firecrawl if you have enabled that integration).
• Your system prompt, which includes your persona, profile, imported memory, and learned preference rules.
• Your chat messages from the current session.
• Model parameters such as maximum token count and temperature.

The destination of this data depends on the provider you selected:

We do not have access to the data you transmit to your chosen provider. It is sent directly from your browser to the provider’s API. Your data is governed by the chosen provider’s own privacy policy and terms of service.

International data transfers

When you use a cloud-based AI provider, your data may be transferred to and processed in a country other than your own, including the United States. These transfers are governed by the privacy policy and data processing terms of your chosen provider. We encourage you to review your provider’s policies regarding international transfers and applicable safeguards, such as Standard Contractual Clauses (SCCs).

Optional third-party integrations

Firecrawl (content extraction). If you enable Firecrawl in Options and provide a Firecrawl API key, the extension may send the current page’s URL to Firecrawl’s API (api.firecrawl.dev) to retrieve a cleaner text extraction when the in-browser DOM extractor is insufficient. Firecrawl may return the page’s extracted content, which is then processed as described above. This integration is disabled by default and is governed by Firecrawl’s privacy policy.

Webhook (bookmark integration). If you configure a webhook URL in Options, pressing Save on a summary will transmit the summary body, page URL, page title, and timestamp to the endpoint you specified (for example, a Notion integration via Zapier or a self-hosted server). This data is sent directly to your configured endpoint; we do not receive it. This integration is disabled by default.

Data we do not collect

• No backend server. We do not operate a server for tl;air. No data is transmitted to us or to any domain we control.
• No analytics or telemetry. The extension does not include Google Analytics, Sentry, or any custom telemetry. It does not contact any URL other than your configured AI provider and, if enabled, Firecrawl or your webhook endpoint.
• No cross-site tracking. Page content is only accessed when you explicitly initiate a summary or chat interaction. The extension does not passively monitor or scrape your browsing activity.
• No biometric, audio, or video data. The extension does not access facial data, microphone input, camera input, saved passwords, autofill data, or browser cookies.
• No cookies or tracking technologies. tl;air does not use cookies, pixels, fingerprinting, or any other tracking mechanism.
• No sale of personal information. We do not sell, rent, or share your personal information with advertisers, data brokers, or any third party.

Automated processing

tl;air uses AI models to generate summaries personalized to your profile and preferences. This processing is initiated by you and occurs between your browser and your chosen AI provider. No automated decisions with legal or similarly significant effects are made about you.

Extension permissions

• sidePanel — renders the summary and chat interface in Chrome’s side panel.
• storage — persists settings, API keys, profile, and history locally on your device.
• activeTab + scripting — extracts the current page’s visible text when you initiate a summary.
• tabs — detects tab changes to re-summarize the active page when auto-summarize is enabled.
• nativeMessaging — used only if you install the optional Claude Pro/Max native helper; otherwise inactive.
• <all_urls> host permission — enables the content extractor to operate on any page you choose to summarize. The extension only accesses a page’s content when you explicitly initiate a summary or chat interaction.

Security

Your API keys and personal data are stored in chrome.storage.local, which is sandboxed by Chrome to your browser profile and is not accessible to other extensions or websites. All communication with AI providers is conducted over HTTPS. We do not transmit your data to any server we operate.

Your rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access. You may view all data the extension holds about you via the Options page.
• Rectification. You may edit your profile, imported memory, and preferences at any time via Options.
• Erasure. You may delete individual items or reset all data via Options → Account → Reset, or by uninstalling the extension.
• Portability. You may export your settings as a JSON file (with API keys redacted) via Options → Account → Export.
• Objection and restriction. You may disable auto-summarize or cease using the extension at any time.
• Complaint. If you are located in the EU/EEA, you have the right to lodge a complaint with your local data protection supervisory authority. A list of EU/EEA supervisory authorities is available at edpb.europa.eu.

Because all data is stored locally on your device, most rights can be exercised directly without contacting us. To revoke an API key, do so through your provider’s dashboard; the extension stores keys locally but does not manage them.

California residents

Under the California Consumer Privacy Act (CCPA), California residents have specific rights regarding their personal information. Categories of personal information we process include: identifiers (name or handle), professional information (role, projects, technology stack), and internet activity (URLs and page content of pages you summarize).

We do not sell or share your personal information as those terms are defined under the CCPA. You have the right to know what personal information is collected, to request its deletion, and to not be discriminated against for exercising these rights. Because all data is stored locally on your device, you can exercise these rights directly through the extension’s built-in controls or by uninstalling. If our practices change in the future, we will update this policy and provide a “Do Not Sell or Share My Personal Information” mechanism.

Children’s privacy

Our products are not directed to children under the age of 13 (or 16 in jurisdictions where that is the applicable age of digital consent). We do not knowingly collect personal information from children. If you believe a child has provided personal information through one of our products, please contact us at contact@wensenwu.com and we will delete it promptly.

Data breach notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33. Where the breach is likely to result in a high risk to your rights, we will notify affected users without undue delay, describing the nature of the breach, its likely consequences, and the measures taken to address it.

Third-party links

Our products or this website may contain links to third-party websites or services that are not operated by us. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party sites or services. We encourage you to review the privacy policy of every site you visit.

Business transfers

If we are involved in a merger, acquisition, asset sale, or bankruptcy proceeding, your personal data may be transferred as a business asset. In such an event, we will provide notice before your data is transferred and becomes subject to a different privacy policy.

Website analytics

This website (wensenwu.com) uses Vercel Analytics and PostHog to collect aggregated, anonymous usage data such as page views and performance metrics. These services may use cookies or similar technologies. This analytics applies only to the website itself and is entirely separate from our extension products, which do not include any analytics or tracking. You may control cookie preferences through your browser settings.

Governing law

This Policy shall be governed by and construed in accordance with the laws of the State of California, United States, without regard to its conflict of law provisions. Nothing in this Policy limits any rights you may have under applicable data protection laws in your jurisdiction.

Contact

For questions, data requests, or security reports, contact us at contact@wensenwu.com. We aim to respond within 30 days, as required by applicable data protection law.

Changes to this policy

If we make material changes to this policy, we will update the “Last updated” date at the top of this page and, where feasible, provide notice through the relevant product’s update notes (for example, in the Chrome Web Store listing). Your continued use of our products after changes take effect constitutes acceptance of the revised policy.