PolarisPolaris

Privacy Policy

Last updated: January 30, 2026

Summary

  • Our browser extension helps you interact with websites more effectively through AI-powered workflow recording and automation.
  • To provide this service, the extension may capture the current page URL/title, a screenshot of the page you're on, a compact description of visible elements, your queries, and interaction context.
  • We transmit this information to our servers and, to generate responses, to third-party AI model providers (OpenRouter, OpenAI, Anthropic).
  • We don't sell your data. You can request access to or deletion of your data at any time.
  • We retain most data for up to 3 years unless you request earlier deletion.

What We Collect

When you use the extension

To provide our service, the extension may collect and send to our servers:

  • URL and page title of the current tab
  • A screenshot of the current page (may include visible personal or sensitive content on the page)
  • A compact, text-only summary of visible elements (e.g., tag names, limited attributes like id, href, aria-label, placeholder, minimal text snippets, and approximate positions)
  • Your queries and requests
  • Basic viewport information (width, height, device pixel ratio)
  • Interaction context, such as clicking, scrolling, typing (truncated), or navigating

We do not collect your full browsing history. The extension only accesses the active page to function.

Account information

When you create an account, we collect:

  • Email address
  • Name (if provided)
  • Password (stored using secure one-way hashing)
  • Organization membership and role information

Workflow and task data

When you record and execute workflows, we store:

  • Workflow definitions including steps, variables, and clarifying questions
  • Screen recordings and audio narration (if enabled)
  • Task execution history and results
  • Workflow output data and extracted information
  • Semantic patterns extracted from your workflows to improve suggestions

Conversation history

We store your interactions with our AI agents, including:

  • Chat queries and responses
  • Workflow revision feedback and suggestions
  • Clarification question responses

Audit and security logs

For security and compliance purposes, we automatically collect:

  • IP addresses and user agent strings
  • Timestamps of actions and requests
  • Authentication events (login attempts, password changes)
  • Action history for audit trail purposes

Feedback you choose to send

If you provide feedback, we may store:

  • The URL/title at the time of feedback
  • A compressed, grayscale screenshot
  • Relevant context about your interaction
  • Your feedback and interaction context

How We Use Data

  • Provide our service: Process your requests, execute workflows, and generate AI-powered responses
  • Improve quality and reliability: Debug issues, improve user experience, and enhance service quality
  • Maintain session continuity: Temporarily store session state to resume service after reloads or interruptions
  • Security and fraud prevention: Detect and prevent unauthorized access, abuse, or security threats
  • Compliance: Meet legal obligations and respond to lawful requests

Third-Party Service Providers

We share data with the following third-party providers to operate our service. We select providers with appropriate security practices and configure settings to minimize unnecessary data retention.

ProviderPurposeData Shared
OpenRouterLLM routing for workflow execution and AI responsesWorkflow content, user queries, page context
OpenAIAudio transcription (Whisper), LLM processingAudio files, workflow content, user queries
AnthropicLLM processing (Claude models)Workflow content, user queries, page context
Google CloudFile storage (recordings), secrets managementRecording files, encrypted API keys
NeonDatabase hostingAll application data (encrypted at rest)
VercelApplication hostingApplication logs, request metadata
SentryError tracking and monitoringError logs, user identifiers, request context

If you use the Bring Your Own Key (BYOK) feature, your API requests are sent directly to the provider you configure, and are subject to that provider's data handling practices.

Data Sharing

We do not sell personal data. We share data only with:

  • Service providers listed above, strictly as necessary to operate our service
  • AI model providers to generate responses (with data minimization settings enabled)
  • Other members of your organization, as permitted by your organization's settings
  • Legal or compliance disclosures when required by law or to protect our rights

Data Retention

We retain data for the following periods:

  • Account data: Retained while your account is active, plus up to 30 days after deletion request
  • Workflows and tasks: Retained for 3 years from last access, or until you delete them
  • Recordings: Retained until you delete them, or automatically deleted after transcription if you enable that setting
  • Conversation history: Retained for 3 years from creation
  • Audit logs: Retained for 3 years for security and compliance purposes
  • Session data: Retained for up to 7 days

You can request deletion of your data at any time (see "Contact Us"). Some data may be retained longer if required by law or for legitimate business purposes such as resolving disputes.

Your Rights and Choices

Access and portability

You can request a copy of your personal data by contacting us. We will provide your data in a commonly used, machine-readable format within 30 days.

Correction

You can update your account information directly in the application settings, or contact us to correct inaccurate data.

Deletion

You can delete individual workflows and tasks from the application. To delete your entire account and associated data, contact us. We will process deletion requests within 30 days, subject to legal retention requirements.

User settings and preferences

You can configure the following privacy-related settings in your account:

  • PII redaction: Enable automatic redaction of personally identifiable information from screenshots and recordings
  • Recording auto-deletion: Configure recordings to be automatically deleted after transcription
  • Bring Your Own Key (BYOK): Use your own API keys for AI providers, giving you direct control over that data flow
  • Tracing: Disable LangSmith tracing if you prefer not to have workflow execution traces stored

Extension controls

  • Disable on specific sites: You can disable the extension at any time; you can also disable or remove the extension from your browser
  • Limit content shared: Only use the extension on pages you're comfortable sharing; screenshots and visible text snippets can include page content

Security

We implement technical and organizational measures to protect your data:

Technical safeguards

  • Encryption in transit: All data transmitted between the extension, our servers, and third-party providers uses TLS/HTTPS
  • Encryption at rest: Data stored in our database and cloud storage is encrypted at rest
  • Password security: Passwords are hashed using scrypt with unique salts; we never store plaintext passwords
  • API key protection: User API keys (for BYOK) are encrypted before storage

Access controls

  • Authentication: Secure session management with automatic expiration
  • Account protection: Accounts are temporarily locked after multiple failed login attempts
  • Role-based access: Organization data is protected by role-based access controls (Owner, Admin, Member)
  • Organization isolation: Data is isolated between organizations; users can only access data within their organizations

Monitoring and audit

  • Audit logging: Security-relevant actions are logged with timestamps, IP addresses, and user agents
  • Error monitoring: We use Sentry to detect and respond to errors and potential security issues

No method of transmission or storage is 100% secure. While we work to protect your information using industry-standard practices, we cannot guarantee absolute security.

Children's Privacy

Our service is not directed to children under 13, and we do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact us to request deletion.

International Data Transfers

Your information may be processed and stored in the United States and other countries where our service providers operate. Those countries may have different data protection laws than your country of residence. When we transfer data internationally, we implement appropriate safeguards including contractual protections with our service providers.

Data Processing Agreements

Enterprise customers may request a Data Processing Agreement (DPA) that provides additional contractual commitments regarding data handling. Contact us at team@trylexicon.com for more information.

Changes to This Policy

We may update this policy from time to time. We will revise the "Last updated" date and, where appropriate, provide additional notice (e.g., via email or on our website). We encourage you to review this policy periodically.

Contact Us

For questions, requests (including data access, correction, or deletion), or concerns about this Privacy Policy or our data practices:

Email: team@trylexicon.com

We aim to respond to all requests within 30 days.

Terms of ServiceSign In