Skip to content

docs(extension): add browser extension privacy policy#4386

Open
arkadiykondrashov wants to merge 1 commit into
mainfrom
docs/extension-privacy-policy
Open

docs(extension): add browser extension privacy policy#4386
arkadiykondrashov wants to merge 1 commit into
mainfrom
docs/extension-privacy-policy

Conversation

@arkadiykondrashov

Copy link
Copy Markdown
Contributor

Summary

Adds apps/extension/PRIVACY.md, a Chrome Web Store / Firefox Add-ons compliant privacy policy for the Kilo Code browser extension, written to match the extension's actual code behavior (Chrome and Firefox versions share identical functionality).

Data flows found in the code that informed the policy

  • Manifest (apps/extension/wxt.config.ts): host_permissions: ['<all_urls>', 'file:///*', 'https://app.kilo.ai/*', 'http://127.0.0.1/*', 'http://localhost/*']; permissions debugger/identity/scripting/storage/tabs (Firefox omits debugger, uses scripting instead). No content scripts are registered anywhere — nothing runs automatically on page load.
  • Auth: device-code OAuth-like flow against app.kilo.ai (src/shared/auth.ts); bearer token + Google account email stored in chrome.storage.local (local:kiloAuth), sent as Authorization: Bearer header on all backend calls.
  • Organization selection: stored in chrome.storage.local, sent as x-kilocode-organizationid header (src/shared/kilo-api-client.ts).
  • Tab/page data, only on explicit tool invocation from the side panel (no background scraping): tab list (title/URL, in-memory), DOM "page snapshot" (sanitized/truncated text via injected script), tab title/sanitized URL/time/timezone as hidden context, viewport screenshot (explicitly stripped before being persisted to local conversation history — see agent-conversation-persistence.ts), and arbitrary eval results (dangerous-mode only). All of this becomes part of the conversation sent to POST {apiBaseUrl}/api/gateway/v1/chat/completions on app.kilo.ai.
  • Conversation history (local:kiloAgentConversations) persisted in chrome.storage.local only, never chrome.storage.sync.
  • Remote MCP servers: user-configured third-party URLs + credentials (bearer token/custom header/OAuth tokens), stored in chrome.storage.local (local:kiloRemoteMcpServers), sent only to the user-specified third-party server.
  • No analytics/telemetry/crash-reporting SDKs are present in package.json or wired up in code (checked for PostHog, Segment, Mixpanel, Sentry, Amplitude — zero matches).
  • No chrome.cookies, chrome.history, or chrome.webRequest usage anywhere.

This is a static-analysis-based policy (see the full investigation for file:line references). A human reviewer should verify accuracy against the live app.kilo.ai backend's own server-side data retention/processing before this is published to the Chrome Web Store / Firefox Add-on listings, since this document only covers the extension's own client-side behavior.

Verification

Reviewed the new file for markdown formatting and internal consistency; no code paths were changed, so no functional testing applies. Cross-referenced every claim against apps/extension/wxt.config.ts, src/shared/auth.ts, src/shared/tab-debugger.ts, src/shared/kilo-api-client.ts, src/shared/kilo-gateway-chat-stream-client.ts, src/shared/remote-mcp-storage.ts, entrypoints/background.ts, entrypoints/sidepanel/agent-conversation-storage.ts, entrypoints/sidepanel/agent-conversation-persistence.ts, and package.json.

Visual Changes

N/A

Reviewer Notes

  • This policy should be reviewed by legal/compliance before being linked from the Chrome Web Store or Firefox Add-on listing pages, since store submissions typically require the policy to be hosted at a public URL.
  • Please double-check the support contact email (support@kilo.ai) and the link to the main Kilo Code privacy policy (https://kilo.ai/privacy) are correct/current.
  • If the extension's data practices change in the future (e.g., new permissions, new backend endpoints, analytics added), this file must be updated to stay accurate.

Built for Arkadiy Kondrashov by Kilo for Slack

Co-authored-by: kiloconnect[bot] <240665456+kiloconnect[bot]@users.noreply.github.com>
@kilo-code-bot

kilo-code-bot Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Code Review Summary

Status: No Issues Found | Recommendation: Merge

Executive Summary

Reviewed the new apps/extension/PRIVACY.md documentation file for internal consistency, formatting, and factual alignment with the referenced extension source (manifest permissions, auth, storage, MCP, and screenshot-persistence code); no high-confidence issues found.

Files Reviewed (1 files)
  • apps/extension/PRIVACY.md

Reviewed by claude-sonnet-5-20260630 · Input: 16 · Output: 6.5K · Cached: 327.6K

Review guidance: REVIEW.md from base branch main

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant