Privacy Policy for ChatGPT Reverse

Last Updated: 2025-05-02

1. Introduction

This Privacy Policy describes how the "ChatGPT Reverse" Chrome Extension ("the Extension", "we", "us", or "our") collects, uses, and handles your information when you use the extension. This Extension is designed to enhance your experience on chatgpt.com by interacting with its underlying API and offering optional premium features requiring user accounts and payments.

2. Information We Collect or Handle

To provide its core and premium features, the Extension handles or collects the following types of information:

2.1 Information Handled for Core ChatGPT Interaction:

• ChatGPT API Headers/Tokens: The Extension intercepts and stores necessary authentication tokens and headers (like Authorization, OAI-Device-Id) generated during your session with chatgpt.com. This happens locally within your browser.
• ChatGPT Conversation Data (Locally Processed): For features like Markdown export, audio generation, or token counting, the Extension accesses conversation data (IDs, content, metadata) via the chatgpt.com API using your stored headers/tokens. This processing happens locally within the Extension's service worker.
• ChatGPT Website Content: The Extension reads the text content of your conversations on chatgpt.com to enable its features.
• Network Activity (on chatgpt.com): The Extension monitors network requests made to chatgpt.com to intercept necessary API tokens and headers. This monitoring is limited to the chatgpt.com domain.
• ChatGPT Cookies (Potentially): The Extension requests permission to read cookies specifically from the chatgpt.com domain. This may be used to ensure proper interaction with your ChatGPT session if required by future updates or specific features. The Extension does not set its own cookies on this domain.

2.2 Information Collected for Optional Accounts & Subscriptions:

To access premium ("Pro") features, you may choose to create an account and purchase a subscription. This involves collecting:

• Personally Identifiable Information (PII):
  • Email Address: Collected during account registration or login for account identification and communication.
  • User ID (UID): A unique identifier assigned by Firebase Authentication upon account creation, used to link your account to your subscription data.
• Authentication Information:
  • Password: Collected securely during registration and login via Firebase Authentication for account security. We do not store your plaintext password.
• Financial and Payment Information:
  • Transaction Facilitation: When you choose to purchase a subscription, you are redirected to Stripe, our third-party payment processor. Stripe collects your payment information (like credit card numbers) directly; we do not collect or store this sensitive payment information ourselves.
  • Subscription Status & History: We store information about your subscription plan (e.g., "monthly", "lifetime"), its status (e.g., "active", "canceled"), and associated identifiers (linked to your User ID) provided by Stripe via the Firebase Stripe Payments Extension. This is stored in our Firestore database to manage your access to Pro features.
• Location (IP Address): Like most online services, when you interact with our authentication (Firebase) or payment processing (Stripe via Firebase Functions), your IP address is transmitted as part of standard internet communication protocols. We do not specifically store or use your IP address for tracking location beyond what is necessary for these services to function (e.g., for security, regional compliance).

2.3 Information Handled Through Extension UI Interaction:

• User Activity (Clicks): We register clicks within the extension's popup and sidebar UI to trigger extension features (e.g., clicking "Export", "Login", "Manage Subscription").

3. How We Use Your Information

• Core ChatGPT Interaction: Stored ChatGPT API headers/tokens are used exclusively to make authenticated requests to the official chatgpt.com API endpoints from within the Extension (e.g., fetching conversations, deleting chats, generating audio, exporting). Conversation content is processed locally for features like export or audio generation.
• Account Management: Your email, password (hashed), and Firebase UID are used by Firebase Authentication to create and secure your optional account for accessing Pro features.
• Subscription Management: Your Firebase UID and subscription status information (received from Stripe and stored in Firestore) are used to grant access to Pro features and allow you to manage your subscription via the Stripe Customer Portal.
• Payment Processing: We initiate redirects to Stripe for payment processing. We use the subscription status provided by Stripe to manage your access.
• Functionality and Improvement: We use click data within the extension UI to understand feature usage and improve the user experience. IP addresses are used implicitly by underlying services (Firebase, Stripe) for security and operation.
• Communication: We may use your provided email address to communicate important information regarding your account or subscription (if you create an account).

4. Data Storage and Security

• Local Storage (Browser): ChatGPT API headers/tokens are stored using chrome.storage.local on your computer.
• Firebase Authentication: Your email and hashed password are stored securely within Google's Firebase Authentication service when you create an account.
• Firestore Database: Your Firebase User ID and associated subscription details (plan type, status, Stripe IDs) are stored in Google's Firestore database, secured using standard Firebase security rules.
• Stripe: Payment details (credit card numbers, etc.) are handled and stored directly by Stripe, our payment processor, which adheres to stringent security standards (PCI DSS). We do not store this information.
• No External Transmission (Core Functionality): The Extension does not send your ChatGPT API tokens, ChatGPT conversation content, or any personal data related to your ChatGPT usage to any external servers operated by us. All core API communication happens directly between your browser (via the Extension) and the official chatgpt.com servers.
• Security Note: The security of locally stored data (like ChatGPT tokens) and your Firebase/Stripe accounts depends on the overall security of your computer and your account credentials.

5. Data Sharing

• No Sharing of ChatGPT Data: We do not share your ChatGPT API tokens or conversation content with any third parties.
• Firebase & Stripe: Information required for authentication (email, hashed password) is processed by Firebase. Information required for payment and subscription management (including linking your Firebase UID to Stripe customer/subscription IDs) is processed by Stripe and Firestore via the Firebase Stripe Payments Extension. These are essential service providers for the optional account/subscription features. Please refer to the Firebase (Google) Privacy Policy and the Stripe Privacy Policy for details on how they handle data.
• Other Third Parties: We do not share your personal information or usage data with any other third parties, except as required by law.

6. User Control and Rights

• Local Data: You can clear locally stored ChatGPT API tokens by clearing your browser's extension data for this Extension or by uninstalling it.
• Account Data: If you create an account, you can typically manage your email and password through standard Firebase Authentication methods (which may be exposed via account management features in the future). You can request account deletion by contacting us (see Section 9).
• Subscription Management: If you have a paid subscription, you can manage it (e.g., cancel, update payment method) via the Stripe Customer Portal, accessible through the "Manage Subscription" button in the Extension's account interface.
• Uninstalling: Uninstalling the Extension will remove locally stored data and stop all its functionality. It does not automatically delete your Firebase account or cancel your Stripe subscription (if applicable); these must be managed separately if desired.

7. Children's Privacy

The Extension is not intended for use by children under the age of 13 (or the relevant age of digital consent in your region). We do not knowingly collect personal information from children.

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.

9. Contact Us

If you have any questions about this Privacy Policy or your data, please contact us:

Akmal Firdaus
xkmxlfirdxus@gmail.com
https://x.com/akmalfirdxus