Effective Date: October 11, 2025
Superwizard AI ("Superwizard," "we," "us," or "our") is committed to protecting your privacy and ensuring transparency in how we collect, use, and safeguard your personal information. This Privacy Policy explains our data practices for the Superwizard AI Chrome browser extension and related services (collectively, the "Service"), accessible through lookheed-sentinel.vercel.app and the Chrome Web Store.
By installing, accessing, or using the Service, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your information as described herein. If you do not agree with our policies and practices, you should not install or use the Service.
This Privacy Policy is incorporated into and subject to our Terms of Service. Any terms not defined in this Privacy Policy have the meaning given to them in our Terms of Service.
We collect several types of information from and about users of our Service. The categories of information we collect depend on how you interact with the Service and which features you use.
Account Information. When you create an account to use certain features of the Service, we collect your email address, password (stored in encrypted form), and any optional profile information you choose to provide such as your full name and avatar image. We use this information to create and manage your account, authenticate your access, and provide personalized Service features.
API Keys and Configuration Data. If you choose to configure your own API keys from third-party AI service providers such as OpenAI, Anthropic, Google AI, or OpenRouter, you provide these API keys directly to the Service. These API keys are stored locally in your browser's extension storage and are never transmitted to our servers except when you explicitly use our server-authenticated models. We do not have access to your third-party API keys, and you are solely responsible for managing and securing them according to the respective provider's terms of service.
Browser Automation Instructions. When you provide natural language commands or instructions to the Service, we collect and process these inputs to generate appropriate browser automation actions. These instructions may contain information about your intended tasks, preferences, and the websites you wish to automate.
Chat History and Conversation Data. The Service stores your conversation history, including your messages and the AI-generated responses, locally in your browser storage by default. If you opt to use our cloud storage features for conversation sync across devices, this data is transmitted to and stored on our servers in encrypted form.
Feedback and Support Communications. If you contact us for customer support or provide feedback about the Service, we collect your name, email address, and the content of your communications. We use this information to respond to your inquiries, troubleshoot issues, and improve the Service.
Extension Usage Data. We automatically collect information about how you use the Service, including features accessed, commands executed, frequency of use, session duration, and interaction patterns. This data helps us understand user behavior, improve the Service, and develop new features.
Technical Information. We collect technical information about your browser and system, including browser type and version, operating system, Chrome extension version, screen resolution, language preferences, and timezone. This information helps us ensure compatibility, diagnose technical issues, and optimize performance.
Web Page Content and Screenshots. To execute browser automation tasks, the Service captures and processes content from web pages you visit while using the Service. This includes:
This content is processed in real-time to understand the current state of web pages and generate appropriate automation actions. Screenshots are transient and are NOT permanently stored - they are only used for immediate AI processing and then discarded.
Browser Permissions Data. The Service requests various Chrome browser permissions to function properly. We collect information about which permissions have been granted to ensure the Service operates correctly.
Authentication and Session Data. When you sign in to your account, we collect session tokens, authentication timestamps, and last sign-in information to maintain your authenticated session and provide security features.
AI Service Provider Responses. When you use the Service with either your own API keys or our server-authenticated models, we receive responses from third-party AI service providers including OpenAI, Anthropic, Google, Meta, and others. These responses contain AI-generated automation instructions based on your commands and the web page content. The AI providers process your data according to their own privacy policies, which we encourage you to review.
Website Content. The Service interacts with third-party websites on your behalf to perform automation tasks. While we process information from these websites to execute your commands, we do not control these third-party sites, and they may have their own data collection practices.
We use the information we collect for the following purposes, in accordance with applicable law and your consent where required.
Providing and Operating the Service. We use your information to deliver the core functionality of the Service, including processing your natural language commands, generating browser automation actions through AI models, executing actions on web pages, maintaining your account and authentication, storing and syncing conversation history when enabled, and providing customer support and responding to your inquiries.
Improving and Developing the Service. We analyze usage patterns and feedback to understand how users interact with the Service, identify bugs and technical issues, develop new features and improvements, optimize AI model performance and accuracy, enhance user interface and experience, and conduct research and development for future service enhancements.
Training and Improving AI Models. We may use anonymized and aggregated data from user interactions to train and improve our AI models and algorithms. This includes analyzing patterns in automation tasks, understanding common use cases, improving action accuracy and reliability, and developing better natural language understanding. You can opt out of this data usage through settings in the Service interface.
Security and Fraud Prevention. We use your information to detect and prevent fraudulent activity, unauthorized access attempts, and abuse of the Service, monitor for violations of our Terms of Service and Acceptable Use Policy, protect our systems and infrastructure from security threats, and verify user identity during authentication.
Communications. We use your contact information to send you service-related announcements, updates about new features and changes to the Service, respond to your support requests and inquiries, send administrative messages about your account, and with your consent, provide promotional communications about new features or services you may find useful. You can opt out of promotional communications at any time.
Legal Compliance and Protection. We may use your information to comply with applicable laws, regulations, and legal processes, respond to lawful requests from government authorities, enforce our Terms of Service and other agreements, protect our rights, property, and safety, and protect the rights, property, and safety of our users and the public.
Analytics and Performance Monitoring. We use aggregated and anonymized data to generate usage statistics and metrics, monitor Service performance and reliability, understand user demographics and preferences, measure the effectiveness of new features, and create reports for internal business purposes.
We share your information only in specific circumstances and with appropriate safeguards to protect your privacy.
With AI Service Providers. When you use the Service, your browser automation commands, web page content, and screenshots are transmitted to AI service providers to generate automation actions. The specific providers and data sharing practices depend on your configuration:
When Using Your Own API Keys (Direct Integration):
When Using Server-Authenticated Models:
We do not share your data with AI providers for purposes other than generating responses to your specific requests. You are responsible for managing your own API keys and ensuring compliance with each provider's terms of service.
With Service Providers and Business Partners. We engage trusted third-party service providers to help us operate, analyze, and improve the Service. These providers may have access to your information only to perform specific tasks on our behalf and are obligated to protect your information and use it only for the purposes we specify. Our service providers include cloud infrastructure and hosting providers for storing account data and conversation history, authentication service providers for managing user accounts and sign-in, analytics providers for understanding Service usage and performance, customer support platforms for managing support requests, and security monitoring services for detecting and preventing abuse.
For Legal Reasons. We may disclose your information if required to do so by law or in response to valid legal requests, including to comply with a subpoena, court order, or other legal process, respond to lawful requests from government authorities, law enforcement, or regulatory agencies, enforce our Terms of Service, policies, and other agreements, protect against fraud, security threats, or illegal activity, protect our rights, property, or safety and the rights, property, or safety of our users or the public, and in connection with investigations of potential violations of law or our policies.
Business Transfers. If we are involved in a merger, acquisition, asset sale, bankruptcy, or other business transaction, your information may be transferred as part of that transaction. We will notify you via email or prominent notice in the Service before your information becomes subject to a different privacy policy. You will have the opportunity to delete your account and data before any such transfer.
With Your Consent. We may share your information with third parties when you explicitly consent to such sharing, such as when you choose to integrate the Service with third-party applications or services. You can revoke such consent by disconnecting the integration through the Service settings.
Aggregated and Anonymized Data. We may share aggregated, anonymized, or de-identified data that cannot reasonably be used to identify you with third parties for research, analytics, marketing, or other lawful purposes. This data does not contain any personally identifiable information.
We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
Account Data. We retain your account information, including email address and profile data, for as long as your account remains active. If you delete your account, we will delete your account data within ninety days, except as required for legal compliance, dispute resolution, or fraud prevention.
Conversation History. Conversation history stored locally in your browser remains on your device until you manually delete it through the Service interface. Conversation history stored in our cloud storage for cross-device sync is retained until you delete it through the Service or close your account. Deleted conversation history is permanently removed from our systems within thirty days.
Usage and Analytics Data. Aggregated and anonymized usage data may be retained indefinitely for analytics and service improvement purposes, as this data cannot be used to identify individual users.
Web Page Content and Screenshots. Web page content and screenshots captured during Service operation are processed in real-time and are not permanently stored by us:
This data is transmitted to AI providers for processing your request and is handled according to their retention policies. When using server-authenticated models, this data passes through our servers temporarily and is not retained after processing is complete.
Legal Compliance Data. We may retain certain data for longer periods when required to comply with legal obligations, resolve disputes, enforce our agreements, or as reasonably necessary for other legitimate business purposes.
You can request deletion of your data at any time by contacting us at the email address provided in the Contact Information section below. Please note that some residual information may remain in our backup systems for a limited period after deletion requests are processed.
We implement reasonable and appropriate technical, administrative, and physical security measures designed to protect your personal information from unauthorized access, disclosure, alteration, and destruction.
Technical Safeguards. Our security measures include encryption of data in transit using industry-standard TLS/HTTPS protocols, encryption of sensitive data at rest using strong encryption algorithms, secure authentication mechanisms including password hashing and session management, regular security assessments and vulnerability testing, access controls and authentication requirements for our systems, monitoring and logging of system access and activities, and regular security updates and patches to our infrastructure.
API Key Security. API keys you provide for third-party AI services are stored locally in your browser's extension storage using Chrome's secure storage APIs. These keys are:
You are responsible for protecting your API keys and should never share them with others or expose them in public forums. You can add, remove, or update your API keys at any time through the extension settings.
Organizational Safeguards. We maintain organizational security practices including limiting access to personal information to authorized personnel who need it for their job functions, training our employees on data security and privacy practices, implementing confidentiality agreements with employees and contractors, maintaining incident response procedures for security breaches, and conducting regular reviews of our security practices and policies.
Third-Party Security. When we engage third-party service providers, we require them to maintain appropriate security measures to protect your information. However, we cannot guarantee the security practices of third-party AI providers or websites you interact with through the Service.
No Absolute Security. While we strive to protect your personal information, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security of your information. You use the Service at your own risk, and you should take your own precautions to protect your data, including using strong passwords, keeping your account credentials confidential, and being cautious about what information you include in your commands.
Security Incident Notification. In the event of a data breach that affects your personal information, we will notify you as required by applicable law through email or prominent notice in the Service. We will provide information about the nature of the breach, the data affected, and steps you can take to protect yourself.
Depending on your location, you may have certain rights regarding your personal information. We are committed to honoring these rights in accordance with applicable law.
Access and Portability. You have the right to request access to the personal information we hold about you and receive a copy of your data in a structured, commonly used, and machine-readable format. You can access most of your data directly through the Service interface, including:
Correction and Update. You have the right to correct inaccurate personal information and update incomplete information. You can edit your account information directly through the Service settings. For other corrections, please contact us using the information provided below.
Deletion. You have the right to request deletion of your personal information, subject to certain legal exceptions. You can:
Please note that some information may be retained as permitted by law for legal compliance, dispute resolution, or fraud prevention purposes.
Opt-Out of Data Usage for AI Training. You can opt out of having your data used to train and improve our AI models through settings available in the Service interface. This opt-out does not affect the Service's ability to process your data to provide the core automation functionality you request.
Opt-Out of Communications. You can opt out of promotional emails by following the unsubscribe instructions in those emails or by adjusting your communication preferences in account settings. You cannot opt out of service-related communications that are necessary for the operation of your account.
Restriction of Processing. In certain circumstances, you may have the right to request that we restrict the processing of your personal information, such as when you contest the accuracy of your data or object to our processing.
Object to Processing. You may have the right to object to certain types of processing of your personal information, including processing for direct marketing purposes or processing based on our legitimate interests.
Withdraw Consent. Where we rely on your consent to process personal information, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before withdrawal.
Lodge a Complaint. If you believe we have not complied with applicable privacy laws, you have the right to lodge a complaint with your local data protection authority or supervisory authority.
California Privacy Rights. If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to know what personal information we collect, use, disclose, and sell, the right to request deletion of your personal information, the right to opt out of the sale or sharing of your personal information, the right to correct inaccurate personal information, the right to limit the use of sensitive personal information, and the right to non-discrimination for exercising your privacy rights. We do not sell your personal information as defined by the CCPA. To exercise your California privacy rights, please contact us using the information provided below.
European Privacy Rights. If you are located in the European Economic Area, United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR), including the rights described above and the right to receive information about the legal basis for processing your data, the right to know about recipients or categories of recipients of your data, the right to information about automated decision-making and profiling, and the right to lodge a complaint with your local supervisory authority. Our legal bases for processing your personal information include performance of our contract with you, compliance with legal obligations, protection of vital interests, legitimate interests pursued by us or third parties, and your consent where required.
Exercising Your Rights. To exercise any of the rights described above, please contact us using the email address provided in the Contact Information section below. We will respond to your request within the timeframe required by applicable law, typically within thirty to forty-five days. We may need to verify your identity before processing your request to protect your information from unauthorized access.
The Service is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If you are under 13 years of age, you may not install or use the Service.
This extension is not directed to children under 13 years of age. We do not knowingly collect personal information from children.
If we become aware that we have collected personal information from a child under 13 without verification of parental consent, we will take steps to delete that information as quickly as possible. If you believe we might have information from or about a child under 13, please contact us immediately using the information provided below.
The Service is operated from the United States, and your information may be transferred to, stored, and processed in the United States or other countries where we or our service providers maintain facilities. These countries may have data protection laws that are different from the laws of your country.
Transfers from the European Economic Area. If you are accessing the Service from the European Economic Area, United Kingdom, or Switzerland, we rely on appropriate legal mechanisms for transferring personal information to countries outside the EEA that do not provide an equivalent level of data protection, including the European Commission's Standard Contractual Clauses, adequacy decisions, and your explicit consent where applicable.
Data Localization. Some features of the Service, such as server-authenticated AI models, process data through servers located in specific regions. While we strive to provide transparency about data processing locations, we cannot guarantee that all data will remain within specific geographic boundaries due to the distributed nature of cloud services and content delivery networks.
Third-Party AI Providers. When you use the Service with your own API keys or our server-authenticated models, your data may be processed by third-party AI providers located in various countries. These providers include OpenAI (United States), Anthropic (United States), Google (United States and other regions), and Meta (United States). Please review their privacy policies for information about their data processing locations and practices.
By using the Service, you acknowledge and consent to the transfer, storage, and processing of your information in the United States and other countries as described in this Privacy Policy.
As a Chrome browser extension available through the Chrome Web Store, we comply with Google's Developer Program Policies and Limited Use requirements for user data.
Limited Use of User Data. We limit our use of data obtained from Chrome APIs, including browsing activity and web page content, to providing and improving the user-facing features of the Service as described in our Chrome Web Store listing and this Privacy Policy. We do not transfer, use, or sell this data for advertising purposes, to data brokers or information resellers, or for any purpose unrelated to the Service's core functionality.
Data Usage Disclosure:
Limited Use Disclosure: Superwizard AI's use and transfer of information received from Google APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements.
Secure Data Handling. All personal and sensitive user data collected by the Service is transmitted over secure connections using HTTPS and encrypted protocols. Data stored locally uses Chrome's built-in encryption methods.
Prominent Disclosure. For data collection practices that may not be apparent from the Service's description, we provide prominent disclosures within the extension interface before collecting such data, obtain explicit user consent where required, and allow users to review and manage their data collection preferences.
Data Minimization. We collect only the data necessary to provide the Service's functionality and do not request broader permissions or access than required. Users can review the specific permissions requested by the extension in the Chrome Web Store listing and Chrome extension management interface.
The Service uses minimal cookies and tracking technologies to provide core functionality.
Browser Extension Storage. The Chrome extension uses Chrome's local storage APIs to store your preferences, conversation history, API keys, and other settings locally on your device. This data is not transmitted to our servers unless you enable cloud sync features.
Authentication Cookies. When you sign in to your account through our web authentication system, we use session cookies to maintain your authenticated state. These cookies are necessary for the Service to function and are automatically deleted when you sign out or after your session expires.
No Analytics or Tracking. The Service does not use analytics tools, tracking pixels, or other monitoring technologies. We do not collect usage statistics or performance metrics that could identify individual users.
Third-Party Cookies. The Service may interact with third-party websites that use their own cookies and tracking technologies. We do not control these third-party practices, and they are governed by the privacy policies of those websites.
Your Cookie Choices. You can control cookies through your browser settings, disable cookies in your browser preferences, clear existing cookies from your browser, and use browser privacy features to limit tracking. Please note that disabling certain cookies may affect the functionality of the Service.
The Service uses artificial intelligence and automated processing to translate your natural language commands into browser automation actions. This involves automated decision-making that affects how tasks are executed on your behalf.
How AI Processing Works. When you provide a command, the Service processes your input along with web page content and screenshots (if enabled), sends this information to AI models (either directly to third-party providers using your API keys or through our servers for server-authenticated models), receives AI-generated automation instructions, and executes those instructions on the web page. The AI processing is designed to understand your intent and generate appropriate actions to accomplish your requested task.
Limitations of AI. AI systems may occasionally produce unexpected or inaccurate results. The Service may misinterpret your commands, generate incorrect automation actions, interact with web pages in unintended ways, or fail to complete tasks as expected. You should review the actions the Service takes and verify that they achieve your desired outcome. You retain full control and can interrupt or stop any automated task at any time.
No High-Stakes Decisions. The Service is not designed for, and should not be used for, high-stakes automated decision-making that could have legal or similarly significant effects on you or others. This includes decisions about employment, credit, insurance, housing, or other consequential matters. You are solely responsible for the outcomes of actions taken by the Service on your behalf.
Human Oversight. You maintain full control over the Service's actions. You can interrupt tasks, review action history, and manually intervene at any time. We encourage you to actively supervise automated tasks, especially when interacting with sensitive accounts or performing important actions.
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or other factors. When we make material changes, we will notify you through the Service interface, email notifications sent to your registered email address, a prominent notice on our website, or browser extension notifications.
The updated Privacy Policy will be effective as of the date indicated at the top of the document. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised Privacy Policy. If you do not agree with the updated terms, you should discontinue use of the Service and may delete your account.
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information and your privacy rights.
If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at the following address. We will respond to your inquiry within a reasonable timeframe, typically within thirty days.
Email Contact: You can reach our privacy team through the contact information provided on our website at https://www.superwizard.ai/privacy-policy or by emailing us directly.
Data Protection Officer: If you are located in the European Economic Area and wish to contact our Data Protection Officer, please use the email address above and indicate that your inquiry is for the DPO.
Mailing Address: For written correspondence, please refer to the contact information available on our website at https://www.superwizard.ai.
When contacting us about privacy matters, please include sufficient information for us to identify your account and understand your request. This may include your registered email address, account username, and a description of your concern or request.
California Residents. For California residents, this section provides additional disclosures required by the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). In the preceding twelve months, we collected the following categories of personal information as defined by the CCPA: identifiers such as email address and account ID, internet or other electronic network activity information including browsing behavior and interaction patterns, geolocation data at the country and region level, and inferences drawn from the above information to create user profiles reflecting preferences and behavior. We collect this information directly from you, automatically when you use the Service, and from third-party AI providers. We use this information for the business purposes described in the "How We Use Your Information" section above. We share this information with the categories of third parties described in the "How We Share Your Information" section above. We do not sell your personal information as defined by the CCPA. We do not share your personal information for cross-context behavioral advertising. California residents have the right to request disclosure of the categories and specific pieces of personal information we have collected, the right to request deletion of personal information, the right to correct inaccurate personal information, the right to opt out of the sale or sharing of personal information, the right to limit use of sensitive personal information, and the right to non-discrimination for exercising privacy rights. To exercise these rights, please contact us using the information provided above.
European Economic Area, United Kingdom, and Switzerland Residents. For residents of the European Economic Area, United Kingdom, and Switzerland, we process your personal information based on the following legal grounds: performance of a contract when processing is necessary to provide the Service to you, legitimate interests when processing is necessary for our legitimate business interests and does not override your fundamental rights, legal obligations when processing is required to comply with applicable laws, and consent when we have obtained your explicit permission for specific processing activities. You have the rights described in the "Your Privacy Rights and Choices" section above, including rights under the GDPR. You also have the right to lodge a complaint with your local supervisory authority if you believe we have violated your privacy rights. For data transfers outside the EEA, UK, or Switzerland, we use Standard Contractual Clauses approved by the European Commission or other appropriate safeguards.
Other Jurisdictions. If you are located in a jurisdiction with specific privacy laws not addressed above, such as Brazil's LGPD, Australia's Privacy Act, or other regional regulations, please contact us for information about how we comply with applicable laws in your jurisdiction. We are committed to honoring all applicable privacy laws and regulations regardless of where you are located.
The Service may contain links to third-party websites, services, or applications that are not owned or controlled by us. This Privacy Policy applies only to the Service and not to any third-party sites or services.
When you interact with third-party websites through the Service's automation features, or when you use third-party AI providers with your own API keys, those third parties may collect information according to their own privacy policies. We encourage you to read the privacy policies of any third-party services you use or websites you visit.
We are not responsible for the privacy practices or content of third-party sites and services. Your use of third-party services is at your own risk, and you should review their terms and privacy policies before providing them with any information.
For business customers or users who require a Data Processing Addendum (DPA) to comply with their own privacy obligations, please contact us using the information provided above. We can provide appropriate contractual terms to meet your data processing requirements.
Acknowledgment
By using the Service, you acknowledge that you have read and understood this Privacy Policy and agree to its terms. If you do not agree with this Privacy Policy, you must not use the Service.
Last Updated: December 19, 2024
This Privacy Policy is effective as of the date indicated above and supersedes all prior versions.
This privacy policy has been updated to comply with Chrome Web Store User Data Policy requirements. The Superwizard AI extension:
For the most current version of this privacy policy, please visit: https://www.superwizard.ai/privacy-policy