🔐 AI Key Vault — Privacy Policy

Last updated: May 4, 2026

Data Collection

AI Key Vault does not collect, transmit, or store any data on external servers. All data remains entirely within your browser's local storage.

Data Storage

Your API keys are encrypted with AES-256-GCM encryption and stored locally in chrome.storage.local. The encryption key is derived from your master password using PBKDF2 with 100,000 iterations. Your master password is never stored — only a cryptographic salt is persisted.

Data Access

Only you can access your encrypted keys by entering your master password. The extension does not send any data to external servers, APIs, or third parties.

Permissions

• storage — Used to store encrypted vault data and session state locally.
• activeTab — Used to inject the vault widget on the current tab when you press the keyboard shortcut.
• scripting — Used to programmatically inject the content script on pages.
• alarms — Used to auto-lock the vault after 30 minutes of inactivity.
• host_permissions — Used to detect when you're on a supported AI site (ChatGPT, Anthropic, Google AI Studio, Groq, DeepSeek) and show the vault widget.

Third-Party Services

AI Key Vault does not integrate with or send data to any third-party services, analytics platforms, or advertising networks.

Changes to This Policy

If this policy changes, the updated version will be posted on this page with a new "Last updated" date.

Contact

For questions about this privacy policy, please open an issue on our GitHub repository.