Privacy
Policy.
Last Updated: March 1, 2026
1. Overview
PikuZen AI is a Chrome extension that helps users generate AI-powered replies on Twitter/X. We are committed to protecting your privacy and being transparent about our data practices.
Key Point: PikuZen AI does NOT collect, store, or sell any personal data. All AI processing happens locally in your browser. The only external call is license key verification via Gumroad's official API for Pro subscription management.
2. Data Collection
PikuZen AI does not collect any of the following:
- Personal information (name, email, phone number)
- Browsing history or analytics
- Twitter/X account credentials
- Cookies or tracking identifiers
- Usage statistics or telemetry
3. Data Processing
The extension processes the following data locally in your browser only:
- Tweet content: Text of tweets you interact with is read from the Twitter page DOM to generate relevant AI replies. This text is sent to third-party AI services (ChatGPT, Gemini, or Grok) based on your chosen provider.
- Tweet images: If image upload is enabled, tweet
images (fetched via
pbs.twimg.com) may be sent to your selected AI provider for context. - User settings: Your preferences (tone, reply count,
AI provider, templates, etc.) are stored locally using Chrome's
chrome.storage.localandchrome.storage.syncAPIs. - License key: If you activate a Pro subscription, your license key is sent to Gumroad's official API for verification. No personal data is included in this request.
4. Third-Party AI Services
When you use PikuZen AI, tweet content is sent to your chosen AI provider through their web interface embedded in the extension's side panel. These services have their own privacy policies:
Important: PikuZen AI does NOT operate its own servers. AI requests go directly from your browser to your chosen AI provider's website. The only external API call we make is to Gumroad for license verification.
5. Subscription & License Verification
PikuZen AI offers a Pro subscription activated via a license key purchased from Gumroad. When you enter a
license key, the following data is sent to Gumroad's official
API (api.gumroad.com):
- Your license key
- The product ID (to identify PikuZen AI)
No personal information (name, email, payment details) is sent by the extension. Gumroad returns only the license validity status and purchase date. This verification happens once daily for active Pro users.
For Gumroad's data practices, see: Gumroad Privacy Policy
6. Data Storage
All data is stored locally on your device:
- User settings are stored via
chrome.storage.local - Subscription status syncs via
chrome.storage.syncfor subscription integrity - No data is stored on external servers
- No databases or cloud storage is used
- Uninstalling the extension removes all stored data
7. Chrome Permissions Justification
PikuZen AI requests the following browser permissions:
"sidePanel"
Used to render the PikuZen control center beside your Twitter tab, allowing you to manage AI settings, view comments, and generate replies without leaving the page.
"activeTab" & "scripting"
Required to inject the PikuZen AI Reply button onto the Twitter timeline and to extract tweet text/context from the page DOM when you click it.
"storage"
Both chrome.storage.local and chrome.storage.sync are used to persist
your custom tone prompts, selected AI providers, UI preferences, and subscription status across
sessions.
"tabs"
Required for the background Service Worker to manage AI provider tabs (Gemini uses managed tabs)
and to relay tweet data via secure chrome.runtime.sendMessage protocols.
"declarativeNetRequest"
Routing headers are modified exclusively to bypass restrictive X-Frame-Options and
Content-Security-Policy blocks, enabling the secure loading of AI provider websites
inside the extension's embedded iframes.
Host Permissions
The extension requires access to these specific domains:
- x.com / twitter.com — To inject AI buttons and extract tweet context from the page
- chatgpt.com / chat.openai.com — To load ChatGPT in the embedded AI Chat panel
- gemini.google.com — To load Gemini in the embedded AI Chat panel
- grok.com — To load Grok in the embedded AI Chat panel
- pbs.twimg.com — To fetch tweet images for AI context (when image upload is enabled)
- api.gumroad.com — To verify Pro license keys for subscription activation
8. Data Sharing
PikuZen AI does NOT:
- Sell user data to any third party
- Share data with advertisers
- Use data for profiling or targeting
- Transfer data to data brokers or information resellers
- Use data for creditworthiness or lending purposes
- Use data for personalized advertising
9. Data Retention
PikuZen AI retains data only as long as necessary to provide its functionality:
- User settings (tone, templates, provider preferences) are stored locally until you uninstall the extension or manually reset them.
- Subscription status is stored in
chrome.storage.syncfor subscription integrity; it persists across reinstalls but contains no personal information. - Tweet content is processed in memory only during active reply generation and is never written to disk or transmitted to our servers.
- Uninstalling the extension permanently removes all locally stored data.
10. User Rights & Data Control
You have full control over your data at all times:
- Review: All stored settings can be viewed directly in the extension's AI Settings tab.
- Delete: You can reset all settings to defaults using the "Reset" button in the extension, or uninstall the extension to remove all data.
- Opt out: You can disable image upload, auto-post, and other features individually via toggle switches in Settings.
- Portability: Since no data is stored on external servers, there is no remote data to export or transfer.
11. Security
PikuZen AI follows secure data handling practices:
- All communication with AI providers (ChatGPT, Gemini, Grok) happens over HTTPS encrypted connections.
- License key verification with Gumroad uses HTTPS POST requests.
- No data is transmitted over unencrypted channels.
- The extension requests only the minimum permissions necessary for its core functionality.
- Content Security Policy (
CSP) is enforced on extension pages to prevent code injection.
12. Children's Privacy
PikuZen AI is not intended for use by children under 13. We do not knowingly collect data from children.
13. Changes to This Policy
We may update this privacy policy from time to time. Changes will be reflected in the "Last updated" date above. Continued use of the extension after changes constitutes acceptance of the updated policy.
14. Contact
If you have questions about this privacy policy or the extension, contact us at: [email protected]