Privacy Policy

Last updated: April 2026

This Privacy Policy explains how PhantomAI ("we", "us", "the extension") collects, uses, stores, and shares information when you use the PhantomAI Chrome extension and the phantom-ai.app website.

1. Information We Collect

Account Information

When you create an account, we collect:

• Email address (used to identify your account, send confirmation and password reset emails)
• Hashed password (used to authenticate you; stored hashed, never in plain text)
• Account creation date and last login date (used for account administration)

If you sign in with Google, we receive your Google account email and a unique Google user identifier. We do not receive your Google password or access any other Google account data.

Usage Data

We track the following to enforce rate limits and provide service:

• Daily query count (number of AI requests you make per day, used to enforce plan limits)
• Subscription status and plan tier (used to determine your query limit and model access)

Query Content (processed, not stored)

When you make a query, the following is transmitted to our servers for processing and immediately forwarded to OpenAI:

• Highlighted text you send
• Screenshots you capture
• Content of context documents and reference images (only when included in a query)

This content is not logged or stored on our servers after the response is returned.

Payment Information

If you subscribe to a paid plan, payment details (card number, billing address) are collected and processed entirely by Stripe. We never receive or store your full payment information. We only receive a subscription status and customer ID from Stripe.

Local Browser Storage

The following data is stored only in your browser's extension storage and never uploaded to our servers:

• Uploaded context documents (PDFs, TXT, MD, CSV files)
• Saved reference screenshots
• Display preferences, hotkey settings, and indicator customizations

2. How We Use Your Information

• Authentication: Email and password are used to verify your identity when you sign in.
• Query processing: Highlighted text and screenshots are sent to OpenAI to generate AI responses.
• Rate limiting: Daily query counts are checked before processing requests to enforce plan limits.
• Billing: Subscription and payment data are used to process payments and manage plan access.
• Service communication: Your email address is used for account confirmation, password reset, and essential service notifications only. We do not send marketing emails.

3. How We Share Your Information

We do not sell your personal information. We share limited data only with the following third-party service providers, each used strictly for the purpose listed:

• OpenAI — Receives your query content (highlighted text, screenshots, context documents, and reference images) in order to generate AI responses. Data is transmitted via OpenAI's API. Subject to OpenAI's Privacy Policy.
• Supabase — Hosts our authentication system and database (account email, hashed password, subscription status, daily query counts). Subject to Supabase's Privacy Policy.
• Stripe — Processes all payments for paid subscriptions. Receives your payment details and billing information directly; we do not handle card data. Subject to Stripe's Privacy Policy.
• Google — If you choose to sign in with Google, your Google account email and user ID are shared via Google OAuth to verify your identity. Subject to Google's Privacy Policy.
• Cloudflare — Hosts our website (phantom-ai.app) and may log standard request metadata (IP address, user agent) as part of serving the site. Subject to Cloudflare's Privacy Policy.

We do not share your data with advertisers, data brokers, or any party not listed above. We may disclose information if required by law, subpoena, or court order.

4. What We Do Not Collect or Store

• We do not store the text you highlight or the screenshots you capture after a query is processed.
• We do not store AI responses on our servers.
• We do not track your browsing history or the websites you visit.
• We do not collect analytics on individual user activity inside the extension.
• We do not store your uploaded documents or reference images on our servers (these stay in your local browser storage).

5. Extension Permissions

• storage / unlimitedStorage: Stores your settings, uploaded documents, and reference screenshots locally in your browser.
• contextMenus: Adds a right-click option used by the extension.
• identity: Enables account sign-in.
• host_permissions (all_urls): Required so the content script can run on any webpage you choose to use the extension on. The extension only acts when you explicitly press a hotkey or trigger capture mode.

6. Data Retention

• Account data is retained for as long as your account is active.
• Query content is not retained; it is processed and discarded.
• Daily usage counts are retained for up to 90 days for billing and rate-limit enforcement.
• Subscription records are retained as required by tax and accounting law (typically 7 years).
• Local extension data (documents, references, settings) is retained in your browser until you remove it or uninstall the extension.

7. Data Deletion and Your Rights

You can:

• Delete your account by emailing support@phantom-ai.app. We will delete your account and associated personal data from our servers within 30 days.
• Remove local data by uninstalling the extension or using the "Clear All" buttons in the Files tab.
• Cancel your subscription at any time from your account page or the Stripe billing portal.
• Request a copy of the personal data we hold about you by emailing support.

8. Children's Privacy

PhantomAI is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal data, please contact us and we will delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated to registered users via email. The "Last updated" date at the top of this page reflects the most recent version.

10. Contact

For privacy questions, data deletion requests, or any other concerns, contact us at support@phantom-ai.app.