Privacy Policy
Last updated: April 20, 2026
Who We Are
aLLMost is a Chrome extension operated by Algomittens LLC ("we", "us", "our"). You can reach us at support@algomittens.com.
Single Purpose
aLLMost's single purpose is to enhance the user's experience on large language model (LLM) chat interfaces by providing pre-send intelligence — showing you similar past prompts before you send a new one, and recommending which LLM is best suited to your current task. It operates only on the specific LLM chat services listed in its host permissions. aLLMost does not monitor your general browsing activity. On the supported sites, it reads the prompts you send and the responses the LLM returns so it can show you relevant past prompts and routing suggestions inside the extension overlay. This data is stored only on your device; it is never sent to any server operated by us or any third party.
1. What Data We Collect
aLLMost collects only what is necessary to provide the service:
- Prompts and responses: The text of the prompts you send to LLMs (Claude, ChatGPT, Gemini, DeepSeek, Kimi, Grok) and the responses you receive back. This data is captured by reading network responses on those specific sites and is stored locally in
chrome.storage.localand/or IndexedDB. It is never sent to any server. - Platform preferences: Which LLM platforms you subscribe to (so the router only recommends services you can use). Stored locally in
chrome.storage.sync, which Chrome may sync across browsers where you are signed in. - Email address (Pro users): If you upgrade to aLLMost Pro, we store your email address to verify your license. Your email is stored in our database (Supabase) and is used solely for license verification.
- Subscription data: If you upgrade to a paid plan, Stripe processes your payment. We store your Stripe customer ID and subscription status — never your card number or payment details.
- Cached license status: A boolean flag indicating whether your email has an active subscription, plus a timestamp of the last check. Stored locally in
chrome.storage.localand refreshed at most every 6 hours.
2. How We Use Your Data
Each type of data we collect serves a specific purpose:
- Prompts and responses are used to compute local text-similarity matches (TF-IDF) so we can show you similar past prompts before you send a new one.
- Platform preferences are used to filter router recommendations to services you actually use.
- Email address is used to verify your Pro license status by querying our
allmost_licensestable. - Subscription data is used to determine whether Pro features are active for your account.
- Cached license status is used to unlock Pro features between verifications without querying our servers on every popup open.
3. How We Handle Your Data
We take the following measures to handle your data securely:
- Encryption in transit: All data transmitted between the extension and our servers uses HTTPS (TLS 1.2+). No user data is ever sent over unencrypted HTTP connections.
- Local-first architecture: Your prompts and the LLM's responses are stored entirely on your device in
chrome.storage.localand IndexedDB. This data is never transmitted to our servers, to Supabase, to Stripe, or to any other party. - Minimal server-side data: Our servers store only license verification data (email, Stripe customer ID, subscription status, plan). Prompt content and conversation data stay on your device.
- Row-level security: License verification uses Supabase's row-level security (RLS). The
allmost_licensestable is default-deny; anonymous queries are routed through a dedicated RPC (verify_license) that returns only subscription status and plan — never payment details or other personal information. - No analytics or tracking: aLLMost does not include any analytics libraries, telemetry, tracking pixels, crash reporters, or fingerprinting code.
No method of transmission or storage is perfectly secure. While we use reasonable measures to protect your data, we cannot guarantee absolute security.
4. Where Data Is Stored
- On your device: Prompts, responses, platform preferences, and cached license status are stored locally in your browser's
chrome.storage.local,chrome.storage.sync, and IndexedDB. - Supabase (US-hosted): Email address, Stripe customer ID, and subscription status are stored in our Supabase-hosted PostgreSQL database.
- Stripe: Payment method details and billing history are stored by Stripe. We do not have access to your full card number.
5. Who We Share Data With
We do not sell, rent, or share your personal data with third parties for advertising or marketing purposes. Data is shared only with the following service providers, solely to operate aLLMost:
- Supabase — license verification and subscription management. Supabase Privacy Policy.
- Stripe — payment processing for Pro subscriptions. Stripe Privacy Policy.
No other third parties receive any data from this extension.
6. Permissions Explained
| Permission | Why We Need It |
|---|---|
| storage | Save your captured prompts, platform preferences, and cached license status locally in your browser. |
| activeTab | When you click the aLLMost toolbar icon, allow the popup to read basic information about the current tab (used only to display which LLM platform you are on). |
Host permissions for claude.ai, chatgpt.com, chat.openai.com, gemini.google.com, *.deepseek.com, *.kimi.com, grok.com, *.grok.com | Inject the content script that reads prompt/response network traffic and renders the overlay card on those specific LLM chat sites. No other hosts are accessed. |
aLLMost does not request declarativeNetRequest, webRequest, debugger, cookies, tabs, history, or broad <all_urls> host permissions. We never modify HTTP headers, intercept cookies, or read browser history.
7. Web Browsing Activity
aLLMost does not collect or use your general web browsing activity. Its access is limited to the specific LLM chat sites listed in Section 6. On those sites, it reads the prompts you send and the responses the LLM returns so it can provide pre-send intelligence inside the extension overlay. aLLMost does not collect your browsing history, track which websites you visit, read page content on non-LLM sites, or observe your activity on any site outside the host-permissions list. Even on the supported LLM sites, the prompt/response data is stored only in your browser's local storage and is not transmitted to our servers.
8. What We Don't Collect
- Browsing history or activity on sites outside the host-permissions list
- Page content on any non-LLM site
- Cookies, form data, or login credentials
- Personal files, device identifiers, or hardware information
- Analytics, telemetry, advertising IDs, or tracking pixels
- Full credit card numbers (payment details are handled entirely by Stripe)
9. Data Retention
- Local data (prompts, responses, platform preferences, cached license status) is retained on your device. Captured prompts are capped at 1,000 most recent entries and evicted in first-in-first-out order after that. You can clear all captured prompts at any time from the extension popup. All local data is removed when you uninstall the extension or clear your browser's extension data.
- License data (email, subscription status) is retained on our servers until you cancel your subscription and request deletion.
- Payment records are retained by Stripe per their retention policy.
10. Data Deletion
You can delete your data at any time:
- Local data: Click "Clear all captured prompts" in the extension popup, uninstall the extension, or clear your browser's extension data. This removes all captured prompts, preferences, and cached license status.
- Server-side data: Cancel your Pro subscription, then email support@algomittens.com to request complete deletion of your license record from our database. We process deletion requests within 30 days.
11. Your Rights
Depending on your location, you may have the right to:
- Access, correct, or delete your personal data
- Object to or restrict processing of your data
- Withdraw consent at any time by uninstalling the extension and requesting data deletion
- Lodge a complaint with your local data protection authority
To exercise any of these rights, email support@algomittens.com.
12. Children's Privacy
aLLMost is not intended for use by anyone under the age of 13. We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact us and we will promptly delete it.
13. Cookies
aLLMost does not use cookies. License status is stored in chrome.storage.local, which is accessible only to the extension.
14. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will update the "Last updated" date above. Continued use of aLLMost after changes constitutes acceptance of the updated policy.
15. Chrome Web Store User Data Policy Compliance
aLLMost's use of user data adheres to the Chrome Web Store User Data Policy, including the Limited Use requirements:
- aLLMost only uses data in ways that are necessary to provide and improve the extension's single purpose: pre-send intelligence on LLM chat interfaces (showing similar past prompts and recommending the best LLM for the current task).
- aLLMost does not transfer user data to third parties except as necessary to provide the service (as described in Section 5), to comply with applicable laws, or to protect against malware, spam, phishing, or other fraud or abuse.
- aLLMost does not use or transfer user data for personalized advertisements.
- aLLMost does not sell user data to third parties, data brokers, or information resellers.
- aLLMost does not use or transfer user data to determine credit-worthiness or for lending purposes.
- aLLMost does not use or transfer user prompts, responses, or conversation data to train any machine-learning model.
- No human reads your user data unless (a) you give explicit consent for a specific support request, (b) it is necessary for security purposes such as investigating abuse, or (c) it is required to comply with applicable law.
16. Financial & Authentication Data
aLLMost does not publicly disclose any financial or payment information. Credit card details are handled exclusively by Stripe and are never accessible to us. License verification data stored in chrome.storage.local (the cached Pro flag and timestamp) is never publicly disclosed, logged in plaintext by third parties, or exposed outside the extension.
17. Contact
Questions, concerns, or data requests? Email support@algomittens.com.