Privacy Policy

Last updated: August 26, 2025

1. Introduction

SurfMind (hereinafter referred to as "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our services, including our Chrome extension and related platforms (collectively referred to as the "Services"). By using the Services, you consent to the practices described in this Privacy Policy.

2. Information We Collect

2.1 Personal Information

Support Communication Information: If you contact us through email, chat, or other communication channels, we will collect the information you provide, including your name, contact details, and the content of your inquiries.

2.2 Non-Personal Information

Analytics and Performance Data: We use analytics tools to collect non-personal information about the performance of the Services, such as extension load times, error rates, and feature usage patterns. This information helps us improve the quality and performance of the Services.

Device and Connection Information: We collect information about your device, such as the browser type, browser version, operating system, and extension version. This information is used to optimize the Services for your device and to provide a seamless user experience.

2.3 Information We Explicitly Do NOT Collect

In adherence to our privacy-first approach, SurfMind explicitly does not collect, store, or process:

• Website content that you view, extract, or interact with
• Your conversations, prompts, or interactions with AI models
• Your API keys, credentials, or authentication tokens for AI services
• Personal browsing history or website visit patterns
• Passwords, financial information, or other sensitive personal data
• Content generated by AI models in response to your queries

3. How We Use Your Information

3.1 Provide and Improve the Services

We use the limited non-personal information we collect to maintain and enhance the functionality of the SurfMind extension, ensure compatibility across different browser environments, and deliver the features and functionality you request.

Your usage information helps us understand how you interact with the Services, identify areas for improvement, and develop new features and enhancements to meet user needs while maintaining our commitment to privacy-first design principles.

3.2 Communication

We may use your contact information to send you important updates, announcements, and administrative messages related to the Services, such as service changes, security alerts, and legal notices.

4. Local Data Processing and Third-Party AI Providers

4.1 Local Processing Architecture

All website content extraction, analysis, and processing occurs locally within your browser environment using client-side technologies. SurfMind operates as a secure conduit that facilitates direct communication between your browser and your chosen AI provider, without storing, processing, or accessing the content of your interactions.

The extension processes website content exclusively within your local browser session and transmits only the specific content you choose to share directly to your selected AI provider. We do not maintain servers that store, cache, or process user conversations or website content.

4.2 Third-Party AI Provider Integration

When you utilize SurfMind to interact with AI models, your data is transmitted directly to your chosen AI provider through their respective APIs. SurfMind does not act as an intermediary in these communications and does not have access to the content of your interactions with these services.

The privacy practices of these third-party AI providers are governed by their respective privacy policies

• OpenAI: OpenAI Privacy Policy
• Anthropic (Claude): Anthropic Privacy Policy
• Google (Gemini): Google Privacy Policy

Each AI provider maintains its own data retention, usage, and privacy practices. We recommend reviewing their terms of service and privacy policies to understand how your data is handled by these third-party services.

5. Data Sharing and Disclosure

5.1 Third-Party Service Providers

We may share limited technical and usage data with third-party service providers who assist us in operating the Services, providing services to you, or conducting analytics and research. These service providers are contractually obligated to protect your personal information and use it only for the purposes for which it was shared.

Such service providers may include analytics platforms for extension performance monitoring, error tracking services for debugging purposes, and customer support platforms. In all cases, we ensure that these providers adhere to strict data protection standards and use data only as necessary to provide their specific services.

5.2 Legal Requirements

We may disclose your personal information if required to do so by law, regulation, or legal process, such as a court order, subpoena, or government investigation. We may also disclose your information to protect our rights, property, or safety, or the rights, property, or safety of others.

5.3 Business Transfers

In the event of a merger, acquisition, sale of assets, or other business transfer, your personal information may be transferred to the acquiring or successor entity. We will notify you of any such transfer and the applicable privacy policies of the new entity.

6. Data Security

We implement reasonable security measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction. These security measures include physical, technical, and administrative safeguards, such as encryption protocols, secure coding practices, access controls, and security audits.

Specific security measures include:

• Encryption of data in transit using industry-standard protocols
• Secure development practices and regular code reviews
• Limited access to user data on a need-to-know basis
• Regular security assessments and vulnerability testing
• Compliance with browser extension security standards

However, no security system is 100% secure, and we cannot guarantee the absolute security of your personal information. We encourage users to take appropriate measures to protect their own data, including using secure API keys and following best practices for browser security.

7. Data Retention

We will retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including for the establishment, exercise, or defense of legal claims, and in accordance with applicable laws and regulations.

8. GDPR Compliance and User Rights

We are committed to complying with the General Data Protection Regulation (GDPR) in the European Union and similar data protection laws worldwide. If you are a resident of the European Economic Area (EEA), the United Kingdom, or other jurisdictions with applicable data protection laws, you have certain rights regarding your personal information.

Your rights include:

• Right of Access: Request access to the personal information we have about you
• Right of Rectification: Request correction of inaccurate or incomplete personal information
• Right of Erasure: Request deletion of your personal information under certain circumstances
• Right to Restrict Processing: Request limitation of processing of your personal information
• Right to Data Portability: Request a copy of your personal information in a structured, machine-readable format
• Right to Object: Object to processing of your personal information for certain purposes
• Right to Withdraw Consent: Withdraw previously given consent for data processing

To exercise these rights, please contact us using the information provided in the "Contact Us" section below. We will respond to your request within 30 days in accordance with applicable data protection laws.

9. Do Not Sell Personal Information

We do not sell your personal information to third parties for monetary consideration. However, as described in the "Data Sharing and Disclosure" section above, we may share your information with third-party service providers and in certain legal circumstances, always in accordance with the terms outlined in this Privacy Policy.

10. International Data Transfers

If you access or use our Services from outside the United States, your personal information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. We ensure that appropriate safeguards are in place for such transfers in accordance with applicable data protection laws.

For transfers to countries that do not provide an adequate level of data protection, we implement appropriate safeguards such as standard contractual clauses or other legally recognized transfer mechanisms to protect your personal information.

11. Children's Privacy

The Services are not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete the information as soon as possible.

If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately using the contact information provided below so that we can take appropriate action.

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or industry standards. When we make changes to this Privacy Policy, we will post the updated version on our website and indicate the date of the last update.

For significant changes that materially affect your privacy rights, we will provide additional notice through the extension interface or via email if we have your contact information. Your continued use of the Services after the effective date of the updated Privacy Policy constitutes your acceptance of the changes.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal information, please contact us at:

Email: [email protected]

Subject Line for Privacy Inquiries: "Privacy Policy Inquiry"