Privacy Policy for Glot - Contextual AI Translator
Last Updated: May 26, 2026
Overview
Glot ("the Extension") is committed to protecting your privacy. This Privacy Policy describes in detail what data we collect, how we use it, how we store it, and how we share it when you use our Chrome Extension.
User Consent and When Data Is Sent
Glot does not continuously upload browsing activity. Translation content is processed only after you intentionally request translation, such as by selecting text and using the keyboard shortcut, right-click menu, or translation UI. Account and subscription data is processed only when you sign in, start a trial, refresh entitlement status, or manage a paid plan.
You can use Bring Your Own API Key mode to send translation requests directly from your browser to the AI provider you choose. You can also clear locally stored settings and API keys at any time from the Extension options page or by uninstalling the Extension.
Information We Collect and Process
Depending on how you use the Extension, we may collect or process the following information. "Collect" includes information stored by Glot servers; "process" includes information transmitted in real time only to provide the requested translation.
1. Account Data (collected when you register or sign in)
- Email address: Used to create and verify your Glot account.
- User ID: A unique identifier automatically generated at registration, used to associate your account with your subscription status.
- Authentication tokens: Session tokens stored locally in
chrome.storage.localto keep you signed in.
2. Subscription & Payment Data
- Subscription status: Your plan type (free trial, premium) and expiry date, stored on our servers to verify service entitlements.
- Stripe customer ID: Generated when you process a payment through Stripe, used to manage your subscription. We do not store full payment card details.
- Trial period data: The start and end dates of the 7-day free trial automatically granted at signup.
3. Translation Content (only when using the built-in hosted translation service)
- Selected text & page context: When you intentionally request a translation using Glot's built-in hosted translation service, the selected text and the minimum necessary surrounding page context are proxied through our servers to the AI provider. Our servers do not persistently store translation content — they act solely as a real-time relay.
If you use Bring Your Own API Key mode, translation content is sent directly from your browser to your configured AI service (e.g., DeepSeek, OpenAI, Anthropic, or local Ollama) and does not pass through our servers.
4. Locally Stored Data
The Extension uses chrome.storage to save the following on your local device:
- Your API Keys and provider configurations
- Target language and translation preferences
- Prompt configurations, UI preferences, and shortcut settings
- Supabase authentication session tokens
This data stays on your local device (and may sync across your devices via Chrome Sync if enabled). The Extension itself does not upload this data to our servers.
5. Technical & Diagnostic Data
- Operational metadata: When you use hosted translation, our infrastructure may process limited technical metadata such as request IDs, route IDs, proxy identifiers, model identifiers, request timing, response status, and error details for reliability, abuse prevention, and debugging.
- Account-linked service metadata: Our managed service may process your user ID and entitlement status to verify whether you can access hosted translation features.
Data Handling Summary
| Data category | Collected / processed | Stored | Shared with |
|---|---|---|---|
| Email address, user ID, auth session | When you register, sign in, or refresh your session | Supabase account database; auth tokens in local browser storage | Supabase |
| Subscription status and Stripe customer ID | When you start a trial, upgrade, renew, or check entitlement status | Supabase subscription records; Stripe billing systems | Supabase and Stripe |
| Selected text and necessary page context | Only when you request a translation | Not persistently stored by Glot in hosted mode | Hosted AI providers via Glot's relay, or your chosen BYOK provider directly from your browser |
| API keys, provider settings, target language, prompts, UI preferences | When you save settings in the Extension | Local browser storage on your device; Chrome Sync may sync it if enabled | Not uploaded to Glot servers |
| Operational logs and diagnostic metadata | When hosted translation or account services are used | Temporary infrastructure logs for reliability, security, abuse prevention, and debugging | Cloudflare and infrastructure providers needed to operate the service |
How We Use Your Information
- Account management: We use your email address and user ID to create, verify, and manage your account.
- Service authorization: We check your subscription status and trial period to determine whether you are entitled to use the built-in translation service.
- Translation proxy: In hosted mode, we relay your translation requests to an AI provider and immediately discard the content — we do not retain it.
- Payment processing: We use Stripe to process premium subscriptions and update your subscription status on our servers.
- Reliability, security, and debugging: We use limited technical and diagnostic metadata to operate the service, investigate failures, prevent abuse, and improve reliability.
- We do not sell your personal data or use it for advertising purposes.
Data Storage
- Server-side: Account information (email, user ID) and subscription status are stored in a Supabase-hosted database located in the United States. Data is retained until you delete your account.
- Local device: API Keys, preferences, and authentication tokens are stored in
chrome.storage.localon your device (and may sync via Chrome Sync). - Translation content: Proxied in real time in hosted mode — never persistently stored on any server.
- Technical logs: Limited operational logs may be retained temporarily by our service infrastructure for reliability, security, abuse prevention, and debugging purposes, according to our infrastructure providers' retention controls.
Data Sharing
We only share data with third parties as described below. We do not sell or disclose your information for any other purpose.
- Supabase (Privacy Policy): Used for user authentication and account database storage. Supabase servers are located in the United States.
- Stripe (Privacy Policy): Used to process premium subscription payments. Payment details are handled directly by Stripe; we do not store card information.
- OpenAI (Privacy Policy): Used as one hosted translation provider for processing translation requests.
- Cloudflare Workers AI (Privacy Policy): Used as one hosted translation provider and supporting network infrastructure for processing translation requests.
- User-selected AI providers: In Bring Your Own API Key mode, translation text is sent directly from your browser to the provider you configure, such as OpenAI, Anthropic, DeepSeek, or a local Ollama endpoint, without passing through our servers.
- Cloudflare (Privacy Policy): Used for request routing and network proxy infrastructure.
Permissions Justification
storage: Required to save your API keys, preferences, extension settings, and Supabase authentication session locally.activeTab&tabs&<all_urls>: Required to read the context of the page you are translating and to render the translation UI over web pages, including PDFs and local files.contextMenus: Required to provide the right-click translation shortcut.scripting&webNavigation: Required to properly inject the translation overlay, PDF.js integration, and LaTeX rendering components.
Chrome Web Store Limited Use Disclosure
Glot's use of information received from Chrome APIs complies with the Chrome Web Store User Data Policy, including the Limited Use requirements. We use user data only to provide and improve user-facing translation features, do not sell it, do not use it for personalized advertising, and do not allow humans to read translation content except where required for security, legal compliance, or with the user's explicit consent.
Your Rights and Controls
- Access your data: You can view your account information and subscription status in the Extension's options page.
- Choose translation routing: You can use hosted translation or Bring Your Own API Key mode. BYOK mode sends translation content directly to your configured provider instead of through Glot servers.
- Clear local data: You can remove API keys, provider settings, and other local settings from the Extension options page, by clearing extension data in Chrome settings, or by uninstalling the Extension.
- Delete your data: To delete your account and associated server-side data, please contact us using the information below. We will process your request within a reasonable timeframe.
Changes to this Policy
We may update this privacy policy from time to time. Any changes will be reflected on this page, with the date at the top updated accordingly.
Contact
If you have any questions about this privacy policy, wish to exercise your data rights, or want to delete your account, please contact the developer via GitHub or the support links provided in the Chrome Web Store.