Orion - Privacy Policy

1 Overview

Orion is a Manifest V3 Chrome extension that acts as an AI-powered browser assistant. It is designed with a privacy-first architecture: the extension can operate entirely on your local machine with zero data leaving your device, or optionally connect to cloud AI providers using API keys that you supply and control.

      Core principle: Orion has no telemetry, no analytics, no tracking, and no data collection infrastructure of any kind. We do not operate servers that receive your data. The extension runs entirely within your browser.
    

2 Data Collection

Orion does not collect, transmit, or store any user data on external servers. Specifically:

No browsing history is recorded or transmitted.
No personal information is gathered.
No usage analytics or telemetry of any kind exist in the codebase.
No cookies are set for tracking purposes.
No data is sold, shared, or disclosed to third parties.
No advertising networks or marketing tools are integrated.

All data that Orion works with -- your settings, vault entries, conversation history, and API keys -- is stored locally in your browser's own storage (IndexedDB / Chrome Storage API) and never leaves your machine unless you explicitly choose to use a cloud AI provider, in which case only the specific prompt content is sent to that provider's API endpoint.

3 Local vs Cloud Mode

Orion supports two operating modes. You choose which one to use.

Local Mode (LM Studio)

AI runs entirely on your machine
Zero data leaves your device
Connects only to localhost / 127.0.0.1
No internet connection required for AI
Maximum privacy guarantee

Cloud Mode (Optional)

Uses your own API keys
Supported: Google Gemini, OpenAI, Anthropic
Only prompt content is transmitted
Keys stored locally, never sent to us
Subject to each provider's privacy policy

      Important: When using cloud mode, the content of your prompts and the page context you provide are sent to the selected AI provider's API. This is a direct connection between your browser and that provider -- Orion does not proxy, log, or intercept this traffic. Review the privacy policy of your chosen provider (Google, OpenAI, or Anthropic) to understand how they handle API requests.
    

4 Permissions Explained

Chrome extensions must declare the permissions they require. Below is every permission Orion requests, along with why it is needed. No permission is used beyond its stated purpose.

Permission	Why Orion Needs It
storage	Save your settings, preferences, and conversation history locally in Chrome's storage.
unlimitedStorage	Allow vault data, embeddings, and conversation history to exceed Chrome's default 10 MB storage quota.
tabs	Read tab titles and URLs to provide context-aware assistance and manage tabs within the Orion tab group.
tabGroups	Create and manage a dedicated tab group so Orion only interacts with tabs you explicitly assign to it.
activeTab	Access the content of the currently active tab when you invoke Orion, scoped to only the tab you are viewing.
sidePanel	Display Orion's chat interface in Chrome's built-in side panel.
scripting	Inject content scripts to read page content or perform actions (e.g., form filling) on pages within the Orion tab group.
webNavigation	Detect when pages finish loading within the tab group so Orion can respond to navigation events.
alarms	Schedule periodic background tasks such as monitoring checks at intervals you configure.
offscreen	Create offscreen documents for operations that require a DOM context (e.g., processing screenshots or clipboard operations) without visible windows.
debugger	Use the Chrome DevTools Protocol (CDP) to perform reliable, trusted browser interactions (clicks, typing) on pages within the Orion tab group. Limited Use Disclosure: This sensitive permission is used exclusively for browser automation within user-designated tabs—never for monitoring, data collection, or surveillance.
contextMenus	Add right-click menu options so you can send selected text or page content to Orion for processing.

Host Permissions

Host	Why Orion Needs It
localhost / 127.0.0.1	Connect to local AI services running on your machine: LM Studio, MemPalace (vector embeddings), and Whisper (speech-to-text).
<all_urls>	Read and interact with page content on any website within the Orion tab group. Required because tab group pages can be on any domain. Limited Use Disclosure: Despite the broad permission, access is strictly limited to tabs you explicitly place in the Orion tab group. Your other browser tabs, history, and bookmarks are never accessed. Data from accessed pages is processed locally or sent only to your chosen AI provider—never to Orion's developers.

Host

Why Orion Needs It

localhost / 127.0.0.1

Connect to local AI services running on your machine: LM Studio, MemPalace (vector embeddings), and Whisper (speech-to-text).

<all_urls>

Read and interact with page content on any website within the Orion tab group. Required because tab group pages can be on any domain. Limited Use Disclosure: Despite the broad permission, access is strictly limited to tabs you explicitly place in the Orion tab group. Your other browser tabs, history, and bookmarks are never accessed. Data from accessed pages is processed locally or sent only to your chosen AI provider—never to Orion's developers.

5 Storage & Encryption

All persistent data is stored locally within your browser using Chrome's Storage API and IndexedDB. Nothing is stored on remote servers.

Settings and preferences are saved in Chrome's local storage and synced only if you enable Chrome Sync (a Chrome feature, not controlled by Orion).
API keys are stored in Chrome's local storage on your device. They are never transmitted to the developer or any third party -- they are sent only to the respective AI provider's API endpoint when you make a request.
Vault data is encrypted using AES-GCM (256-bit) via the Web Crypto API. Access requires a user-defined PIN. The encryption key is derived from your PIN and never stored in plaintext.
Conversation history is stored locally in IndexedDB and is not transmitted anywhere.

      Encryption details: The vault uses AES-GCM authenticated encryption, which provides both confidentiality and integrity. Each entry is encrypted individually. Without your PIN, the encrypted data is computationally infeasible to recover.
    

6 Third-Party Services

Orion can optionally connect to the following services. All connections are initiated by you and configured with your own credentials. the developer has no access to your accounts or API keys.

LM Studio (local) -- Runs on your machine. No external network traffic.
MemPalace (local) -- Local vector embedding service for semantic search. Runs on your machine.
Whisper (local) -- Local speech-to-text transcription. Runs on your machine.
Google Gemini API (cloud, optional) -- Prompt content is sent to Google's API. Subject to Google's API Terms of Service.
OpenAI API (cloud, optional) -- Prompt content is sent to OpenAI's API. Subject to OpenAI's Terms of Use.
Anthropic API (cloud, optional) -- Prompt content is sent to Anthropic's API. Subject to Anthropic's Terms of Service.

No data is shared with advertising networks, data brokers, or any other third parties not listed above.

7 Tab Isolation

Despite holding the <all_urls> host permission, Orion enforces strict self-imposed boundaries on which tabs it accesses:

Orion creates a dedicated tab group with a distinct color in your browser.
It only reads content from and interacts with tabs that are inside this tab group.
Tabs are only added to the group when you explicitly open them through Orion or manually add them.
Your other browser tabs, bookmarks, history, and browsing activity outside the tab group are never accessed.
The side panel only activates on tabs within the Orion tab group.

      In practice: If you have 50 tabs open and only 3 are in the Orion tab group, Orion can only see those 3 tabs. The other 47 are invisible to it.
    

8 Data Retention & Deletion

All data stored by Orion is local to your browser and remains under your direct control. There are no external servers collecting or retaining your data.

Automatic retention: Data persists in your browser storage until you explicitly delete it or uninstall the extension.
Manual deletion: You can clear conversation history, vault entries, and settings at any time through the extension's interface.
Uninstall: Removing the extension from Chrome completely deletes all locally stored data associated with Orion.
No remote backup: We do not maintain backups of your data. Once deleted locally, it is permanently gone.

      Your control: Because all data is stored locally, you have complete control over retention and deletion. No requests to external parties are required to remove your data.
    

9 Your Rights

Since Orion operates entirely locally and collects no data on external servers, you have complete control over your information:

Access: All your data is stored in Chrome's local storage and IndexedDB, accessible through browser developer tools or the extension interface.
Deletion: Clear individual items (conversations, vault entries) through the UI, or uninstall the extension to remove all data.
Portability: Export your vault data or conversation history through the extension's export features.
Control: Choose between local-only mode (zero external connections) or cloud mode with providers of your choice.
Transparency: Full source code available on GitHub for audit and verification of privacy claims.
No tracking opt-out needed: There is no tracking, analytics, or telemetry to opt out of—none exists in the codebase.

10 Security Measures

Orion implements multiple security layers to protect your data:

Manifest V3 compliance: Built using Chrome's latest security architecture with enhanced permission controls.
AES-GCM encryption: Vault data encrypted with 256-bit keys derived from your PIN using PBKDF2 key derivation.
Content Security Policy: Strict CSP prevents injection attacks and unauthorized script execution.
Tab group isolation: Extension only accesses tabs you explicitly assign to the Orion group, not your entire browser.
API key security: Your API keys are stored locally in Chrome storage, never transmitted to our servers (we don't have any).
No remote code execution: All code is bundled with the extension—no external scripts loaded at runtime.
HTTPS-only APIs: All cloud AI provider connections use encrypted HTTPS endpoints.
Local mode option: Use local AI models for zero-trust, air-gapped operation with no internet requirement.

      Security philosophy: The most secure data is data that never leaves your device. Orion's architecture prioritizes local-first operation and gives you full control over when and what data is shared with cloud services.
    

11 Compliance

Orion's privacy-first design aligns with major data protection regulations:

Chrome Web Store policies: Complies with Google's Developer Program Policies, including Limited Use requirements for sensitive permissions.
No personal data collection: We do not collect, process, or store personal data on external servers, eliminating most regulatory obligations.
Sensitive permissions justification: The debugger permission is used solely for reliable browser automation within your explicitly assigned tab group—never for monitoring or data extraction.
Transparency: Open-source codebase allows independent verification of privacy claims.
User consent: Cloud AI features require explicit configuration with your own API keys—no data is sent without your action.
Data minimization: Only essential data (page context for AI prompts) is processed, and only when you invoke the assistant.

      Important note: If you use cloud AI providers (Gemini, OpenAI, Anthropic), their respective privacy policies and compliance obligations apply to the data you send through their APIs. Review each provider's GDPR, CCPA, and other compliance statements if you operate under specific regulatory requirements.
    

12 Updates to This Policy

If this privacy policy is updated, changes will be published on this page with a revised effective date. For material changes that affect how your data is handled, a notice will be included in the extension's changelog.

Because Orion collects no data and operates no servers, policy changes are expected to be infrequent and will generally only reflect new features or permission changes.

13 Contact

If you have questions about this privacy policy, the extension's data practices, or anything else, reach out to us:

Karen Sargsyan

Email: sargsyansk@gmail.com

GitHub: github.com/karensargsyan