Privacy Policy

Last updated: 2026-06-27 · Applies to: the Cruxa browser extension and this website

The short version: Cruxa is free, needs no API key, runs no ads, and never sells your data. It collects anonymous usage stats (which you can turn off in settings) and offers an optional post-uninstall survey. It never stores your documents or browsing history. When you summarize, your request is relayed by our Cloudflare Worker (which holds the AI key) to the AI provider (DeepSeek); the Worker keeps only a short-lived, hashed daily counter for rate-limiting and never stores your documents.

1. Introduction & scope

This Privacy Policy explains how the Cruxa browser extension (the "Extension") and the Cruxa website (together, the "Service") handle information. Cruxa is an information tool that summarizes financial documents using AI. It is designed to be privacy-preserving: the Extension runs in your browser and relays each summary request through a Cloudflare Worker we operate to the AI provider, without storing your documents. By using the Service you agree to this policy.

2. Who is responsible

The Extension is provided by the individual developer of Cruxa (the "Developer", "we", "us"). There is no Cruxa account. To produce a summary, the Extension relays your request through a Cloudflare Worker we operate to the AI provider (DeepSeek); the Worker forwards the request and streams the result back, but does not store your documents (see Section 7). The AI provider acts as an independent data controller for the content forwarded to it.

3. Summary of data practices

DataWhere it livesShared withRetention
Settings (language, framework, etc.)Your browser (chrome.storage.local)No oneUntil you clear it or uninstall
Page text / selection you summarizeRelayed via our WorkerThe AI provider (DeepSeek)Not stored by Cruxa
Generated summaryShown in the side panel; cleared on closeNo oneNot stored by Cruxa
Free-tier rate-limit counter (only if you use Cruxa Free)Cloudflare KV (our Worker)No oneHashed; ~2 days
Anonymous usage events (install / open / summarize / uninstall)Cloudflare D1 (our Worker)No oneUntil deleted
Uninstall survey answers (if you submit)Cloudflare D1 (our Worker)No oneUntil deleted
Ads / ad identifiers / cookies / cross-site trackingNone.

4. Information stored locally on your device

The Extension stores the following in your browser's local extension storage (chrome.storage.local), which is not transmitted to the Developer:

This data stays on your device. You can view, change, or delete it at any time in the Extension's settings, by clearing the Extension's storage, or by uninstalling the Extension.

5. Information processed when you request a summary

When you actively trigger a summary (via the "Grab page" button, the right-click menu, or the keyboard shortcut), the Extension reads the visible text of the current page — or the specific text you selected — and combines it with the Extension's prompt. This content is transmitted to our Cloudflare Worker, which forwards it to the AI provider (DeepSeek) using a key we hold server-side (see Section 7). It is processed for that request and is not stored by Cruxa.

The page content may contain personal or sensitive information if such information is present on the page you choose to summarize. You control which pages you summarize; please avoid summarizing pages containing data you do not wish to send to the AI provider.

6. Information we do NOT collect

6a. Anonymous usage analytics & uninstall survey

To understand how Cruxa is used and improve it, the Extension sends anonymous, coarse usage events to our Cloudflare Worker (stored in Cloudflare D1):

Uninstall survey. When you uninstall, your browser opens a short, optional feedback page. It is anonymous; we record an answer only if you choose to submit it. Your random per-install id is passed along so the feedback can be associated with the same anonymous install. You can simply close the page to send nothing.

These records are not sold or shared, and are used only to improve Cruxa.

6b. Categories of data & how each is handled

For full transparency, here is every category of data and whether Cruxa handles it:

CategoryCollected?Details
Website content — the page text you summarizeYesSent via our Worker to DeepSeek to generate the brief. Not stored by us; not sold.
Product-usage activity — install / open / summarize / uninstallYes (anonymous, opt-out)Event counts and coarse metadata only — no page content, URLs, or summary text.
Personally identifiable information (name, email, address, ID)NoNo sign-up; identifiers are random and anonymous.
Authentication information (passwords, API keys)NoThe free service needs no key.
Financial & payment informationNoCruxa is free. (Figures inside the documents you summarize count as "website content," above.)
Health informationNo
Personal communications (email, chat, SMS)No
Location / geolocationNoAn IP may be used transiently as a rate-limit fallback and is hashed; never stored as location.
Web history — the pages you visitNoOnly the single page you explicitly summarize is read.
Cookies / ad identifiers / cross-site trackingNoNone.

7. The AI provider (DeepSeek)

To generate summaries, Cruxa relays your request through our Cloudflare Worker to DeepSeek, which processes the content under its own terms and privacy policy, over which Cruxa has no control. DeepSeek acts as an independent data controller for the content forwarded to it. DeepSeek's privacy policy: deepseek.com.

7a. The hosted service & rate limiting

Cruxa is free and needs no API key. Every summary is handled by our Cloudflare Worker:

7b. Service providers (subprocessors)

Cruxa relies on these providers to deliver the free service. Each processes data only as needed for the functions below; we use no analytics, advertising, or tracking third parties.

ProviderRoleData it handles
Cloudflare (Workers, KV, D1, Pages)Hosts the summarization relay, rate-limit counters, anonymous analytics, and this websitePage text in transit (not stored); hashed rate-limit counters (~2 days); anonymous usage events & optional uninstall-survey answers
DeepSeekThe AI model that produces the summaryThe page text and prompt forwarded for that request, under DeepSeek's own policy

8. How information is used & legal bases

The locally stored data is used solely to provide the Extension's single function — generating the summary you request:

Where the EU/UK GDPR applies, our processing on your device rests on your consent and on the performance of the service you requested (Art. 6(1)(a) and (b)). Because the Developer never receives your data, most controller obligations are fulfilled by keeping settings local and not storing your documents. DeepSeek processes the forwarded content under its own legal basis.

9. Data sharing & "sale" of data

We do not sell, rent, or share your personal information with anyone. We do not disclose data to advertisers or data brokers. The only transfer of your content is the summary request relayed to the AI provider (DeepSeek). Under the California Consumer Privacy Act (CCPA/CPRA), we do not "sell" or "share" personal information, and we have no data to disclose because we collect none.

10. Data retention

Locally stored settings persist in your browser until you delete them, clear the Extension's storage, or uninstall the Extension. Page content and generated summaries are not persisted by Cruxa beyond the active session in the side panel. Anonymous analytics in our Cloudflare D1 are retained until deleted; the rate-limit counter expires in about two days. Retention of content forwarded to DeepSeek is governed by DeepSeek.

11. Data security

Locally stored data is protected by your browser's extension storage isolation and your device's security. Requests are sent over encrypted HTTPS/TLS. No method of storage or transmission is 100% secure; you are responsible for safeguarding your device.

12. International data transfers

When your content is forwarded to the AI provider (DeepSeek), it may be processed on servers located in other countries. Those transfers and any associated safeguards are handled by the provider under its own policy.

13. Your rights & choices

Depending on your location, you may have rights to access, correct, delete, or port your personal data, or to object to or restrict processing. Because Cruxa stores your data only on your device and we hold nothing, you can exercise these directly:

You may also contact us (Section 18) with any privacy question.

14. Browser permissions explained

15. Children's privacy

Cruxa is a tool for investors and professionals and is not directed to children under 13 (or the minimum age in your jurisdiction). We do not knowingly collect data from children.

16. Do Not Track & tracking technologies

Cruxa uses no cookies, web beacons, or tracking technologies, so there is nothing to enable or disable. There is no cross-site or cross-session tracking.

17. Chrome Web Store Limited Use disclosure

Cruxa's handling of user data complies with the Chrome Web Store User Data Policy, including the Limited Use requirements. Specifically: we only access data necessary for the single purpose of summarizing the document you choose; we do not transfer that data to the Developer or any third party except the AI provider (DeepSeek) to fulfill your request; we do not use it for advertising; and we do not sell it or use it to build unrelated profiles.

18. Third-party links

The Service may link to third-party sites (e.g. provider consoles). We are not responsible for their content or privacy practices.

19. Changes to this policy

We may update this policy from time to time. Material changes will be posted here with a new "Last updated" date. Continued use after changes constitutes acceptance.

20. Contact

Questions or requests regarding this policy: admin@corebits.app.

← Back to Cruxa