Privacy Policy
Last updated: 2026-06-27 · Applies to: the Cruxa browser extension and this website
The short version: Cruxa is free, needs no API key, runs no ads, and never sells your data. It collects anonymous usage stats (which you can turn off in settings) and offers an optional post-uninstall survey. It never stores your documents or browsing history. When you summarize, your request is relayed by our Cloudflare Worker (which holds the AI key) to the AI provider (DeepSeek); the Worker keeps only a short-lived, hashed daily counter for rate-limiting and never stores your documents.
1. Introduction & scope
This Privacy Policy explains how the Cruxa browser extension (the "Extension") and the Cruxa website (together, the "Service") handle information. Cruxa is an information tool that summarizes financial documents using AI. It is designed to be privacy-preserving: the Extension runs in your browser and relays each summary request through a Cloudflare Worker we operate to the AI provider, without storing your documents. By using the Service you agree to this policy.
2. Who is responsible
The Extension is provided by the individual developer of Cruxa (the "Developer", "we", "us"). There is no Cruxa account. To produce a summary, the Extension relays your request through a Cloudflare Worker we operate to the AI provider (DeepSeek); the Worker forwards the request and streams the result back, but does not store your documents (see Section 7). The AI provider acts as an independent data controller for the content forwarded to it.
3. Summary of data practices
| Data | Where it lives | Shared with | Retention |
|---|---|---|---|
| Settings (language, framework, etc.) | Your browser (chrome.storage.local) | No one | Until you clear it or uninstall |
| Page text / selection you summarize | Relayed via our Worker | The AI provider (DeepSeek) | Not stored by Cruxa |
| Generated summary | Shown in the side panel; cleared on close | No one | Not stored by Cruxa |
| Free-tier rate-limit counter (only if you use Cruxa Free) | Cloudflare KV (our Worker) | No one | Hashed; ~2 days |
| Anonymous usage events (install / open / summarize / uninstall) | Cloudflare D1 (our Worker) | No one | Until deleted |
| Uninstall survey answers (if you submit) | Cloudflare D1 (our Worker) | No one | Until deleted |
| Ads / ad identifiers / cookies / cross-site tracking | None. | ||
4. Information stored locally on your device
The Extension stores the following in your browser's local extension storage (chrome.storage.local), which is not transmitted to the Developer:
- Preferences: interface/output language, your analytics opt-out choice, and your optional personal analysis framework text.
- A random per-install id (for anonymous analytics; see Section 6a).
This data stays on your device. You can view, change, or delete it at any time in the Extension's settings, by clearing the Extension's storage, or by uninstalling the Extension.
5. Information processed when you request a summary
When you actively trigger a summary (via the "Grab page" button, the right-click menu, or the keyboard shortcut), the Extension reads the visible text of the current page — or the specific text you selected — and combines it with the Extension's prompt. This content is transmitted to our Cloudflare Worker, which forwards it to the AI provider (DeepSeek) using a key we hold server-side (see Section 7). It is processed for that request and is not stored by Cruxa.
The page content may contain personal or sensitive information if such information is present on the page you choose to summarize. You control which pages you summarize; please avoid summarizing pages containing data you do not wish to send to the AI provider.
6. Information we do NOT collect
- No accounts, names, emails, or contact details (there is no sign-up).
- No browsing history, and no monitoring of pages you do not explicitly summarize.
- No page content, URLs, or summary text in our analytics (see Section 6a).
- No advertising, ad identifiers, cookies, or cross-site tracking.
- No payment information (the Extension is free).
6a. Anonymous usage analytics & uninstall survey
To understand how Cruxa is used and improve it, the Extension sends anonymous, coarse usage events to our Cloudflare Worker (stored in Cloudflare D1):
- What: the event type (
install,open,summarize,uninstall), a random per-install id, the extension version, and for a summary the chosen provider and language. Never the page content, the page URL, your selection, the prompt, or the summary. - Random per-install id: a UUID created on first run and stored locally. It is not your identity and is not the rate-limit fingerprint; clearing the Extension's storage resets it.
- Opt out anytime: turn off "Share anonymous usage stats" in the Extension's settings — then no events are sent.
Uninstall survey. When you uninstall, your browser opens a short, optional feedback page. It is anonymous; we record an answer only if you choose to submit it. Your random per-install id is passed along so the feedback can be associated with the same anonymous install. You can simply close the page to send nothing.
These records are not sold or shared, and are used only to improve Cruxa.
6b. Categories of data & how each is handled
For full transparency, here is every category of data and whether Cruxa handles it:
| Category | Collected? | Details |
|---|---|---|
| Website content — the page text you summarize | Yes | Sent via our Worker to DeepSeek to generate the brief. Not stored by us; not sold. |
| Product-usage activity — install / open / summarize / uninstall | Yes (anonymous, opt-out) | Event counts and coarse metadata only — no page content, URLs, or summary text. |
| Personally identifiable information (name, email, address, ID) | No | No sign-up; identifiers are random and anonymous. |
| Authentication information (passwords, API keys) | No | The free service needs no key. |
| Financial & payment information | No | Cruxa is free. (Figures inside the documents you summarize count as "website content," above.) |
| Health information | No | — |
| Personal communications (email, chat, SMS) | No | — |
| Location / geolocation | No | An IP may be used transiently as a rate-limit fallback and is hashed; never stored as location. |
| Web history — the pages you visit | No | Only the single page you explicitly summarize is read. |
| Cookies / ad identifiers / cross-site tracking | No | None. |
7. The AI provider (DeepSeek)
To generate summaries, Cruxa relays your request through our Cloudflare Worker to DeepSeek, which processes the content under its own terms and privacy policy, over which Cruxa has no control. DeepSeek acts as an independent data controller for the content forwarded to it. DeepSeek's privacy policy: deepseek.com.
7a. The hosted service & rate limiting
Cruxa is free and needs no API key. Every summary is handled by our Cloudflare Worker:
- Your request (the page text and prompt, along with a hashed device fingerprint described below, used only for rate limiting) is sent to the Cruxa Worker, a Cloudflare Worker we operate, which forwards it to DeepSeek using a provider key we hold server-side, and streams the result back to you.
- The Worker does not store your document content, your prompt, or the generated summary.
- The rate-limit identifier is a privacy-preserving fingerprint: a SHA-256 hash of coarse, stable device signals — screen size and color depth, pixel ratio, CPU core count, device memory, platform, time zone, and language. It deliberately excludes canvas, WebGL, and audio fingerprinting. It is computed on the fly (not stored on your device) and is sent only in the free tier.
- For abuse prevention and cost control, the Worker keeps a short-lived daily request counter in Cloudflare KV, keyed by a further hash of that fingerprint and the date (the raw signals and any IP are never stored), retained about two days. It is used only for rate limiting, not profiling or advertising.
- DeepSeek processes the forwarded content under its own privacy policy.
7b. Service providers (subprocessors)
Cruxa relies on these providers to deliver the free service. Each processes data only as needed for the functions below; we use no analytics, advertising, or tracking third parties.
| Provider | Role | Data it handles |
|---|---|---|
| Cloudflare (Workers, KV, D1, Pages) | Hosts the summarization relay, rate-limit counters, anonymous analytics, and this website | Page text in transit (not stored); hashed rate-limit counters (~2 days); anonymous usage events & optional uninstall-survey answers |
| DeepSeek | The AI model that produces the summary | The page text and prompt forwarded for that request, under DeepSeek's own policy |
8. How information is used & legal bases
The locally stored data is used solely to provide the Extension's single function — generating the summary you request:
- Your preferences tailor the output (language, framework).
- Page text is the input to be summarized.
Where the EU/UK GDPR applies, our processing on your device rests on your consent and on the performance of the service you requested (Art. 6(1)(a) and (b)). Because the Developer never receives your data, most controller obligations are fulfilled by keeping settings local and not storing your documents. DeepSeek processes the forwarded content under its own legal basis.
9. Data sharing & "sale" of data
We do not sell, rent, or share your personal information with anyone. We do not disclose data to advertisers or data brokers. The only transfer of your content is the summary request relayed to the AI provider (DeepSeek). Under the California Consumer Privacy Act (CCPA/CPRA), we do not "sell" or "share" personal information, and we have no data to disclose because we collect none.
10. Data retention
Locally stored settings persist in your browser until you delete them, clear the Extension's storage, or uninstall the Extension. Page content and generated summaries are not persisted by Cruxa beyond the active session in the side panel. Anonymous analytics in our Cloudflare D1 are retained until deleted; the rate-limit counter expires in about two days. Retention of content forwarded to DeepSeek is governed by DeepSeek.
11. Data security
Locally stored data is protected by your browser's extension storage isolation and your device's security. Requests are sent over encrypted HTTPS/TLS. No method of storage or transmission is 100% secure; you are responsible for safeguarding your device.
12. International data transfers
When your content is forwarded to the AI provider (DeepSeek), it may be processed on servers located in other countries. Those transfers and any associated safeguards are handled by the provider under its own policy.
13. Your rights & choices
Depending on your location, you may have rights to access, correct, delete, or port your personal data, or to object to or restrict processing. Because Cruxa stores your data only on your device and we hold nothing, you can exercise these directly:
- Access / change: open the Extension's settings.
- Delete: clear the Extension's storage or uninstall the Extension; this removes your settings.
- Data sent to a provider: contact that provider to exercise rights over data you transmitted to it.
You may also contact us (Section 18) with any privacy question.
14. Browser permissions explained
storage— save your settings locally.activeTab+scripting— read the text of the current page only when you trigger a summary.sidePanel— display the Cruxa panel.contextMenus— provide the right-click "Summarize" entry.- Required host access — limited to the AI providers' official API domains, so the Extension can send your request.
- Optional host access — broad page access is requested only the first time you grab a page, so the Extension can read the document you want summarized. It does not run in the background.
15. Children's privacy
Cruxa is a tool for investors and professionals and is not directed to children under 13 (or the minimum age in your jurisdiction). We do not knowingly collect data from children.
16. Do Not Track & tracking technologies
Cruxa uses no cookies, web beacons, or tracking technologies, so there is nothing to enable or disable. There is no cross-site or cross-session tracking.
17. Chrome Web Store Limited Use disclosure
Cruxa's handling of user data complies with the Chrome Web Store User Data Policy, including the Limited Use requirements. Specifically: we only access data necessary for the single purpose of summarizing the document you choose; we do not transfer that data to the Developer or any third party except the AI provider (DeepSeek) to fulfill your request; we do not use it for advertising; and we do not sell it or use it to build unrelated profiles.
18. Third-party links
The Service may link to third-party sites (e.g. provider consoles). We are not responsible for their content or privacy practices.
19. Changes to this policy
We may update this policy from time to time. Material changes will be posted here with a new "Last updated" date. Continued use after changes constitutes acceptance.
20. Contact
Questions or requests regarding this policy: admin@corebits.app.
← Back to Cruxa