Privacy Policy
Last updated: April 1, 2026
1. Scope
This Privacy Policy applies to the gyoza website, the gyoza browser extension, and related services. It explains what data we collect, how we use it, when it stays in your browser, and when it is sent to gyoza or third-party AI providers.
2. Information We Collect
Depending on how you use gyoza, we may collect: account information such as your name, email address, and profile picture from your OAuth provider; billing and subscription information processed by Stripe; usage metadata such as timestamps, request counts, token counts, model identifiers, and status codes; and support communications you send to us.
3. Browser Extension Data Access
The gyoza browser extension is designed to help you understand and act on the page you are viewing. To provide that user-facing functionality, the extension may access the current page's URL, visible text, links, buttons, forms, input fields, recipe files you import, and other page structure needed to answer your prompt or perform an action you request. This access is limited to providing the extension's browser copilot features.
4. Data Stored Locally In Your Browser
The extension stores some data locally in Chrome storage, including your selected mode, settings, imported recipes, and session conversation history. In BYOK mode, your provider API key is stored locally in your browser and is not sent to gyoza.
5. BYOK Mode
In BYOK (Bring Your Own Key) mode, prompts, page context, and actions are sent directly from the extension to the AI provider you select, such as Anthropic, OpenAI, or Google. In this mode, gyoza does not receive your provider API key and does not proxy the content of those requests through our servers.
6. Managed Mode
In managed mode, prompts, page context, and model requests are sent to gyoza so that we can authenticate you, enforce plan limits, route requests to the selected AI provider, and return results to the extension. We do not use this data for advertising, sell it to data brokers, or use it for unrelated profiling.
7. API Request Data
We do not store the full content of managed-mode prompts or model responses as a product feature unless needed for temporary processing, abuse prevention, or support requested by you. We do log usage metadata such as timestamps, token counts, model used, status codes, and error rates for billing, rate limiting, security, and service reliability.
8. Third-Party Providers
Depending on the feature you use, data may be shared with third-party service providers that help us operate gyoza, including AI providers such as Anthropic, OpenAI, and Google and payment processors such as Stripe. Those providers handle data under their own terms and privacy policies.
9. Cookies and Authentication
On the website, we use essential cookies for authentication, session management, and OAuth flows. We do not use tracking or advertising cookies.
10. Data Storage and Security
We use HTTPS for network communications. Account and billing records are stored on secure infrastructure. Session tokens are encrypted. API keys stored on our servers for managed service integrations are protected using industry-standard security controls.
11. Data Retention
Account data is retained while your account is active. Usage logs are retained for up to 90 days unless a longer period is required for security, fraud prevention, legal compliance, or dispute resolution. Data stored locally in your browser remains there until you delete it, remove the extension, or clear browser storage.
12. Limited Use Commitments
If the browser extension accesses page content or browsing-related data, we use that data only to provide or improve the user-facing features of the extension that you request. We do not sell that data, use it for personalized advertising, or transfer it to information resellers. We do not allow humans to read that data except with your consent, when needed for security or abuse investigation, or when required by law.
13. Your Rights
You may request access to your personal data, correction of inaccurate data, deletion of your data, or export of your data, subject to applicable law. Contact us to exercise these rights.
14. Changes
We may update this policy from time to time. We will post the updated version on this page and update the "Last updated" date above. If changes are material, we may also notify you by email or through the Service.
15. Contact
For privacy-related questions, contact us at [email protected].