Back to LocalAI

Privacy Policy

LocalAI Browser Extension & Web Application

Last Updated: December 30, 2024

Effective Date: December 30, 2024

1. Introduction

CORDOC LLC ("Company", "we", "our", or "us") operates the LocalAI browser extension and web application at localai.im (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using LocalAI, you consent to the data practices described in this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

Company Information:

CORDOC LLC
4030 Wake Forest Rd St 349
Raleigh, NC 27609-0010
United States

2. Information We Collect

2.1 Personal Information (When You Sign In)

When you choose to sign in using Google OAuth, we collect:

  • Email address - Used for account identification and communication
  • Display name - Used to personalize your experience
  • Profile picture URL - Used to display your avatar in the interface
  • Google User ID - Used as a unique identifier for your account

Note: Sign-in is optional. You can use LocalAI's local AI features without creating an account.

2.2 Subscription & Payment Information

If you subscribe to our PRO plan, we store:

  • Subscription status - Whether you have an active PRO subscription
  • Subscription tier - Your plan type (free or pro)
  • Stripe Customer ID - Reference to your Stripe account for billing

Note: We do not store credit card numbers or full payment details. All payment processing is handled securely by Stripe.

2.3 Data Stored Locally on Your Device

The following data is stored only on your device and never transmitted to our servers:

  • AI model files - Downloaded once from Hugging Face, cached in IndexedDB
  • Local prompts - Custom prompts you create (unless you enable cloud sync)
  • Extension settings - Your preferences and configuration
  • Authentication tokens - Temporary tokens for maintaining your session
  • Webpage content - Content processed by local AI never leaves your device

2.4 Data Stored in the Cloud (PRO Users, Opt-In Only)

PRO subscribers who explicitly enable cloud features may have the following stored:

  • Cloud-synced prompts - Custom prompts you choose to sync across devices
  • Encrypted API keys - Your Gemini API key (BYOK), encrypted with AES-256-GCM
  • Extension settings - Settings you choose to sync

2.5 Automatically Collected Information

When you visit our website (localai.im), we automatically collect:

  • Usage data - Pages visited, time spent, click patterns (via Google Analytics)
  • Device information - Browser type, operating system, screen resolution
  • IP address - Anonymized for analytics purposes

2.6 Information NOT Collected

We explicitly do NOT collect:

  • Content you process with local AI (stays on your device)
  • Browsing history or web activity outside our Service
  • Passwords or authentication credentials (handled by Google OAuth)
  • Financial information beyond subscription status
  • Location data
  • Health or biometric information

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Account Management: To create and manage your account, authenticate your identity, and maintain your subscription
  • Service Delivery: To provide the LocalAI extension and web application features
  • Cloud Sync (PRO): To synchronize your prompts and settings across devices when you enable this feature
  • Payment Processing: To process subscription payments via Stripe
  • Communication: To respond to your inquiries and provide customer support
  • Service Improvement: To analyze usage patterns and improve our Service
  • Legal Compliance: To comply with applicable laws and regulations

4. Data Sharing and Third-Party Services

We share your information with the following third parties:

Google (Authentication & APIs)

Purpose: User authentication via Google OAuth, Google Analytics for website analytics

Data Shared: Email, name, profile picture (during sign-in); anonymized usage data (analytics)

Privacy Policy: policies.google.com/privacy

Google Firebase / Firestore

Purpose: User account storage, cloud sync for PRO features

Data Shared: User ID, email, subscription status, cloud-synced prompts (PRO), encrypted API keys (PRO)

Privacy Policy: firebase.google.com/support/privacy

Google Gemini API (BYOK Mode Only)

Purpose: Cloud AI processing when users enable BYOK (Bring Your Own Key) mode

Data Shared: Content you choose to process with cloud AI (sent directly to Google, not stored by us)

Privacy Policy: ai.google.dev/terms

Stripe

Purpose: Payment processing for PRO subscriptions

Data Shared: Email address, payment information (handled directly by Stripe)

Privacy Policy: stripe.com/privacy

Hugging Face

Purpose: AI model file hosting and downloads

Data Shared: Standard HTTP request data (IP address, user agent) when downloading models

Privacy Policy: huggingface.co/privacy

Web3Forms / hCaptcha

Purpose: Contact form submission and spam prevention

Data Shared: Name, email, and message content when you submit the contact form

Privacy Policy: web3forms.com/privacy

We Do NOT:

  • Sell your personal information to third parties
  • Share your data for advertising purposes
  • Provide your information to data brokers
  • Use your content to train AI models

5. Data Storage and Security

5.1 Where Your Data is Stored

Data TypeStorage LocationEncryption
AI ModelsYour device (IndexedDB)Browser-managed
Local SettingsYour device (Chrome Storage)Browser-managed
Authentication TokensYour device (Chrome Storage)Browser-managed
Account InformationGoogle Firebase (US servers)Encrypted at rest
Cloud Prompts (PRO)Google Firestore (US servers)Encrypted at rest
API Keys (PRO)Google Firestore (US servers)AES-256-GCM encryption

5.2 Security Measures

  • All data transmission uses HTTPS/TLS encryption
  • API keys are encrypted using AES-256-GCM before storage
  • Firebase/Firestore data is encrypted at rest
  • Google OAuth ensures secure authentication without password storage
  • Regular security audits and updates

6. Data Retention

We retain your information for the following periods:

  • Account Data: Retained while your account is active. Deleted within 30 days of account deletion request.
  • Subscription Data: Retained for 7 years for tax and legal compliance purposes.
  • Cloud-Synced Prompts: Retained while your account is active. Deleted immediately upon your request or account deletion.
  • Analytics Data: Anonymized and aggregated; retained for up to 26 months by Google Analytics.
  • Local Data: Stored on your device until you clear it; we have no access to this data.

7. Your Rights and Choices

7.1 All Users

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your account and associated data
  • Portability: Request your data in a portable format
  • Objection: Object to processing of your personal data
  • Withdraw Consent: Withdraw consent for data processing at any time

7.2 How to Exercise Your Rights

  • Delete Local Data: Clear extension data via Chrome Settings > Extensions > LocalAI > Clear Data
  • Delete Cloud Data: Use the "Delete Account" option in Settings, or contact us
  • Opt Out of Analytics: Use browser extensions like Google Analytics Opt-out
  • Contact Us: Email privacy@localai.im for any data requests

7.3 GDPR Rights (European Users)

If you are in the European Economic Area, you have additional rights under GDPR including:

  • Right to lodge a complaint with your local data protection authority
  • Right to restriction of processing
  • Right not to be subject to automated decision-making

7.4 CCPA Rights (California Residents)

California residents have additional rights under CCPA:

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to opt-out of sale of personal information (we do not sell your data)
  • Right to non-discrimination for exercising CCPA rights

8. Chrome Extension Permissions

The LocalAI browser extension requires the following permissions:

PermissionPurpose
activeTabRead page content only when you explicitly trigger a feature (mindmap, summary, etc.)
storageStore your preferences, settings, and AI model cache locally
scriptingInject UI panels to display generated content (mindmaps, flashcards)
offscreenRun WebGPU AI inference in background (service workers don't support WebGPU)
contextMenusProvide right-click options for selected text (summarize, translate, etc.)
alarmsSchedule background tasks like session refresh
identityEnable Google Sign-In for account features (optional)
host_permissionsAllow extension to work on any webpage you choose to analyze

9. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@localai.im.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last Updated" date at the top of this policy
  • Sending an email notification for significant changes (if you have an account)

Your continued use of the Service after any changes indicates your acceptance of the updated Privacy Policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

CORDOC LLC

Address:
4030 Wake Forest Rd St 349
Raleigh, NC 27609-0010
United States

Email: privacy@localai.im

Website: localai.im

We will respond to all legitimate requests within 30 days.