Privacy Policy

Effective date: 2026-04-18 · Contact: hello@nievesjesus.com

Quay runs entirely on your device, talks only to the LLM provider you choose, and has no backend, no analytics, and no telemetry. Everything below is just the long version of that sentence.

1. Who runs Quay

Quay is an open-source project published under the MIT license. The extension is built and maintained by Jesús Nieves and external contributors. The full source code is available at the project repository — anyone can audit how data flows through it.

There is no company, no server operated by the maintainers, and no account system. Installing Quay does not create an account anywhere.

2. Data Quay handles

Quay handles four categories of data, all of them generated by you:

API keys and provider settings — keys for OpenAI, Anthropic, Google Gemini, OpenRouter, or the URL of your local Ollama server, plus the provider/model selection.
Conversation and session data — chat messages you write, the assistant's replies, the list and contents of tool calls (read pages, clicks, screenshots, etc.), per-session memory entries you (or the assistant on your behalf) save, and recorded recipes.
Web page content from your active session — when you ask the assistant to act on a page, Quay reads text, lists interactive elements, captures screenshots, or runs page scripts on the tabs that belong to the active session's tab group. This is done on demand, only in response to your explicit request, and never on tabs outside that group.
Local usage counters — per-message and per-session token counts and estimated cost, used to show you the status bar and the in-app usage panel.

Quay does not read your browsing history, your bookmarks, your passwords, your downloads, or any tab outside the active session's tab group.

3. Where the data lives

All four categories above are stored locally on your device, in chrome.storage.local, namespaced under quay.*. Nothing is uploaded to a server controlled by the maintainers, because no such server exists.

You can inspect or delete this data at any time:

From inside Quay: Settings → clear keys, clear memory, reset usage counters, delete sessions/recipes individually.
From Chrome: chrome://extensions → Quay → "Remove" wipes all extension storage.

4. Where the data is sent

Quay makes outbound network requests only to fulfill a chat turn or scheduled recipe you initiated. There are exactly two kinds of destinations:

The LLM provider you configured. Your prompts, the relevant conversation history, tool definitions, and any page content the assistant has read in the current turn are sent to that provider's API endpoint over HTTPS so it can generate a response. Examples: api.openai.com, api.anthropic.com, generativelanguage.googleapis.com, openrouter.ai, or your local Ollama server (default http://localhost:11434) — in this case nothing leaves your machine at all.
The websites you ask the assistant to interact with. When the assistant clicks a link, opens a tab, or reads a page on your behalf, the request is made by your browser to that website exactly as if you had performed the action yourself.

There are no other outbound requests. Quay does not contact the maintainers' infrastructure, does not load remote JavaScript, does not include analytics SDKs, and does not phone home for updates (Chrome handles updates itself).

5. Third-party services

When you use Quay, the following third parties may receive data, depending on which provider you choose:

Provider	What they receive	Their policy
OpenAI	Prompts and page content sent in chat turns	openai.com
Anthropic	Prompts and page content sent in chat turns	anthropic.com
Google (Gemini)	Prompts and page content sent in chat turns	google.com
OpenRouter	Prompts and page content sent in chat turns	openrouter.ai
Ollama (local)	Nothing — runs on your own machine	n/a

Quay does not control these providers and is not responsible for their data handling. Their terms apply to the data you send through them. If this matters to you, choose your provider accordingly — or run Ollama locally for a fully offline setup.

6. What Quay does not do

No analytics. No Google Analytics, no Plausible, no PostHog, no error reporters.
No telemetry. Quay does not report which features you use, which sites you visit, or how often you use the extension.
No selling or sharing of user data. The maintainers do not have access to your data and therefore have nothing to sell or share.
No advertising. Quay does not display ads or use your data for ad targeting.
No use of your data to determine creditworthiness or for lending.
No remote code execution. All JavaScript shipped in the extension is bundled and reviewed as part of the Chrome Web Store submission.

7. Children

Quay is not directed at children under 13 and does not knowingly collect data from them. The extension has no concept of user accounts or age, and stores nothing remotely.

8. Security

Practical security guidance, the threat model, and information on reporting a vulnerability live in SECURITY.md. Highlights:

API keys are stored locally in chrome.storage.local and sent only to the provider you configured, over HTTPS.
Each session is scoped to a Chrome tab group; the assistant cannot read or act on tabs outside it.
Writing actions (click, type, open tab, exec_js, etc.) require approval by default, and approval is forced — not optional — on sensitive domains (banking, government, health, admin consoles, vaults).
Page content passed to the model is wrapped in an explicit untrusted-content boundary to mitigate prompt injection.

If you discover a security or privacy issue, email hello@nievesjesus.com rather than opening a public issue.

9. Changes to this policy

If this policy changes, the new version will be committed to the project repository with an updated "Effective date" at the top, and (for material changes) called out in the release notes of the next extension version. Because Quay has no backend and no user accounts, there is no email list to notify.

10. Contact

Questions, concerns, or data-related requests: hello@nievesjesus.com.