Legal

Privacy Policy

Last updated: May 2026

TLDR:FSB operates entirely within your browser. No browsing data is collected. API keys are encrypted locally with AES-GCM. AI calls go directly from your browser to the provider you choose. The optional relay server for Background Agents stores only run metadata, never page content. Memory data stays on your device. Everything is open source and auditable.

Data Collection

FSB operates entirely within your browser. The extension only accesses the DOM (Document Object Model) of the currently active tab when you initiate an automation task.

No browsing history is collected or stored beyond the current session
DOM data is analyzed locally and discarded after each automation step
No personal information is harvested from pages you visit

Chrome permissions FSB requests

To run web automation, FSB declares the following permissions in its Chrome manifest. Each is used only for the documented purpose; nothing is sent off-device on the strength of any of them.

DOM and tabs — activeTab, scripting, tabs, windows, sidePanel, and host permission <all_urls>: read and write the active tab, inject the automation content script, list and switch tabs, and render the side panel
Advanced automation — debugger: attach the Chrome DevTools Protocol for coordinate-based clicks, drag, and key-hold actions that the regular DOM API cannot perform. webNavigation: observe navigation start/finish events so automation waits for the right moment
Local storage — storage, unlimitedStorage: store your settings, credentials, payment methods, and memory in chrome.storage.local on your device. Unlimited storage lifts the default 10 MB quota so memory and session logs can grow without hitting a wall
UX helpers — clipboardWrite: write copy-to-clipboard results from automation. alarms: schedule background housekeeping. offscreen: host the speech-to-text recorder in a hidden document because service workers cannot capture audio directly

Microphone access for speech-to-text is not declared in the manifest. Chrome shows its own permission prompt the first time you use the mic button.

Data Storage

All settings and data are stored locally in Chrome's extension storage. FSB uses AES-GCM encryption for sensitive data like API keys.

Configuration is stored in chrome.storage.local
API keys are encrypted before storage using AES-GCM
Session logs are stored locally and can be cleared at any time
Analytics data (task counts, success rates) stays on your device

External Services

FSB communicates with external AI providers only when you configure and use a hosted provider. If you use LM Studio, AI requests stay on your machine through its local OpenAI-compatible server. The choice of provider and what data is sent is under your control.

Hosted API calls are made only to the provider you select (xAI, OpenAI, Anthropic, Google, or OpenRouter)
LM Studio uses a local OpenAI-compatible server on your device and does not require an API key
Sent data includes: task description, DOM structure summary, and action context
If you use the Remote Dashboard or Background Agents sync, an optional relay server handles WebSocket messages and stores agent run metadata (task name, cost, duration, success/fail). No page content, DOM data, or AI responses are stored on the server. This is opt-in only
Each provider has their own privacy policy governing how they handle API requests

No Third-Party Tracking

FSB does not include any third-party analytics, ad trackers, or cross-site fingerprinting. There are no cookies and no third-party scripts beyond the AI provider APIs you explicitly configure. The one piece of first-party data FSB sends home is the opt-out Anonymous Usage Telemetry described below, used solely to power the public /stats dashboard.

API Keys

Your API keys are encrypted locally using AES-GCM before being stored. They are never transmitted anywhere except to the AI provider you configured, and only as authentication headers in API requests.

Keys are encrypted at rest in Chrome storage
Decryption only happens in-memory when making API calls
Keys are never logged, exported, or shared

Auto-Passwords

FSB includes an optional credential manager that stores login credentials encrypted on your device. Passwords are never exposed to AI models. They are filled directly into pages by the content script, bypassing the AI entirely.

Credentials are encrypted at rest using AES-GCM with 256-bit keys and PBKDF2 key derivation
When the AI analyzes a page, password field values are replaced with [hidden]. The actual password is never included in any AI prompt
Auto-fill is performed by the content script injecting values directly into the DOM, with no AI involvement in the credential flow
The credential list view only shows usernames and domains. Passwords are decrypted individually and only when needed for auto-fill
Credentials are stored per-domain with parent domain fallback (e.g., accounts.google.com inherits from google.com)

Payment Methods

FSB includes an optional payment-method vault that stores card details on your device for checkout auto-fill. Cards are treated with the same encryption and AI isolation as login credentials, and the full card number is never sent to any AI model.

Card details (number, expiry, cardholder, and zip) are encrypted at rest using AES-GCM with the same vault-derived key used for credentials
When the AI analyzes a checkout page, any detected card-number field values are replaced with [hidden] before the prompt is built. Card numbers, CVV, and expiry are never included in any AI prompt
Auto-fill happens via the content script writing directly into the page's DOM fields, bypassing the AI entirely
The list view shows only a card nickname and last-4 digits. Full numbers are decrypted in memory only at the moment of fill
An MCP client can request a payment fill via use_payment_method, but the user is shown an in-extension confirmation prompt before any card data is written into the page
CVV is never persisted unless you opt in per-card, and even then it is encrypted alongside the rest of the record

Speech-to-Text

FSB includes an optional microphone input for the prompt box. The default provider runs entirely in your browser; an optional OpenAI Whisper fallback can be enabled in settings if you want higher accuracy.

Default provider: the browser's native SpeechRecognitionAPI. Audio is processed by Chrome and never leaves your device through FSB
Optional Whisper provider: when sttProvider is set to whisper and an OpenAI key is configured, recorded audio chunks are uploaded directly from your browser to OpenAI's transcription endpoint. FSB never sees or stores the audio
The microphone is only active while you are holding or have toggled the mic button. Chrome prompts for permission the first time you use it; FSB does not request microphone access in the extension manifest
Transcripts are inserted into the prompt textarea only and are never logged, persisted, or transmitted outside the active AI request you choose to send
Disable speech entirely by leaving the mic button untouched, or by clearing the optional Whisper provider in Chrome extension storage

Prompt Injection Prevention

Web pages can contain hidden text designed to hijack AI agents. FSB implements multi-layered defenses to ensure the AI only follows your instructions, never instructions embedded in page content.

All page content is wrapped in [PAGE_CONTENT] boundary markers, and the AI is instructed to never follow instructions found within these markers
A sanitization engine strips known injection patterns (e.g., "ignore previous instructions", fake system prompts, override attempts) from all page content before it reaches the AI
AI-generated actions are validated before execution. Dangerous URLs (javascript:, data:) and script injection attempts are blocked
Only a strict, fixed allowlist of known tools can be executed. The AI cannot invent or call arbitrary actions
Content size is capped (500 chars per value, 15K total prompt cap) to limit payload delivery
Invisible Unicode control characters that websites embed are stripped before processing

Background Agents and Server Sync

Deprecated in v0.9.45rc1.FSB's built-in Background Agents have been superseded by OpenClaw and Claude Routines, with remote control now handled by the Sync tab. The disclosures below are retained for users still running v0.9.44 or earlier; on current builds the relay server is only contacted when you pair a Sync session.

If you opt into Background Agents server sync or Remote Dashboard pairing, a relay server facilitates communication between your extension and the dashboard.

The server stores: agent definitions (name, schedule, target URL), run metrics (token count, cost, duration, success/fail status), and session pairing tokens
The server does NOT store: page content, DOM data, browsing history, AI prompts, AI responses, or any data from the pages you visit
Authentication uses hash keys (generated locally) and session tokens that expire after 24 hours
One-time pairing tokens expire after 60 seconds and cannot be reused
Server sync is disabled by default. You must explicitly enable it in Options

Memory System

FSB's memory system stores navigation patterns and site intelligence to improve automation over time.

All memory data (semantic, episodic, procedural) is stored locally in chrome.storage.local
No memory data is sent to any external server
Memory can be viewed and cleared at any time from the Options dashboard
Site maps and navigation patterns are domain-specific and isolated from each other

Anonymous Usage Telemetry

FSB v0.9.69 introduced an opt-out anonymous usage telemetry pipeline so the project can publish aggregate adoption numbers (see /stats) without ever touching the pages you browse. Telemetry is on by default but can be disabled with a single toggle, and the per-install data can be erased on request.

What we collect

A random per-install UUID stored in chrome.storage.local under the key fsbInstallUuid. The UUID is generated locally and never tied to your identity.
The name of the MCP client used (e.g. Claude Code, Cursor, Codex), drawn from a fixed allowlist.
The model name used for a session (e.g. grok-4-fast, claude-opus-4), drawn from a fixed allowlist.
Aggregate input/output token counts per session.
The number of active FSB agents on your install (an integer count).

What we do NOT collect

Page URLs, hostnames, or browsing history.
Prompts, instructions, task descriptions, or any natural-language text you send to your model provider.
Page DOM, screenshots, page content, or AI responses.
Plaintext IP addresses. The server hashes the request IP with a daily-rotating salt for rate limiting and discards it.
Names, usernames, account handles, or any free-form identity fields.
Email addresses, phone numbers, or contact information.

Retention

Raw events are retained for 7 days. Daily rollups (one row per install per day) are retained for 365 days. Global aggregates (one row per day, no per-install dimension) are retained indefinitely so historical charts on /stats remain stable.

How to opt out

Open the FSB Control Panel, scroll to Advanced Settings, and toggle Send anonymous usage data off. The change takes effect immediately; no further events will be sent from your install.

How to erase your data

To request erasure of all telemetry rows associated with your install (GDPR Article 17), look up your fsbInstallUuid in ChromeDevTools → Application → Storage → Extension storage, then send a single HTTP request:

curl -X POST -H "Content-Type: application/json" \
  -d '{"install_uuid":"<your-uuid>"}' \
  https://full-selfbrowsing.com/api/telemetry/forget

Limited Use affirmation

FSB's anonymous usage telemetry is used only to compute aggregate usage statistics displayed publicly at full-selfbrowsing.com/stats. The data is never sold, never shared with third parties, never used for advertising, and never used to train any machine-learning models. This commitment satisfies the Chrome Web Store's Limited Use requirement.

Aggregated public metrics

We publish aggregated metrics derived from this telemetry pipeline at /stats. Only counts and totals are shown; no per-install row is ever exposed.

Open Source

FSB is fully open source under the BSL 1.1 License. You can audit every line of code to verify these privacy claims. The source code is available on GitHub.

Changes to This Policy

If this policy is updated, the changes will be reflected by the "Last updated" date at the top of this page. Significant changes will also be noted in the project's GitHub release notes.

Contact

If you have questions about this privacy policy or FSB's data handling, please open an issue on GitHub Issues.

Policy History

Each entry below is a snapshot of the privacy policy as it stood on the date shown. Older versions are kept verbatim so you can audit what we promised at any point in time. Snapshots are English-only.

May 2026v0.9.69 — Anonymous Usage Telemetry, Speech-to-Text, Payment Methods, expanded permissions, Background Agents deprecated (full archived text)

Archived copy of the privacy policy as it stood in May 2026. This is the same body rendered on the live page above; it is captured here so the snapshot remains available verbatim once the next policy update lands.

TLDR: FSB operates entirely within your browser. No browsing data is collected. API keys are encrypted locally with AES-GCM. AI calls go directly from your browser to the provider you choose. The optional relay server for Background Agents stores only run metadata, never page content. Memory data stays on your device. Everything is open source and auditable.

Data Collection

FSB operates entirely within your browser. The extension only accesses the DOM (Document Object Model) of the currently active tab when you initiate an automation task.

No browsing history is collected or stored beyond the current session
DOM data is analyzed locally and discarded after each automation step
No personal information is harvested from pages you visit

Chrome permissions FSB requests

To run web automation, FSB declares the following permissions in its Chrome manifest. Each is used only for the documented purpose; nothing is sent off-device on the strength of any of them.

DOM and tabs — activeTab, scripting, tabs, windows, sidePanel, and host permission <all_urls>: read and write the active tab, inject the automation content script, list and switch tabs, and render the side panel
Advanced automation — debugger: attach the Chrome DevTools Protocol for coordinate-based clicks, drag, and key-hold actions that the regular DOM API cannot perform. webNavigation: observe navigation start/finish events so automation waits for the right moment
Local storage — storage, unlimitedStorage: store your settings, credentials, payment methods, and memory in chrome.storage.local on your device. Unlimited storage lifts the default 10 MB quota so memory and session logs can grow without hitting a wall
UX helpers — clipboardWrite: write copy-to-clipboard results from automation. alarms: schedule background housekeeping. offscreen: host the speech-to-text recorder in a hidden document because service workers cannot capture audio directly

Microphone access for speech-to-text is not declared in the manifest. Chrome shows its own permission prompt the first time you use the mic button.

Data Storage

All settings and data are stored locally in Chrome's extension storage. FSB uses AES-GCM encryption for sensitive data like API keys.

Configuration is stored in chrome.storage.local
API keys are encrypted before storage using AES-GCM
Session logs are stored locally and can be cleared at any time
Analytics data (task counts, success rates) stays on your device

External Services

Hosted API calls are made only to the provider you select (xAI, OpenAI, Anthropic, Google, or OpenRouter)
LM Studio uses a local OpenAI-compatible server on your device and does not require an API key
Sent data includes: task description, DOM structure summary, and action context
If you use the Remote Dashboard or Background Agents sync, an optional relay server handles WebSocket messages and stores agent run metadata (task name, cost, duration, success/fail). No page content, DOM data, or AI responses are stored on the server. This is opt-in only
Each provider has their own privacy policy governing how they handle API requests

No Third-Party Tracking

API Keys

Keys are encrypted at rest in Chrome storage
Decryption only happens in-memory when making API calls
Keys are never logged, exported, or shared

Auto-Passwords

Credentials are encrypted at rest using AES-GCM with 256-bit keys and PBKDF2 key derivation
When the AI analyzes a page, password field values are replaced with [hidden]. The actual password is never included in any AI prompt
Auto-fill is performed by the content script injecting values directly into the DOM, with no AI involvement in the credential flow
The credential list view only shows usernames and domains. Passwords are decrypted individually and only when needed for auto-fill
Credentials are stored per-domain with parent domain fallback (e.g., accounts.google.com inherits from google.com)

Payment Methods

Card details (number, expiry, cardholder, and zip) are encrypted at rest using AES-GCM with the same vault-derived key used for credentials
When the AI analyzes a checkout page, any detected card-number field values are replaced with [hidden] before the prompt is built. Card numbers, CVV, and expiry are never included in any AI prompt
Auto-fill happens via the content script writing directly into the page's DOM fields, bypassing the AI entirely
The list view shows only a card nickname and last-4 digits. Full numbers are decrypted in memory only at the moment of fill
An MCP client can request a payment fill via use_payment_method, but the user is shown an in-extension confirmation prompt before any card data is written into the page
CVV is never persisted unless you opt in per-card, and even then it is encrypted alongside the rest of the record

Speech-to-Text

Default provider: the browser's native SpeechRecognition API. Audio is processed by Chrome and never leaves your device through FSB
Optional Whisper provider: when sttProvider is set to whisper and an OpenAI key is configured, recorded audio chunks are uploaded directly from your browser to OpenAI's transcription endpoint. FSB never sees or stores the audio
The microphone is only active while you are holding or have toggled the mic button. Chrome prompts for permission the first time you use it; FSB does not request microphone access in the extension manifest
Transcripts are inserted into the prompt textarea only and are never logged, persisted, or transmitted outside the active AI request you choose to send
Disable speech entirely by leaving the mic button untouched, or by clearing the optional Whisper provider in Chrome extension storage

Prompt Injection Prevention

Web pages can contain hidden text designed to hijack AI agents. FSB implements multi-layered defenses to ensure the AI only follows your instructions, never instructions embedded in page content.

All page content is wrapped in [PAGE_CONTENT] boundary markers, and the AI is instructed to never follow instructions found within these markers
A sanitization engine strips known injection patterns (e.g., "ignore previous instructions", fake system prompts, override attempts) from all page content before it reaches the AI
AI-generated actions are validated before execution. Dangerous URLs (javascript:, data:) and script injection attempts are blocked
Only a strict, fixed allowlist of known tools can be executed. The AI cannot invent or call arbitrary actions
Content size is capped (500 chars per value, 15K total prompt cap) to limit payload delivery
Invisible Unicode control characters that websites embed are stripped before processing

Background Agents and Server Sync

Deprecated in v0.9.45rc1. FSB's built-in Background Agents have been superseded by OpenClaw and Claude Routines, with remote control now handled by the Sync tab. The disclosures below are retained for users still running v0.9.44 or earlier; on current builds the relay server is only contacted when you pair a Sync session.

If you opt into Background Agents server sync or Remote Dashboard pairing, a relay server facilitates communication between your extension and the dashboard.

The server stores: agent definitions (name, schedule, target URL), run metrics (token count, cost, duration, success/fail status), and session pairing tokens
The server does NOT store: page content, DOM data, browsing history, AI prompts, AI responses, or any data from the pages you visit
Authentication uses hash keys (generated locally) and session tokens that expire after 24 hours
One-time pairing tokens expire after 60 seconds and cannot be reused
Server sync is disabled by default. You must explicitly enable it in Options

Memory System

FSB's memory system stores navigation patterns and site intelligence to improve automation over time.

All memory data (semantic, episodic, procedural) is stored locally in chrome.storage.local
No memory data is sent to any external server
Memory can be viewed and cleared at any time from the Options dashboard
Site maps and navigation patterns are domain-specific and isolated from each other

Anonymous Usage Telemetry

What we collect

A random per-install UUID stored in chrome.storage.local under the key fsbInstallUuid. The UUID is generated locally and never tied to your identity.
The name of the MCP client used (e.g. Claude Code, Cursor, Codex), drawn from a fixed allowlist.
The model name used for a session (e.g. grok-4-fast, claude-opus-4), drawn from a fixed allowlist.
Aggregate input/output token counts per session.
The number of active FSB agents on your install (an integer count).

What we do NOT collect

Page URLs, hostnames, or browsing history.
Prompts, instructions, task descriptions, or any natural-language text you send to your model provider.
Page DOM, screenshots, page content, or AI responses.
Plaintext IP addresses. The server hashes the request IP with a daily-rotating salt for rate limiting and discards it.
Names, usernames, account handles, or any free-form identity fields.
Email addresses, phone numbers, or contact information.

Retention

How to opt out

Open the FSB Control Panel, scroll to Advanced Settings, and toggle Send anonymous usage data off. The change takes effect immediately; no further events will be sent from your install.

How to erase your data

To request erasure of all telemetry rows associated with your install (GDPR Article 17), look up your fsbInstallUuid in Chrome DevTools → Application → Storage → Extension storage, then send a single HTTP request:

curl -X POST -H "Content-Type: application/json" \
  -d '{"install_uuid":"<your-uuid>"}' \
  https://full-selfbrowsing.com/api/telemetry/forget

Limited Use affirmation

Aggregated public metrics

We publish aggregated metrics derived from this telemetry pipeline at /stats. Only counts and totals are shown; no per-install row is ever exposed.

Open Source

FSB is fully open source under the BSL 1.1 License. You can audit every line of code to verify these privacy claims. The source code is available on GitHub.

Changes to This Policy

If this policy is updated, the changes will be reflected by the "Last updated" date at the top of this page. Significant changes will also be noted in the project's GitHub release notes.

Contact

If you have questions about this privacy policy or FSB's data handling, please open an issue on GitHub Issues.

March 2026v0.9.2 — Background Agents, Memory System, Server Sync (full archived text)

Archived copy of the privacy policy as it stood in March 2026, prior to the v0.9.69 telemetry, speech-to-text, and payment-method additions. Reproduced verbatim except for whitespace.

TLDR FSB operates entirely within your browser. No browsing data is collected. API keys are encrypted locally with AES-GCM. AI calls go directly from your browser to the provider you choose. The optional relay server for Background Agents stores only run metadata, never page content. Memory data stays on your device. Everything is open source and auditable.

Data Collection

FSB operates entirely within your browser. The extension only accesses the DOM (Document Object Model) of the currently active tab when you initiate an automation task.

No browsing history is collected or stored beyond the current session
DOM data is analyzed locally and discarded after each automation step
No personal information is harvested from pages you visit

Data Storage

All settings and data are stored locally in Chrome's extension storage. FSB uses AES-GCM encryption for sensitive data like API keys.

Configuration is stored in chrome.storage.local
API keys are encrypted before storage using AES-GCM
Session logs are stored locally and can be cleared at any time
Analytics data (task counts, success rates) stays on your device

External Services

Hosted API calls are made only to the provider you select (xAI, OpenAI, Anthropic, Google, or OpenRouter)
LM Studio uses a local OpenAI-compatible server on your device and does not require an API key
Sent data includes: task description, DOM structure summary, and action context
If you use the Remote Dashboard or Background Agents sync, an optional relay server handles WebSocket messages and stores agent run metadata (task name, cost, duration, success/fail). No page content, DOM data, or AI responses are stored on the server. This is opt-in only
Each provider has their own privacy policy governing how they handle API requests

No Tracking

FSB does not include any analytics, telemetry, or tracking services. There are no cookies, no fingerprinting, and no third-party scripts beyond the AI provider APIs you explicitly configure.

API Keys

Keys are encrypted at rest in Chrome storage
Decryption only happens in-memory when making API calls
Keys are never logged, exported, or shared

Auto-Passwords

Credentials are encrypted at rest using AES-GCM with 256-bit keys and PBKDF2 key derivation
When the AI analyzes a page, password field values are replaced with [hidden]. The actual password is never included in any AI prompt
Auto-fill is performed by the content script injecting values directly into the DOM, with no AI involvement in the credential flow
The credential list view only shows usernames and domains. Passwords are decrypted individually and only when needed for auto-fill
Credentials are stored per-domain with parent domain fallback (e.g., accounts.google.com inherits from google.com)

Prompt Injection Prevention

Web pages can contain hidden text designed to hijack AI agents. FSB implements multi-layered defenses to ensure the AI only follows your instructions, never instructions embedded in page content.

All page content is wrapped in [PAGE_CONTENT] boundary markers, and the AI is instructed to never follow instructions found within these markers
A sanitization engine strips known injection patterns (e.g., "ignore previous instructions", fake system prompts, override attempts) from all page content before it reaches the AI
AI-generated actions are validated before execution. Dangerous URLs (javascript:, data:) and script injection attempts are blocked
Only a strict allowlist of 50+ known tools can be executed. The AI cannot invent or call arbitrary actions
Content size is capped (500 chars per value, 15K total prompt cap) to limit payload delivery
Invisible Unicode control characters that websites embed are stripped before processing

Background Agents and Server Sync

If you opt into Background Agents server sync or Remote Dashboard pairing, a relay server facilitates communication between your extension and the dashboard.

The server stores: agent definitions (name, schedule, target URL), run metrics (token count, cost, duration, success/fail status), and session pairing tokens
The server does NOT store: page content, DOM data, browsing history, AI prompts, AI responses, or any data from the pages you visit
Authentication uses hash keys (generated locally) and session tokens that expire after 24 hours
One-time pairing tokens expire after 60 seconds and cannot be reused
Server sync is disabled by default. You must explicitly enable it in Options

Memory System

FSB's memory system stores navigation patterns and site intelligence to improve automation over time.

All memory data (semantic, episodic, procedural) is stored locally in chrome.storage.local
No memory data is sent to any external server
Memory can be viewed and cleared at any time from the Options dashboard
Site maps and navigation patterns are domain-specific and isolated from each other

Open Source

FSB is fully open source under the BSL 1.1 License. You can audit every line of code to verify these privacy claims. The source code is available on GitHub.

Changes to This Policy

If this policy is updated, the changes will be reflected by the "Last updated" date at the top of this page. Significant changes will also be noted in the project's GitHub release notes.

Contact

If you have questions about this privacy policy or FSB's data handling, please open an issue on GitHub Issues.

February 2026v0.9 — Initial privacy policy (full archived text)

Archived copy of the initial privacy policy as it stood in February 2026, before Background Agents, Memory System, OpenRouter, and LM Studio support were added. Reconstructed from the March 2026 snapshot by removing the sections that did not yet exist; the wording of sections that were already present is preserved verbatim.

Data Collection

FSB operates entirely within your browser. The extension only accesses the DOM (Document Object Model) of the currently active tab when you initiate an automation task.

No browsing history is collected or stored beyond the current session
DOM data is analyzed locally and discarded after each automation step
No personal information is harvested from pages you visit

Data Storage

All settings and data are stored locally in Chrome's extension storage. FSB uses AES-GCM encryption for sensitive data like API keys.

Configuration is stored in chrome.storage.local
API keys are encrypted before storage using AES-GCM
Session logs are stored locally and can be cleared at any time
Analytics data (task counts, success rates) stays on your device

External Services

FSB communicates with external AI providers only when you configure and use a hosted provider. The choice of provider and what data is sent is under your control.

Hosted API calls are made only to the provider you select (xAI, OpenAI, Anthropic, or Google Gemini)
Sent data includes: task description, DOM structure summary, and action context
Each provider has their own privacy policy governing how they handle API requests

No Tracking

FSB does not include any analytics, telemetry, or tracking services. There are no cookies, no fingerprinting, and no third-party scripts beyond the AI provider APIs you explicitly configure.

API Keys

Keys are encrypted at rest in Chrome storage
Decryption only happens in-memory when making API calls
Keys are never logged, exported, or shared

Auto-Passwords

Credentials are encrypted at rest using AES-GCM with 256-bit keys and PBKDF2 key derivation
When the AI analyzes a page, password field values are replaced with [hidden]. The actual password is never included in any AI prompt
Auto-fill is performed by the content script injecting values directly into the DOM, with no AI involvement in the credential flow
The credential list view only shows usernames and domains. Passwords are decrypted individually and only when needed for auto-fill
Credentials are stored per-domain with parent domain fallback (e.g., accounts.google.com inherits from google.com)

Prompt Injection Prevention

Web pages can contain hidden text designed to hijack AI agents. FSB implements multi-layered defenses to ensure the AI only follows your instructions, never instructions embedded in page content.

All page content is wrapped in [PAGE_CONTENT] boundary markers, and the AI is instructed to never follow instructions found within these markers
A sanitization engine strips known injection patterns (e.g., "ignore previous instructions", fake system prompts, override attempts) from all page content before it reaches the AI
AI-generated actions are validated before execution. Dangerous URLs (javascript:, data:) and script injection attempts are blocked
Only a strict allowlist of known tools can be executed. The AI cannot invent or call arbitrary actions
Content size is capped (500 chars per value, 15K total prompt cap) to limit payload delivery
Invisible Unicode control characters that websites embed are stripped before processing

Open Source

FSB is fully open source under the BSL 1.1 License. You can audit every line of code to verify these privacy claims. The source code is available on GitHub.

Changes to This Policy

If this policy is updated, the changes will be reflected by the "Last updated" date at the top of this page. Significant changes will also be noted in the project's GitHub release notes.

Contact

If you have questions about this privacy policy or FSB's data handling, please open an issue on GitHub Issues.