How ChatExport AI handles your data

Threat model

The thing we’re trying to prevent: your AI conversation content reaching anyone other than you. That includes us. The extension is built so that the data path never leaves your browser, and so that fact is auditable.

Data flow, in detail

Every export step runs inside the Chrome extension sandbox:

• Read. The extension reads the conversation data the page already holds (the same data the page rendered the chat from). No content is fetched from a third party for the export.
• Render. PDFs are rendered using the Chrome debugger API. HTML / Markdown / JSON / Word / CSV are built using JavaScript inside the extension. Math goes through KaTeX, bundled inside the extension package.
• Save. The output file is written via Chrome’s downloads API to your local disk. Nothing is uploaded.

What we do transmit (license validation only)

If you have a Pro license, the extension calls our licensing server (api.chatexportai.com) to verify the license is valid and to enforce the per-device cap. That request contains only:

• Your license key (provided by you).
• An anonymised device identifier — a non-reversible hash derived from non-personal browser properties (user-agent string, viewport, locale). It cannot be turned back into a username, email, IP, or any cross-site identifier.

It does not contain conversation content, browsing history, or any personally identifying information.

What we never collect

• AI conversation content of any kind.
• Browsing history or visited URLs (we don’t use the tabs permission).
• Personal identifiers for free-plan users.
• Analytics, telemetry, crash reports, or usage statistics.
• Cookies or cross-site tracking data.
• Clipboard contents or keystrokes.

Permissions, justified

The extension requests only the permissions it needs:

• scripting — to inject the export sidebar into supported AI chat pages. Core mechanism.
• storage — to remember your license key + settings on the device.
• clipboardWrite — for the “copy export” buttons.
• debugger — for high-fidelity PDF rendering via Chrome’s built-in print engine. (Yes, the orange "is being debugged" bar appears during PDF export — that’s why.)
• cookies — for Notion sync auth (Pro feature). Used only when you actively connect Notion.
• declarativeNetRequest — for the Notion API integration.
• alarms — for auto-cleanup of expired license cache.

No tabs, no history, no webRequest, no activeTab beyond the supported domains.

Audit it yourself

You don’t have to take our word for it:

• Open Chrome DevTools → Network tab while exporting. Confirm no upload of conversation content.
• Inspect the unpacked extension folder via chrome://extensions → "Pack extension". The full extension source is readable JavaScript.
• The extension is reviewed by Google for the Chrome Web Store before publication.

Reporting a security issue

Found a vulnerability? Email [email protected] or [email protected]. We follow the RFC 9116 disclosure contact convention — see /.well-known/security.txt.

Hall of fame

Researchers who report verified issues are credited here (with permission).

• No reports yet — this list is intentional and will be updated as it grows.

Related

• Privacy policy — formal data-handling commitment.
• Terms of use — what installing the extension means legally.
• ChatExport AI for legal teams — privacy-first usage in privileged work.