PactPilot Chrome Extension Privacy Notice
Effective date: April 28, 2026
PactPilot is a Chrome Side Panel assistant that helps users analyze client communications, review contract documents, and draft replies.
Data We Collect
PactPilot collects only data that you actively send to the extension:
- Text you type or paste into the PactPilot Side Panel.
- Files you upload for review, such as PDFs or images of contract clauses.
- Text you explicitly select on a web page and send with the "Analyze with PactPilot" right-click menu or in-page floating button.
- An anonymous browser identifier, formatted as
browser_ext_<uuid-v4>, used asX-Guest-Idfor guest sessions. The PactPilot API may also persist this identifier in app_anon_idcookie so the same browser profile can keep a stable anonymous session.
Data We Do Not Collect
- We do not upload full page DOM or chat history. The in-page content script is limited to WhatsApp Web, Slack, and Upwork domains; it renders a floating entry point, reads the current text selection, and locally detects supported chat pages.
- We do not read browsing history or tabs.
- We do not read cookies outside the PactPilot API domain.
- We do not request
tabs,activeTab,cookies, oridentitypermissions. - We do not automatically extract messages. On WhatsApp Web, Slack, and Upwork, the in-page button only sends text you have manually selected.
- We do not store API keys, passwords, OAuth tokens, or login credentials locally.
- We do not monitor the clipboard in the background.
The clipboardRead permission is used only after you click the Paste button inside the PactPilot Side Panel.
Local Storage
The extension uses Chrome extension storage for a guest identifier cache, a short-lived pending selection value, and floating tool display preferences. No user messages, uploaded files, API keys, auth tokens, or passwords are stored in Chrome extension storage.
Network Requests
The extension sends requests only to https://api.pactpilot.ai/* for PactPilot API calls and https://*.supabase.co/* for direct uploads to short-lived storage URLs returned by the PactPilot backend.
All AI inference, contract OCR, and reply drafting happen on PactPilot backend services. The extension does not directly call third-party language model APIs.
How We Use Data
- Analyze client communication risk, intent, and response strategy.
- Scan uploaded contract documents or images for notable terms and red flags.
- Generate draft replies based on selected or uploaded content.
- Maintain guest conversation history in the same browser profile.
- Debug and secure the service through request identifiers and operational logs.
Data Sharing
PactPilot does not sell user data. User data is used only to provide PactPilot's stated functionality and operate the service. Direct uploads may use storage infrastructure through short-lived URLs returned by PactPilot.
User Control
- Use the Side Panel input only when you want PactPilot to analyze text.
- Use file upload only when you want PactPilot to review a file.
- Use the right-click menu or in-page floating button only when you want selected page text to be sent.
- Clear PactPilot site cookies or use a separate browser profile to start a new anonymous browser identity.
Contact
support@pactpilot.ai