法律

隱私政策

最後更新：2026 年 3 月

速覽:FSB 完全在你的瀏覽器內執行。不收集任何瀏覽資料。API Key 在本地透過 AES-GCM 加密。AI 呼叫直接從瀏覽器發往你選擇的提供商。後臺智慧體使用的可選中繼伺服器僅儲存執行後設資料，絕不儲存頁面內容。記憶資料保留在你的裝置上。一切均開源可審計。

資料收集

FSB 完全在你的瀏覽器內執行。擴充套件只有在你啟動自動化任務時，才會訪問當前活動標籤頁的 DOM（文件物件模型）。

不收集或儲存當前會話之外的任何瀏覽歷史
DOM 資料在本地分析，每次自動化步驟後即丟棄
不從你訪問的頁面採集任何個人資訊

FSB 請求的 Chrome 權限

為了執行網頁自動化，FSB 在其 Chrome 資訊清單中宣告以下權限。每項僅用於其記錄的用途；不會以任何一項為依據將資料傳送至裝置外。

DOM 與分頁 — activeTab、scripting、tabs、windows、sidePanel 以及主機權限 <all_urls>：讀寫目前作用中分頁、注入自動化內容指令碼、列出與切換分頁、以及繪製側邊欄
進階自動化 — debugger：附加 Chrome DevTools Protocol，用於一般 DOM API 無法執行的座標式點擊、拖曳與按鍵保持操作。webNavigation：監聽導覽開始/結束事件，讓自動化等候適當時機
本機儲存 — storage、unlimitedStorage：將你的設定、憑證、付款方式與記憶儲存在裝置上的 chrome.storage.local 中。無限儲存解除了預設的 10 MB 配額，使記憶與工作階段紀錄可持續增長而不會觸頂
UX 輔助功能 — clipboardWrite：將自動化的複製到剪貼簿結果寫入剪貼簿。alarms：排程背景維護工作。offscreen：將語音轉文字錄音器託管於隱藏文件，因為 service worker 無法直接擷取音訊

語音轉文字所需的麥克風存取權限未在資訊清單中宣告。當你首次使用麥克風按鈕時，Chrome 會自行顯示權限提示。

資料儲存

所有設定和資料都儲存在 Chrome 擴充套件的本地儲存中。FSB 對 API Key 等敏感資料使用 AES-GCM 加密。

配置儲存在 chrome.storage.local 中
API Key 在儲存前會使用 AES-GCM 加密
會話日誌儲存在本地，可隨時清除
分析資料（任務計數、成功率）保留在你的裝置上

外部服務

FSB 僅在你配置並使用託管提供商時，才與外部 AI 提供商通訊。如果你使用 LM Studio，AI 請求會透過其本地 OpenAI 相容伺服器留在本機。提供商選擇與傳送的資料完全由你掌控。

託管 API 呼叫只會發往你選擇的提供商（xAI、OpenAI、Anthropic、Google 或 OpenRouter)
LM Studio 在你的裝置上使用本地 OpenAI 相容伺服器，且無需 API Key
傳送的資料包括：任務描述、DOM 結構摘要以及動作上下文
如果你使用遠端控制檯或後臺智慧體同步，會有可選的中繼伺服器負責 WebSocket 訊息，並儲存智慧體執行後設資料（任務名稱、成本、時長、成功/失敗）。伺服器不儲存頁面內容、DOM 資料或 AI 響應。該功能僅在你選擇開啟時生效
每個提供商都有自己的隱私政策，規定其如何處理 API 請求

無第三方跟蹤

FSB 不包含任何第三方分析、廣告追蹤器或跨站指紋識別。除你顯式設定的 AI 提供商 APIs 之外，沒有 Cookie，也沒有第三方指令碼。FSB 向自身傳送的唯一第一方資料是下方描述的可選退出的匿名使用遙測，僅用於驅動公開的 /stats 儀表板。

API Key

你的 API Key 會在儲存前透過 AES-GCM 在本地加密。除了你配置的 AI 提供商之外，絕不會傳送到任何地方，且只在 API 請求的身份驗證頭中使用。

Key 在 Chrome 儲存中以加密形式靜態儲存
僅在 API 呼叫時在記憶體中解密
Key 絕不會被記錄、匯出或共享

自動密碼

FSB 提供可選的憑據管理器，將登入憑據加密儲存到你的裝置。密碼不會暴露給 AI 模型，而是由內容指令碼直接填入頁面，完全繞過 AI。

憑據在靜態儲存時使用 256 位金鑰和 PBKDF2 派生金鑰的 AES-GCM 加密
AI 分析頁面時，密碼欄位的值會被替換為 [hidden]。真實密碼絕不會出現在任何 AI 提示中
自動填充由內容指令碼將值直接注入 DOM 完成，憑據流程中沒有 AI 參與
憑據列表檢視僅顯示使用者名稱和域名。密碼只在自動填充需要時單獨解密
憑據按域名儲存，並具備父域回退（例如 accounts.google.com 會繼承 google.com)

付款方式

FSB 包含一個可選的付款方式保險庫，將卡片資訊保存在你的裝置上以便結帳時自動填入。卡片採用與登入憑證相同的加密與 AI 隔離機制，完整的卡號絕不會傳送給任何 AI 模型。

卡片資訊（卡號、有效期限、持卡人與郵遞區號）使用與憑證相同的保險庫衍生金鑰，透過 AES-GCM 在靜態時加密
當 AI 分析結帳頁面時，偵測到的卡號欄位值會在建立提示之前被替換為 [hidden]。卡號、CVV 和有效期限絕不會被納入任何 AI 提示之中
自動填入由內容指令碼直接寫入頁面的 DOM 欄位完成，完全繞過 AI
清單檢視僅顯示卡片暱稱與後 4 碼。完整卡號僅在填入的當下在記憶體中解密
MCP 用戶端可透過 use_payment_method 請求執行付款自動填入，但在任何卡片資料寫入頁面之前，會在擴充套件內向使用者顯示確認提示
除非你為某張卡片明確啟用，否則 CVV 永遠不會被持久保存；即使啟用，也會與紀錄的其餘部分一同加密

語音轉文字

FSB 在提示輸入框中包含一個可選的麥克風輸入。預設提供者完全在你的瀏覽器中執行；若你需要更高的準確性，可於設定中啟用可選的 OpenAI Whisper 後備方案。

預設提供者：瀏覽器原生的 SpeechRecognitionAPI。音訊由 Chrome 處理，絕不會透過 FSB 離開你的裝置
可選的 Whisper 提供者：當 sttProvider 設定為 whisper 且已設定 OpenAI 金鑰時，錄製的音訊片段會從你的瀏覽器直接上傳到 OpenAI 的轉錄端點。FSB 從不查看或保存該音訊
麥克風僅在你按住或已切換開啟麥克風按鈕期間處於作用狀態。首次使用時 Chrome 會要求權限；FSB 不會在擴充套件資訊清單中要求麥克風存取權限
轉錄結果僅插入到提示文字框中，絕不會在你選擇傳送的作用中 AI 請求之外被記錄、保存或傳輸
透過不觸碰麥克風按鈕，或在 Chrome 擴充套件儲存中清除可選的 Whisper 提供者，即可完全停用語音功能

防止提示詞注入

網頁可能包含旨在劫持 AI 智慧體的隱藏文字。FSB 透過多層防禦確保 AI 只遵循你的指令，絕不執行嵌入在頁面內容中的指令。

所有頁面內容都被包裹在 [PAGE_CONTENT] 邊界標記內，並指示 AI 永遠不要執行其中的指令
在內容到達 AI 之前，清洗引擎會剝離已知的注入模式（例如“忽略以上指令”、偽造的系統提示、覆蓋請求）
AI 生成的動作會在執行前進行驗證。危險 URL（javascript:、data:）和指令碼注入嘗試將被阻止
只允許執行嚴格白名單上的 50 多種已知工具。AI 無法發明或呼叫任意動作
內容大小有上限（單值 500 字元，提示總上限 15K），限制有效載荷投遞
網站嵌入的不可見 Unicode 控制字元會在處理前被剝離

後臺智慧體與伺服器同步

已在 v0.9.45rc1 中棄用。FSB 內建的背景代理已被 OpenClaw 與 Claude Routines 取代，遠端控制現由 Sync 分頁負責。下方揭露內容仍為仍在執行 v0.9.44 或更早版本的使用者保留；在目前的組建中，僅在你配對 Sync 工作階段時才會連絡中繼伺服器。

若啟用後臺智慧體的伺服器同步或遠端控制檯配對，會有一臺中繼伺服器在擴充套件與控制檯之間轉發通訊。

伺服器會儲存：智慧體定義（名稱、計劃、目標 URL）、執行指標（Token 數、成本、時長、成功/失敗狀態）、會話配對令牌
伺服器不儲存：頁面內容、DOM 資料、瀏覽歷史、AI 提示、AI 響應或你訪問頁面中的任何資料
身份驗證使用本地生成的雜湊 Key，以及 24 小時後失效的會話令牌
一次性配對令牌在 60 秒後失效，無法重複使用
伺服器同步預設關閉，需要你在“選項”中顯式啟用

記憶系統

FSB 的記憶系統會沉澱導航模式和站點情報，讓自動化隨時間持續最佳化。

所有記憶資料（語義、情景、過程）都儲存在 chrome.storage.local 中
記憶資料不會傳送到任何外部伺服器
你可在選項控制檯中隨時檢視並清除記憶
站點地圖和導航模式按域名隔離，互不影響

匿名使用遙測

FSB v0.9.69 引入了一個可選退出的匿名使用遙測管線，讓專案能在完全不接觸你瀏覽的任何頁面的情況下，發布聚合的採用數據（請參見 /stats）。遙測預設啟用，但可以透過一個開關停用，並且按安裝的資料可根據請求被抹除。

我們收集的內容

每次安裝隨機產生的 UUID，儲存於 chrome.storage.local 的鍵 fsbInstallUuid 之下。UUID 於本機產生，永遠不會與你的身分關聯。
所使用的 MCP 用戶端名稱（例如 Claude Code、Cursor、Codex），取自固定的允許清單。
工作階段中使用的模型名稱（例如 grok-4-fast、claude-opus-4），取自固定的允許清單。
每個工作階段的輸入／輸出 token 數量聚合值。
你的安裝上活躍的 FSB 代理數量（一個整數值）。

我們不收集的內容

頁面 URLs、主機名稱或瀏覽歷史紀錄。
提示、指令、工作描述，或你傳送給模型供應商的任何自然語言文字。
頁面 DOM、螢幕截圖、頁面內容或 AI 回應。
純文字 IP 位址。伺服器使用每日輪換的鹽對請求 IP 進行雜湊以限制流量，並立即丟棄。
姓名、使用者名稱、帳號代號，或任何自由文字身分欄位。
電子郵件地址、電話號碼，或聯絡資訊。

保留期

原始事件保留 7 天。每日彙總（每安裝每天一列）保留 365 天。全域聚合（每天一列，無按安裝維度）無限期保留，以便 /stats 上的歷史圖表保持穩定。

如何選擇退出

開啟 FSB 控制面板，捲動至「進階設定」，將 傳送匿名使用資料 開關關閉。變更立即生效；之後不會再從你的安裝傳送事件。

如何抹除你的資料

若要請求抹除與你的安裝關聯的所有遙測列（GDPR 第 17 條），請在 ChromeDevTools → Application → Storage → Extension storage 中查找你的 fsbInstallUuid，然後傳送一次 HTTP 請求：

curl -X POST -H "Content-Type: application/json" \
  -d '{"install_uuid":"<your-uuid>"}' \
  https://full-selfbrowsing.com/api/telemetry/forget

Limited Use 合規聲明

FSB 的匿名使用遙測僅用於計算在 full-selfbrowsing.com/stats 公開展示的聚合使用統計。資料從不出售、從不與第三方共享、從不用於廣告，且從不用於訓練任何機器學習模型。此承諾滿足 Chrome Web Store 的 Limited Use 要求。

聚合的公開指標

我們在 /stats 發布來自此遙測管線的聚合指標。僅展示計數和總數；每安裝的列從不公開。

開源

FSB 採用 BSL 1.1 許可完全開源。你可以審計每一行程式碼，以核實這些隱私宣告。原始碼託管在 GitHub 上。

本政策的變更

若本政策更新，變更將體現在頁面頂部的“最後更新”日期。重要變更也會在專案的 GitHub 釋出說明中註明。

聯絡方式

如對本隱私政策或 FSB 的資料處理有任何疑問，請在 GitHub Issues 上發起 issue。

政策歷史

以下每一條都是隱私權政策在所示日期時的快照。舊版本會逐字保留，以便你可以稽核我們在任何時間點的承諾。快照僅以英文提供。

May 2026v0.9.69 — Anonymous Usage Telemetry, Speech-to-Text, Payment Methods, expanded permissions, Background Agents deprecated (full archived text)

Archived copy of the privacy policy as it stood in May 2026. This is the same body rendered on the live page above; it is captured here so the snapshot remains available verbatim once the next policy update lands.

TLDR: FSB operates entirely within your browser. No browsing data is collected. API keys are encrypted locally with AES-GCM. AI calls go directly from your browser to the provider you choose. The optional relay server for Background Agents stores only run metadata, never page content. Memory data stays on your device. Everything is open source and auditable.

Data Collection

FSB operates entirely within your browser. The extension only accesses the DOM (Document Object Model) of the currently active tab when you initiate an automation task.

No browsing history is collected or stored beyond the current session
DOM data is analyzed locally and discarded after each automation step
No personal information is harvested from pages you visit

Chrome permissions FSB requests

To run web automation, FSB declares the following permissions in its Chrome manifest. Each is used only for the documented purpose; nothing is sent off-device on the strength of any of them.

DOM and tabs — activeTab, scripting, tabs, windows, sidePanel, and host permission <all_urls>: read and write the active tab, inject the automation content script, list and switch tabs, and render the side panel
Advanced automation — debugger: attach the Chrome DevTools Protocol for coordinate-based clicks, drag, and key-hold actions that the regular DOM API cannot perform. webNavigation: observe navigation start/finish events so automation waits for the right moment
Local storage — storage, unlimitedStorage: store your settings, credentials, payment methods, and memory in chrome.storage.local on your device. Unlimited storage lifts the default 10 MB quota so memory and session logs can grow without hitting a wall
UX helpers — clipboardWrite: write copy-to-clipboard results from automation. alarms: schedule background housekeeping. offscreen: host the speech-to-text recorder in a hidden document because service workers cannot capture audio directly

Microphone access for speech-to-text is not declared in the manifest. Chrome shows its own permission prompt the first time you use the mic button.

Data Storage

All settings and data are stored locally in Chrome's extension storage. FSB uses AES-GCM encryption for sensitive data like API keys.

Configuration is stored in chrome.storage.local
API keys are encrypted before storage using AES-GCM
Session logs are stored locally and can be cleared at any time
Analytics data (task counts, success rates) stays on your device

External Services

FSB communicates with external AI providers only when you configure and use a hosted provider. If you use LM Studio, AI requests stay on your machine through its local OpenAI-compatible server. The choice of provider and what data is sent is under your control.

Hosted API calls are made only to the provider you select (xAI, OpenAI, Anthropic, Google, or OpenRouter)
LM Studio uses a local OpenAI-compatible server on your device and does not require an API key
Sent data includes: task description, DOM structure summary, and action context
If you use the Remote Dashboard or Background Agents sync, an optional relay server handles WebSocket messages and stores agent run metadata (task name, cost, duration, success/fail). No page content, DOM data, or AI responses are stored on the server. This is opt-in only
Each provider has their own privacy policy governing how they handle API requests

No Third-Party Tracking

FSB does not include any third-party analytics, ad trackers, or cross-site fingerprinting. There are no cookies and no third-party scripts beyond the AI provider APIs you explicitly configure. The one piece of first-party data FSB sends home is the opt-out Anonymous Usage Telemetry described below, used solely to power the public /stats dashboard.

API Keys

Your API keys are encrypted locally using AES-GCM before being stored. They are never transmitted anywhere except to the AI provider you configured, and only as authentication headers in API requests.

Keys are encrypted at rest in Chrome storage
Decryption only happens in-memory when making API calls
Keys are never logged, exported, or shared

Auto-Passwords

FSB includes an optional credential manager that stores login credentials encrypted on your device. Passwords are never exposed to AI models. They are filled directly into pages by the content script, bypassing the AI entirely.

Credentials are encrypted at rest using AES-GCM with 256-bit keys and PBKDF2 key derivation
When the AI analyzes a page, password field values are replaced with [hidden]. The actual password is never included in any AI prompt
Auto-fill is performed by the content script injecting values directly into the DOM, with no AI involvement in the credential flow
The credential list view only shows usernames and domains. Passwords are decrypted individually and only when needed for auto-fill
Credentials are stored per-domain with parent domain fallback (e.g., accounts.google.com inherits from google.com)

Payment Methods

FSB includes an optional payment-method vault that stores card details on your device for checkout auto-fill. Cards are treated with the same encryption and AI isolation as login credentials, and the full card number is never sent to any AI model.

Card details (number, expiry, cardholder, and zip) are encrypted at rest using AES-GCM with the same vault-derived key used for credentials
When the AI analyzes a checkout page, any detected card-number field values are replaced with [hidden] before the prompt is built. Card numbers, CVV, and expiry are never included in any AI prompt
Auto-fill happens via the content script writing directly into the page's DOM fields, bypassing the AI entirely
The list view shows only a card nickname and last-4 digits. Full numbers are decrypted in memory only at the moment of fill
An MCP client can request a payment fill via use_payment_method, but the user is shown an in-extension confirmation prompt before any card data is written into the page
CVV is never persisted unless you opt in per-card, and even then it is encrypted alongside the rest of the record

Speech-to-Text

FSB includes an optional microphone input for the prompt box. The default provider runs entirely in your browser; an optional OpenAI Whisper fallback can be enabled in settings if you want higher accuracy.

Default provider: the browser's native SpeechRecognition API. Audio is processed by Chrome and never leaves your device through FSB
Optional Whisper provider: when sttProvider is set to whisper and an OpenAI key is configured, recorded audio chunks are uploaded directly from your browser to OpenAI's transcription endpoint. FSB never sees or stores the audio
The microphone is only active while you are holding or have toggled the mic button. Chrome prompts for permission the first time you use it; FSB does not request microphone access in the extension manifest
Transcripts are inserted into the prompt textarea only and are never logged, persisted, or transmitted outside the active AI request you choose to send
Disable speech entirely by leaving the mic button untouched, or by clearing the optional Whisper provider in Chrome extension storage

Prompt Injection Prevention

Web pages can contain hidden text designed to hijack AI agents. FSB implements multi-layered defenses to ensure the AI only follows your instructions, never instructions embedded in page content.

All page content is wrapped in [PAGE_CONTENT] boundary markers, and the AI is instructed to never follow instructions found within these markers
A sanitization engine strips known injection patterns (e.g., "ignore previous instructions", fake system prompts, override attempts) from all page content before it reaches the AI
AI-generated actions are validated before execution. Dangerous URLs (javascript:, data:) and script injection attempts are blocked
Only a strict, fixed allowlist of known tools can be executed. The AI cannot invent or call arbitrary actions
Content size is capped (500 chars per value, 15K total prompt cap) to limit payload delivery
Invisible Unicode control characters that websites embed are stripped before processing

Background Agents and Server Sync

Deprecated in v0.9.45rc1. FSB's built-in Background Agents have been superseded by OpenClaw and Claude Routines, with remote control now handled by the Sync tab. The disclosures below are retained for users still running v0.9.44 or earlier; on current builds the relay server is only contacted when you pair a Sync session.

If you opt into Background Agents server sync or Remote Dashboard pairing, a relay server facilitates communication between your extension and the dashboard.

The server stores: agent definitions (name, schedule, target URL), run metrics (token count, cost, duration, success/fail status), and session pairing tokens
The server does NOT store: page content, DOM data, browsing history, AI prompts, AI responses, or any data from the pages you visit
Authentication uses hash keys (generated locally) and session tokens that expire after 24 hours
One-time pairing tokens expire after 60 seconds and cannot be reused
Server sync is disabled by default. You must explicitly enable it in Options

Memory System

FSB's memory system stores navigation patterns and site intelligence to improve automation over time.

All memory data (semantic, episodic, procedural) is stored locally in chrome.storage.local
No memory data is sent to any external server
Memory can be viewed and cleared at any time from the Options dashboard
Site maps and navigation patterns are domain-specific and isolated from each other

Anonymous Usage Telemetry

FSB v0.9.69 introduced an opt-out anonymous usage telemetry pipeline so the project can publish aggregate adoption numbers (see /stats) without ever touching the pages you browse. Telemetry is on by default but can be disabled with a single toggle, and the per-install data can be erased on request.

What we collect

A random per-install UUID stored in chrome.storage.local under the key fsbInstallUuid. The UUID is generated locally and never tied to your identity.
The name of the MCP client used (e.g. Claude Code, Cursor, Codex), drawn from a fixed allowlist.
The model name used for a session (e.g. grok-4-fast, claude-opus-4), drawn from a fixed allowlist.
Aggregate input/output token counts per session.
The number of active FSB agents on your install (an integer count).

What we do NOT collect

Page URLs, hostnames, or browsing history.
Prompts, instructions, task descriptions, or any natural-language text you send to your model provider.
Page DOM, screenshots, page content, or AI responses.
Plaintext IP addresses. The server hashes the request IP with a daily-rotating salt for rate limiting and discards it.
Names, usernames, account handles, or any free-form identity fields.
Email addresses, phone numbers, or contact information.

Retention

Raw events are retained for 7 days. Daily rollups (one row per install per day) are retained for 365 days. Global aggregates (one row per day, no per-install dimension) are retained indefinitely so historical charts on /stats remain stable.

How to opt out

Open the FSB Control Panel, scroll to Advanced Settings, and toggle Send anonymous usage data off. The change takes effect immediately; no further events will be sent from your install.

How to erase your data

To request erasure of all telemetry rows associated with your install (GDPR Article 17), look up your fsbInstallUuid in Chrome DevTools → Application → Storage → Extension storage, then send a single HTTP request:

curl -X POST -H "Content-Type: application/json" \
  -d '{"install_uuid":"<your-uuid>"}' \
  https://full-selfbrowsing.com/api/telemetry/forget

Limited Use affirmation

FSB's anonymous usage telemetry is used only to compute aggregate usage statistics displayed publicly at full-selfbrowsing.com/stats. The data is never sold, never shared with third parties, never used for advertising, and never used to train any machine-learning models. This commitment satisfies the Chrome Web Store's Limited Use requirement.

Aggregated public metrics

We publish aggregated metrics derived from this telemetry pipeline at /stats. Only counts and totals are shown; no per-install row is ever exposed.

Open Source

FSB is fully open source under the BSL 1.1 License. You can audit every line of code to verify these privacy claims. The source code is available on GitHub.

Changes to This Policy

If this policy is updated, the changes will be reflected by the "Last updated" date at the top of this page. Significant changes will also be noted in the project's GitHub release notes.

Contact

If you have questions about this privacy policy or FSB's data handling, please open an issue on GitHub Issues.

March 2026v0.9.2 — Background Agents, Memory System, Server Sync (full archived text)

Archived copy of the privacy policy as it stood in March 2026, prior to the v0.9.69 telemetry, speech-to-text, and payment-method additions. Reproduced verbatim except for whitespace.

TLDR FSB operates entirely within your browser. No browsing data is collected. API keys are encrypted locally with AES-GCM. AI calls go directly from your browser to the provider you choose. The optional relay server for Background Agents stores only run metadata, never page content. Memory data stays on your device. Everything is open source and auditable.

Data Collection

FSB operates entirely within your browser. The extension only accesses the DOM (Document Object Model) of the currently active tab when you initiate an automation task.

No browsing history is collected or stored beyond the current session
DOM data is analyzed locally and discarded after each automation step
No personal information is harvested from pages you visit

Data Storage

All settings and data are stored locally in Chrome's extension storage. FSB uses AES-GCM encryption for sensitive data like API keys.

Configuration is stored in chrome.storage.local
API keys are encrypted before storage using AES-GCM
Session logs are stored locally and can be cleared at any time
Analytics data (task counts, success rates) stays on your device

External Services

Hosted API calls are made only to the provider you select (xAI, OpenAI, Anthropic, Google, or OpenRouter)
LM Studio uses a local OpenAI-compatible server on your device and does not require an API key
Sent data includes: task description, DOM structure summary, and action context
If you use the Remote Dashboard or Background Agents sync, an optional relay server handles WebSocket messages and stores agent run metadata (task name, cost, duration, success/fail). No page content, DOM data, or AI responses are stored on the server. This is opt-in only
Each provider has their own privacy policy governing how they handle API requests

No Tracking

FSB does not include any analytics, telemetry, or tracking services. There are no cookies, no fingerprinting, and no third-party scripts beyond the AI provider APIs you explicitly configure.

API Keys

Keys are encrypted at rest in Chrome storage
Decryption only happens in-memory when making API calls
Keys are never logged, exported, or shared

Auto-Passwords

Credentials are encrypted at rest using AES-GCM with 256-bit keys and PBKDF2 key derivation
When the AI analyzes a page, password field values are replaced with [hidden]. The actual password is never included in any AI prompt
Auto-fill is performed by the content script injecting values directly into the DOM, with no AI involvement in the credential flow
The credential list view only shows usernames and domains. Passwords are decrypted individually and only when needed for auto-fill
Credentials are stored per-domain with parent domain fallback (e.g., accounts.google.com inherits from google.com)

Prompt Injection Prevention

Web pages can contain hidden text designed to hijack AI agents. FSB implements multi-layered defenses to ensure the AI only follows your instructions, never instructions embedded in page content.

All page content is wrapped in [PAGE_CONTENT] boundary markers, and the AI is instructed to never follow instructions found within these markers
A sanitization engine strips known injection patterns (e.g., "ignore previous instructions", fake system prompts, override attempts) from all page content before it reaches the AI
AI-generated actions are validated before execution. Dangerous URLs (javascript:, data:) and script injection attempts are blocked
Only a strict allowlist of 50+ known tools can be executed. The AI cannot invent or call arbitrary actions
Content size is capped (500 chars per value, 15K total prompt cap) to limit payload delivery
Invisible Unicode control characters that websites embed are stripped before processing

Background Agents and Server Sync

If you opt into Background Agents server sync or Remote Dashboard pairing, a relay server facilitates communication between your extension and the dashboard.

The server stores: agent definitions (name, schedule, target URL), run metrics (token count, cost, duration, success/fail status), and session pairing tokens
The server does NOT store: page content, DOM data, browsing history, AI prompts, AI responses, or any data from the pages you visit
Authentication uses hash keys (generated locally) and session tokens that expire after 24 hours
One-time pairing tokens expire after 60 seconds and cannot be reused
Server sync is disabled by default. You must explicitly enable it in Options

Memory System

FSB's memory system stores navigation patterns and site intelligence to improve automation over time.

All memory data (semantic, episodic, procedural) is stored locally in chrome.storage.local
No memory data is sent to any external server
Memory can be viewed and cleared at any time from the Options dashboard
Site maps and navigation patterns are domain-specific and isolated from each other

Open Source

FSB is fully open source under the BSL 1.1 License. You can audit every line of code to verify these privacy claims. The source code is available on GitHub.

Changes to This Policy

If this policy is updated, the changes will be reflected by the "Last updated" date at the top of this page. Significant changes will also be noted in the project's GitHub release notes.

Contact

If you have questions about this privacy policy or FSB's data handling, please open an issue on GitHub Issues.

February 2026v0.9 — Initial privacy policy (full archived text)

Archived copy of the initial privacy policy as it stood in February 2026, before Background Agents, Memory System, OpenRouter, and LM Studio support were added. Reconstructed from the March 2026 snapshot by removing the sections that did not yet exist; the wording of sections that were already present is preserved verbatim.

Data Collection

FSB operates entirely within your browser. The extension only accesses the DOM (Document Object Model) of the currently active tab when you initiate an automation task.

No browsing history is collected or stored beyond the current session
DOM data is analyzed locally and discarded after each automation step
No personal information is harvested from pages you visit

Data Storage

All settings and data are stored locally in Chrome's extension storage. FSB uses AES-GCM encryption for sensitive data like API keys.

Configuration is stored in chrome.storage.local
API keys are encrypted before storage using AES-GCM
Session logs are stored locally and can be cleared at any time
Analytics data (task counts, success rates) stays on your device

External Services

FSB communicates with external AI providers only when you configure and use a hosted provider. The choice of provider and what data is sent is under your control.

Hosted API calls are made only to the provider you select (xAI, OpenAI, Anthropic, or Google Gemini)
Sent data includes: task description, DOM structure summary, and action context
Each provider has their own privacy policy governing how they handle API requests

No Tracking

FSB does not include any analytics, telemetry, or tracking services. There are no cookies, no fingerprinting, and no third-party scripts beyond the AI provider APIs you explicitly configure.

API Keys

Keys are encrypted at rest in Chrome storage
Decryption only happens in-memory when making API calls
Keys are never logged, exported, or shared

Auto-Passwords

Credentials are encrypted at rest using AES-GCM with 256-bit keys and PBKDF2 key derivation
When the AI analyzes a page, password field values are replaced with [hidden]. The actual password is never included in any AI prompt
Auto-fill is performed by the content script injecting values directly into the DOM, with no AI involvement in the credential flow
The credential list view only shows usernames and domains. Passwords are decrypted individually and only when needed for auto-fill
Credentials are stored per-domain with parent domain fallback (e.g., accounts.google.com inherits from google.com)

Prompt Injection Prevention

Web pages can contain hidden text designed to hijack AI agents. FSB implements multi-layered defenses to ensure the AI only follows your instructions, never instructions embedded in page content.

All page content is wrapped in [PAGE_CONTENT] boundary markers, and the AI is instructed to never follow instructions found within these markers
A sanitization engine strips known injection patterns (e.g., "ignore previous instructions", fake system prompts, override attempts) from all page content before it reaches the AI
AI-generated actions are validated before execution. Dangerous URLs (javascript:, data:) and script injection attempts are blocked
Only a strict allowlist of known tools can be executed. The AI cannot invent or call arbitrary actions
Content size is capped (500 chars per value, 15K total prompt cap) to limit payload delivery
Invisible Unicode control characters that websites embed are stripped before processing

Open Source

FSB is fully open source under the BSL 1.1 License. You can audit every line of code to verify these privacy claims. The source code is available on GitHub.

Changes to This Policy

If this policy is updated, the changes will be reflected by the "Last updated" date at the top of this page. Significant changes will also be noted in the project's GitHub release notes.

Contact

If you have questions about this privacy policy or FSB's data handling, please open an issue on GitHub Issues.