← Back to urchinbot

Privacy Policy

Last updated: March 14, 2026

Overview

urchinbot is a local-first Chrome extension. Your data stays on your device. We do not collect, store, transmit, or sell any personal information or usage data.

Data Storage

All data generated by urchinbot is stored locally on your device using chrome.storage.local. This includes:

• Chat history and conversation memory
• User profile (auto-extracted preferences)
• Session summaries
• Learned skills and their scores
• Project plans and milestones
• Embedding cache for semantic search
• Background task queue
• Wallet watchlist and activity tracking data
• Token scan history and entry prices
• Deployer wallet (private key encrypted with AES-256-GCM using your PIN)
• Extension settings (API keys, model preferences)

None of this data is sent to urchinbot developers or any third party. You can view and wipe all stored data at any time using the brain icon in the extension.

Deployer Wallet Security

If you use the pump.fun trading features, your deployer wallet's private key is encrypted using AES-256-GCM with a key derived from your PIN via PBKDF2. The plaintext private key is never stored — it is decrypted in memory only when you authorize a transaction with your PIN, then discarded. Transactions are signed locally in your browser using Ed25519 (tweetnacl) and broadcast directly to your Solana RPC endpoint. urchinbot never has access to your main wallet's private key.

External API Calls

urchinbot makes requests to external services only when you use features that require them. These calls are made directly from your browser to the service provider — urchinbot has no intermediary server.

• Your LLM provider (Ollama, Groq, Google AI Studio, Cerebras, OpenAI, Anthropic, OpenRouter, or any OpenAI-compatible endpoint) — sends your messages and conversation context to generate AI responses. Configured by you in Settings. Ollama runs entirely locally on your machine.
• OpenAI Embeddings API — sends short text snippets (max 2000 chars each) to generate embedding vectors for semantic memory search. Only used with OpenAI-compatible providers.
• DuckDuckGo — web search queries when you ask the agent to search the web.
• Jupiter API (jup.ag) — Solana token price lookups.
• DexScreener API — token market data (volume, liquidity, pair age, charts).
• Solana RPC (Helius, QuickNode, or your configured provider) — on-chain data: token holders, wallet balances, transaction history, and pump.fun trade execution.
• Pump.fun API — token metadata uploads (name, symbol, image) during token deployment. Trade transactions go through your Solana RPC, not the pump.fun API.
• Twitter/X API — profile lookups, tweet search, and user tweet history for research and sentiment analysis. Uses guest token authentication; no Twitter API key required.
• Netlify API — site deployment, listing, and deletion. Only used if you configure a Netlify token and use the site builder.

Each of these services has its own privacy policy. urchinbot sends only the minimum data required for the request (e.g., a search query, a token address, or your conversation context for LLM calls).

API Keys

Your API keys (LLM provider, Solana RPC, Netlify) are stored locally in chrome.storage.local on your device. They are sent only to their respective service endpoints and are never transmitted to urchinbot developers or any other party.

Analytics & Tracking

urchinbot includes zero analytics, zero telemetry, and zero tracking. No usage data, crash reports, or behavioral data is collected. There are no cookies, no fingerprinting, and no third-party analytics scripts.

Data Collection

urchinbot does not collect any data. Specifically:

• No personal information is collected
• No browsing history is collected
• No usage patterns are tracked
• No data is sold to third parties
• No data is shared with third parties for advertising
• No data is used for purposes unrelated to the extension's core functionality

Page Content Access

urchinbot reads page content (URL, visible text, selected text) from your active tab to provide context-aware responses. This data is processed locally and sent only to your configured LLM provider as part of the conversation context. It is not stored beyond your local chat history.

Permissions

• activeTab — reads the current page URL and content for context-aware AI responses
• storage — stores settings, chat history, and memory locally on your device
• contextMenus — adds right-click options to send text, links, or images to the AI assistant
• tabs — captures screenshots for visual analysis and delivers background results to the correct tab
• scripting — injects the overlay UI and captures screenshots
• alarms — schedules background tasks, monitors, and reminders
• notifications — delivers results from background tasks and alerts via Chrome notifications
• sidePanel — provides a Chrome side panel UI as an alternative to the overlay
• host_permissions (<all_urls>) — allows the overlay to appear on any webpage and makes API requests to external services listed above

Children's Privacy

urchinbot is not directed at children under 13. We do not knowingly collect any information from children.

Changes to This Policy

If this privacy policy is updated, the changes will be reflected on this page with an updated date. Continued use of the extension after changes constitutes acceptance of the revised policy.

Contact

For questions about this privacy policy, contact us on X/Twitter (@urchinbot) or open an issue on GitHub.