Privacy Policy — Frevana Companion (Browser Extension)
1. Who we are
Frevana ("we", "us", "the extension") is developed by Finpeak, Inc., operating under the Frevana brand. The extension is distributed through the Chrome Web Store and connects to the following components:
- Frevana Desktop, a separately-installed native application that exposes an MCP server to local AI assistants.
- frevana.com, our web marketing site and subscription management backend.
- static.frevana.com, our CDN for provider selector configuration files.
- api.frevana.com, our subscription and scrape error monitoring API (authenticated users only).
This policy covers all of the above.
2. What this extension does with your data — short version
Your AI questions, the answers you get back, and the web content you scrape stay on your computer. We do not upload your conversations, your browsing history, your tab contents, or your AI provider session cookies to our servers.
The only data that leaves your browser is:
- Versioned config file downloads from
static.frevana.com(plain GETs, no user data sent). - If you opt in to a paid subscription: your email address, sent once during Sign-In, and periodic subscription status lookups against
api.frevana.comauthenticated with a short-lived token. - If you encounter a scrape failure while signed in: a minimal error report (provider name, error message, sample URL) sent to
api.frevana.com/api/v1/scrape-monitor/errorso we can alert ourselves about broken selectors. User-identifiable content (your actual question, the AI's answer, cookies) is never included.
3. Data stored locally only
The extension uses chrome.storage.local to persist:
- Your preferences (concurrency, default delay, providers selected, screenshot quality).
- The in-progress run state (queued prompts, completed prompts, error details).
- Captured Q&A history (prompts, responses, cited URLs, timestamps, screenshot file references).
- Cached provider selector configuration.
- Site permission grants (which AI sites you have approved).
- Authentication tokens for paid subscribers (only if signed in).
- Rolling log buffer of recent extension activity (300 lines max).
None of this data is transmitted off your device by the extension.
4. Data saved to your Downloads folder
When you click Export, the extension writes files to your browser's Downloads folder — JSON / CSV / Markdown bundles and screenshot images. These files are created by Chrome under your direct instruction and are not uploaded anywhere by the extension.
5. Data sent to Frevana servers
Only the following traffic is initiated by the extension:
| Destination | When | What we send | What we receive |
|---|---|---|---|
static.frevana.com | On startup and every 6h via alarms | No body, no auth | Versioned JSON selector config |
Google chrome.runtime.requestUpdateCheck() | Every 6h via alarms | No body | Extension update manifest |
api.frevana.com/auth/* | Only if the user signs in | Google OAuth token, email | Subscription record |
api.frevana.com/api/v1/scrape-monitor/error | On scrape failure, authenticated users only | Provider name, error message, sample URL | 200 OK |
We do not send: your questions, AI responses, scraped page content, tab URLs outside of what is listed above, cookies, keystrokes, clipboard, or any analytics beacons.
6. Data sent to AI providers
When you run a prompt, the extension types your question into the provider's own web UI (ChatGPT, Gemini, DeepSeek, Doubao, Perplexity). Your question and conversation is therefore subject to that provider's privacy policy, not ours. Frevana is not a proxy — we do not see, store, or intercept the traffic between your browser and the AI provider.
7. Data sent to social networks
When you use the publish feature, the extension types your post text or HTML into LinkedIn, X (Twitter), or Facebook's own composer UI. The post is then submitted through your own logged-in session. Frevana does not post through our servers and does not retain the content after a successful publish.
8. Native messaging data flow (Frevana Desktop)
This extension is the browser arm of Frevana Desktop, a separately-installed native application available at https://www.frevana.com/onboarding. The extension and the desktop app communicate over Chrome's native-messaging API via the host named com.frevana.daemon. The channel is a local IPC pipe managed by Chrome; it does not traverse any network.
Messages on this channel carry the following kinds of data:
- Scrape requests — prompt text plus the target AI provider, sent by the desktop app when you (or an MCP-compatible local AI assistant speaking through Frevana Desktop's MCP server) ask it to run a web query on your behalf.
- Scrape results — the extracted AI response plus any cited URLs, sent back to the desktop app.
- Screenshot requests / results — binary screenshot payloads of rendered AI answers.
- Authentication token — a short-lived bearer token the desktop app passes to the extension so the extension can validate the user's Frevana subscription status for gated actions.
- Heartbeat / connection status — small ping/pong messages containing no user data.
All of the above stays on the user's machine. Frevana's servers are only contacted for the narrow cases documented in section 5 (config fetch, subscription validation, optional scrape error monitoring), and those HTTPS requests happen whether or not the desktop app is running.
If you have not installed Frevana Desktop, the native-messaging connection fails silently and the extension will not attempt to reach the host again until it detects the host is present. The extension remains installed and signed-in users retain access to account and preference management, but the core product workflow (driven from the desktop app) is unavailable until the desktop app is installed.
9. Third-party services
- AI providers (OpenAI, Google, Anthropic, DeepSeek, ByteDance/Doubao, Perplexity): see each provider's own privacy policy for how they handle your prompts.
- Social networks (LinkedIn, X, Facebook): see each network's privacy policy for how they handle your posts.
- Amazon Rufus: see Amazon's privacy policy. Frevana only reads the streaming response of the Rufus API that Amazon itself is already rendering to your browser window.
- Google Sign-In: used only by paid subscribers, via the standard OAuth flow. See Google's privacy policy.
10. What we do NOT do
- We do not sell, rent, or share your data with advertisers, data brokers, or any third party.
- We do not run analytics beacons (Google Analytics, Mixpanel, Amplitude, PostHog, etc.) from inside the extension.
- We do not fingerprint you.
- We do not track your browsing history or the tabs you open manually.
- We do not read your clipboard.
- We do not weaken the security posture of the sites you visit beyond the narrowly-scoped technical workarounds documented in our permissions justification.
- We do not train machine learning models on your data. Frevana does not have machine learning models.
11. Your rights
- Access, export, delete: All stored Q&A data is visible in the extension's options page under "History". You can export or delete individual records or clear all data at any time. For
chrome.storage.localdata, uninstalling the extension removes everything. - Revoke site permissions: The options page lists every site Frevana has permission to run on. Click revoke at any time.
- Stop native messaging: Quit Frevana Desktop. The extension stops communicating with the desktop app immediately; no data remains in flight. The extension itself stays installed — you can re-launch Frevana Desktop at any time to resume.
- Delete your account (paid subscribers): Email [email protected] from the address you signed in with. We will confirm deletion within 30 days and remove your subscription record, authentication history, and any server-side account data.
12. Children
Frevana is not intended for children under 13. If you are a parent or guardian and believe your child has provided us with personal information, contact us at [email protected].
13. Changes to this policy
We will update the "Last Updated" date above when this policy changes. Material changes (new data collection, new third-party integrations) will be announced in the extension's update notes.