Permissions & Your Data

What permissions does Ask Steve ask for and how does it use your data?

We take your privacy very seriously.

Respect the user's privacy (see above)
Store as much data on the user's machine as possible
Connect directly to the LLM provider whenever possible
Be as transparent as possible about your data, how we use it, and where we send it (see below)
Ask Steve was created by Rajat Paharia who formerly worked at Google and IDEO.

When you install Ask Steve it will ask for permission to "Read and change all your data on all websites". It needs this permission in order to be helpful on any web page. If you are uncomfortable with this then you should press Cancel and not install the extension.
If you want to limit what sites Ask Steve can work on, you can go into chrome://extensions, press the Details button on the Ask Steve tile, and then under Site access control what sites you want to give Steve access to.
At any time you can disable Ask Steve via the toggle on the Manage Extensions page and enable it manually on sites you want to use it on.
In an enterprise deployment, your administrator can configure certain sites to be allowed/disallowed via the runtime_allowed_hosts and runtime_blocked_hosts keys in ExtensionSettings. You can use this to prevent Ask Steve from having access to sensitive internal pages.
The Ask Steve extension id on Chrome is: gldebcpkoojijledacjeboaehblhfbjg

Ask Steve asks you to enter your LLM provider API keys so that it can connect to those providers.

These keys are stored in the extension's Local Storage on your computer and are not sent to Ask Steve's servers.

The API keys are only sent to the service provider in order to authenticate your requests.
The API Keys are not encrypted and are sent with every request to the service provider, so someone else with access to your computer could discover them.

All other configuration data is stored in Local Storage on your computer. It is never stored anywhere else. This includes but isn't limited to:

When you are using Credits, your LLM requests are sent to to asksteve.to which proxies them to Google's Gemini or another provider. The Credits proxy doesn't look at or store your request, it just passes it through.
If you configure your own remote, on-premise or local model, we send your request directly to the LLM service provider.
If you are working with sensitive information and don't want to send it to a third party LLM, consider connecting Ask Steve to a Local Model, in which case nothing will leave your machine.

Ask Steve uses Firebase (from Google) for login and authentication. Requests are made to Google's servers (*.googleapis.com) when you login, create a new account, or visit any of the Settings pages.
We don't ask for or store any PII beyond what is provided at login.
This can be disabled for enterprise deployments.

Ask Steve loads various configuration files from quickstart.asksteve.to, including but not limited to:

models_new.json - contains all the model templates
skills.json - contains the out-of-the-box Agents
site-configs.json - contains data for whether to show various UI elements on certain sites
This can be disabled for enterprise deployments.

The LLM service may use your data for training or to make their products better.

If you are using Free Credits or are using the Google Gemini or Mistral La Plateforme free tier, they reserve the right to use your data.
If you are using Paid Credits, then YOUR DATA WILL NOT BE USED.
If this concerns you, you should connect to a paid, internal or local model that explicitly states that they will not use your data. You can do this for free.