Permissions & Your Data

What permissions does Ask Steve ask for and how does it use your data?

Your Privacy

We take your privacy very seriously.

  • We don't track what websites you visit
  • We don't track what you're asking Steve for
  • We don't track the Skills that you create
  • We don't store your Google or other API Keys on our servers
  • You can read our full privacy policy here.

Extension Permissions

  • When you install Ask Steve it will ask for permission to "Read and change all your data on all websites". It needs this permission in order to be helpful on any web page. If you are uncomfortable with this then you should press Cancel and not install the extension.
  • You can go into chrome://extensions, select Ask Steve, and then under Site access control what sites you want to give Steve access to.

Your API Keys

  • Ask Steve asks you to enter your Google Gemini API Key and other LLM provider API keys so that it can connect to those providers.

These keys are stored in the extension's Local Storage on your computer and are not sent to Ask Steve's servers.

  • The API keys are only sent to the service provider in order to authenticate your requests.
  • The API Keys are not encrypted and are sent with every request to the service provider, so someone else with access to your computer could discover them.

Your Requests

The only data we capture when you make a request to an LLM service is the following:

  • Whether the call was successful or returned an error.
  • The hostname for the service (e.g. googleapis.com or openai.com)
  • A transient session identifier
  • Your Ask Steve user identifier

We pass your request on directly to the LLM service. Ask Steve doesn't store any details about your request except for what's noted above.

The LLM service may use your data for training or to make their products better. If you are on the QuickStart plan or are using the Google Gemini free tier, Google does reserve the right to use your data. If this concerns you, you should connect to a paid service or internal corporate service that explicitly states that they will not use your data. You can also conenct to a Local Model running on your own machine.