Privacy Policy for AI Portalize

Last updated: June 24, 2026

1. Introduction

AI Portalize ("we", "our", or "us") is a Chrome extension that helps organizations track AI tool usage statistics. This Privacy Policy explains how we collect, use, and protect your information when you use our extension.

2. Data Collection

2.1 What We Collect

This extension collects the following data:

• URLs of network requests to Gemini and NotebookLM services
• Timestamps of API calls
• Message counts for each AI service
• Basic usage event metadata, such as the AI service name (e.g. "gemini", "notebooklm"), event type (e.g. "message"), the AI tool page URL (for example, a chat thread URL), the internal API endpoint URL used to send the message, and the numeric tab identifier used by Chrome
• Tool registration and synchronization metadata for Gemini Gems and NotebookLM Notebooks. When you are signed in and open a supported Gem/Notebook detail page, the tool URL may be sent to AI Portal to check registration status. When you visit the Gemini Gem manager page (/gems/view), the URLs of all visible Gems may be sent in a batch request to check their registration status. When you choose to register or open a tool, the tool URL is passed, and for registration flow the tool name/title, tool description (if available), selected default tool tags (if available), and tool type ("gem" or "notebooklm") may also be passed. If the extension detects a source-service deletion to synchronize with AI Portal, it may also process deletion time and retry/access-denied count where applicable.
• Signed-in launcher data retrieved from AI Portal for the extension popup, such as your favorite tools, favorite tool tags, and recently used tools
• Account information you provide when signing in, such as your email address and organization identifier, which are used to associate usage statistics with your AI Portal account and organization

2.2 What We Do NOT Collect

We explicitly do NOT collect:

• Full request or response body content. For Gem and Notebook deletion synchronization only, the extension reads a limited request form field from specific Google batch API requests to identify the deleted tool ID; it does not store full request bodies or message content.
• Conversation content or messages
• Additional personal information not listed in section 2.1 (such as physical address, phone number, payment information, or government identifiers)
• Browsing history (except URLs of tracked AI tool pages)
• Passwords (your password is transmitted over HTTPS to the AI Portal backend only for authentication when you choose to sign in; the extension does not store your password. Authentication tokens are stored only in your browser and are used only to communicate with the AI Portal backend)
• Data from websites other than Gemini and NotebookLM

3. Purpose of Data Collection

Data is collected for the following purposes:

• Track AI tool usage statistics for organizational insights
• Generate usage reports and analytics
• Help organizations understand AI tool adoption and usage patterns
• Register and synchronize Gemini Gems and NotebookLM Notebooks with your organization's AI Portal
• Synchronize tool deletions when a Gem or Notebook is deleted from the source service
• Show organization mailing list addresses in Gemini and NotebookLM share dialogs for faster sharing
• Show signed-in launcher data in the extension popup, such as favorite tools, favorite tags, and recently used tools

4. Data Storage

4.1 Local Storage

Data is stored in your browser using Chrome's extension storage APIs. This includes message counts per AI service and a queue of usage events to be synced when you are signed in (service name, event type, timestamps, AI tool page URL, internal API endpoint URL, and tab identifier). If a Gem or Notebook deletion cannot be synced immediately, the extension may also store a pending deletion sync queue locally, including the tool URL, tool type, deletion time, queue time, and retry/access-denied count.

For Gems and Notebooks, the extension may send limited tool metadata to AI Portal in the following cases: (1) when a signed-in user opens a supported Gem/Notebook detail page, the tool URL is sent to check registration status; (2) when a signed-in user visits the Gemini Gem manager page (/gems/view), the URLs of all visible Gems are sent in a batch request to check their registration status; and (3) when the user chooses to register or open a tool, the tool URL (and for registration flow, tool name/title, tool description if available, selected default tool tags if available, and tool type) is passed. This metadata is not stored in Chrome extension storage by this extension.

When a signed-out user initiates a share or register action, a pending portal navigation URL (aiPortalizePendingNavigation) is stored locally so the user can be redirected to the intended AI Portal page after signing in.

Authentication tokens (access and refresh tokens) and certain preferences (such as whether monitoring is enabled) are stored using Chrome sync storage so they may be available across your Chrome profiles/devices where sync is enabled. Pending usage events are stored in local extension storage on the device where they were captured.

When you are signed in, the extension popup may also retrieve limited launcher data from AI Portal, such as your favorite tools, favorite tags, and recently used tools, so it can display quick-access links in the popup. This launcher data is requested from the AI Portal backend when needed and is not persisted in Chrome extension storage by this extension unless separately covered above.

4.2 Backend Storage (Optional)

If you consent to sync data to our backend server, data will be:

• Transmitted securely via HTTPS
• Stored and protected using access controls appropriate for operating the service

To help operate and improve the service, the extension may also send limited technical information such as an extension identifier or version in HTTP headers when communicating with the AI Portal backend. These technical headers do not include personal data and are used only for diagnostics, compatibility, and security purposes.

When you sign in with your AI Portal account, we also store your email address, organization identifier, and a persistent account identifier so that we can associate usage statistics with your organization. We retain this account data and associated usage statistics for as long as your account or organization remains active, subject to any legal or contractual retention requirements.

5. Data Sharing

We share data only in the following circumstances:

• Organization Administrators: If you are part of an organization, aggregated usage statistics may be shared with authorized administrators within your organization
• Service Providers (Subprocessors): We may use third-party service providers to host and operate the AI Portal backend (for example, cloud hosting, databases, and logging/monitoring needed to keep the service reliable). These providers may process the data described in Section 2.1 only on our instructions and under data processing agreements.
• Legal Requirements: We may disclose your information if required by law, regulation, legal process, or government request (for example, to comply with a subpoena or court order, or to protect our legal rights).

5.1 Categories of Third Parties

When backend sync is enabled, the categories of third parties that may receive or process data are limited to:

• Cloud infrastructure and hosting providers: to run the backend API and store synced usage events and aggregated statistics
• Error logging / monitoring providers (optional): to detect outages and diagnose failures (for example, request IDs, timestamps, and high-level error details). We do not intentionally include message content in these logs.

We do not share the contents of your AI conversations or message text because the extension does not collect them (see Section 2.2).

5.2 International Data Transfers

Our backend servers may be located in regions outside your country of residence. When you enable backend sync, your data may be transferred to and processed in these locations. We ensure appropriate safeguards are in place to protect your data during international transfers.

We do NOT:

• Sell your data to third parties
• Use your data for advertising purposes
• Share your data with data brokers
• Use your data for credit determination or lending purposes

6. User Rights

You have the following rights regarding your data:

• Opt-out: You can disable AI usage message monitoring at any time through the extension settings. Other signed-in features, such as checking tool registration status, retrieving launcher data for the popup, or retrieving organization mailing list settings, may still run when you use those features.
• Access: You can view your usage statistics at any time in the extension popup or options page
• Export Data: You can request a copy of your data by contacting us
• Deletion: You can request deletion of your account and associated data by contacting us. We will delete your personal information within 30 days (see Section 6.1 for details).
• Correction: If your personal information is inaccurate or incomplete, you may request that we correct or update it.
• Data Portability: You have the right to receive your data in a structured, commonly used format.
• Account Support: You can contact us using the information in Section 12 if you have questions about your account or data associated with backend sync.

For EU/EEA residents: You have additional rights under GDPR, including the right to object to processing, restrict processing, and lodge a complaint with your local data protection authority.

6.1 Data Retention and Deletion

Retention depends on whether you use backend sync:

• Local-only usage: Data stored in Chrome storage remains on your device until you uninstall the extension. Uninstalling the extension permanently removes all local data.
• Backend sync enabled: We retain account identifiers (such as email and organization identifier) and aggregated usage statistics for as long as your account or organization remains active.
• Account deletion: If you request account deletion, we will permanently delete your personal data (email, account identifier) and associated usage events within 30 days. Aggregated, anonymized statistics that cannot be linked back to you may be retained for analytics purposes.
• Operational logs: System logs used for reliability and debugging (which may include timestamps, request paths, and error details) are retained for a limited period, typically up to 30 days, and then automatically deleted.

7. Security

We implement the following security measures:

• All data transmission uses HTTPS encryption
• Chrome extension storage is isolated to the extension and the user's browser profile
• Access controls limit who can view organizational data
• We apply security updates as needed to maintain service reliability

8. Permissions

This extension requires the following permissions:

• webRequest: To monitor network requests to Gemini and NotebookLM services on the following URL patterns (*://gemini.google.com/_/BardChatUi/* and *://notebooklm.google.com/_/LabsTailwindUi/*). We inspect POST requests to specific StreamGenerate endpoints for message counting, and read limited request form fields from batchexecute API requests only to detect Gem or Notebook deletion/update IDs; we do not store full request/response bodies or conversation content. We also listen for batchexecute responses (onCompleted/onErrorOccurred) to confirm successful processing and clean up state on failure.
• storage: To store usage statistics, pending usage events, pending deletion sync items, authentication tokens, and preferences locally or in Chrome sync storage
• tabs: Used to query all open Gemini and NotebookLM tabs to broadcast auth state changes, to resolve the visible page URL when a message is sent (from the tab that triggered the request), and to send update/delete sync notices to the active Gemini or NotebookLM tab so the extension can refresh its in-page UI. The extension does not compute or store per-tab active time.

We only request host permissions for: (1) the AI services we track— gemini.google.com and notebooklm.google.com—and (2) the AI Portal backend (api.ai-portalize.com) for optional sign-in, usage sync, tool registration/deregistration (including batch registration status checks for the Gem manager page at /gems/view), launcher data retrieval for the popup (such as favorites, favorite tags, and recently used tools), mailing list settings retrieval, and statistics.

9. Limited Use Policy Compliance

The use of information handled by this extension complies with the Chrome Web Store User Data Policy, including the Limited Use requirements. We:

• Only collect data necessary for the extension's core functionality
• Do not sell or transfer user data to advertising platforms
• Do not use data for purposes unrelated to the extension's functionality
• Do not allow humans to read user data without explicit consent

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Updating the "Last updated" date at the top of this page
• Posting a notice in the extension if changes are significant

11. Contact Us