Legal

Privacy Policy

We built TOSTask to help people understand privacy policies, so ours should be easy to read too. Here is exactly what we collect, why we collect it, and what we never touch.

Effective Date: June 1, 2026  ·  Last Updated: June 1, 2026

At a Glance

The short version

We do not collect anything about you personally. The only data we store is anonymous URL and analysis data used to speed up results. Here is how it breaks down.

No data

No personal data

We never collect your name, email, IP address, device info, or anything that could identify you as a person.

Anonymous

No accounts required

TOSTask works completely anonymously. There is no sign-up, no login, and no user profiles of any kind.

Local

Runs locally

Page detection runs on your machine. The extension checks URLs and certain page content locally, never sending it to our servers unless you click Analyze.

Cache

We cache URLs and analysis

To deliver results faster, we store the URL, domain, and Claude Haiku's analysis of a Terms of Service page in a database. This is not linked to you in any way.

1

Who we are

TOSTask is a Chrome browser extension and accompanying web service that analyzes Terms of Service and Privacy Policy documents using AI. The service is developed and operated by the individual developer behind TOSTask. Questions or concerns can be directed to tostask.help@gmail.com.

2

What the extension does on your device

The TOSTask extension runs a lightweight detection process on your device to identify when you are on a Terms of Service or Privacy Policy page. Here is exactly how that works:

  • The extension reads the current page URL and scans certain page contents (headings, body text patterns) using a local regex-based process.
  • This detection runs entirely on your machine. Nothing is sent to our servers during detection.
  • The extension does not monitor your browsing activity, take screenshots, record keystrokes, or observe anything other than what is needed to identify a TOS or Privacy Policy page.
  • The popup does not continuously check your screen. It only activates when the detection logic finds a match on the current page.

Analysis is only triggered when you explicitly click the "Analyze This Page" button. At that point, the visible text of the TOS page is sent to our server so it can be passed to the Claude Haiku AI model for analysis.

3

What data we collect and why

We collect a very small amount of anonymous data for one specific purpose: to make TOSTask faster for everyone.

What we store

  • The URL and domain of a Terms of Service or Privacy Policy page you analyzed
  • The Claude Haiku AI analysis result for that page
  • A timestamp indicating when the analysis was performed

Why we store it

This data is stored in a Supabase real-time database and used as a cache. When another user visits the same TOS page, we can return the cached analysis instantly instead of calling the Claude API again. This keeps the extension fast and reduces unnecessary AI processing.

This data is not linked to you in any way. We do not store any identifier that connects an analysis result to a specific person, device, browser session, or IP address. The URL and its analysis result are stored as a standalone record with no user context attached.

What we do not store

  • Your name, email address, or any contact information
  • Your IP address or approximate location
  • Your device type, operating system, or browser fingerprint
  • Your browsing history or any pages other than TOS pages you explicitly analyze
  • Any account credentials or payment information
  • Cookies, session tokens, or tracking identifiers of any kind
4

How your analysis request is processed

When you click "Analyze This Page," the following happens:

  • The extension extracts the visible text content of the TOS page you are on.
  • That text is sent to the TOSTask backend server, which is hosted on Railway.
  • Our server checks whether a cached analysis already exists for that URL in our Supabase database.
  • If a cached result exists, it is returned to you immediately with no AI call made.
  • If no cache exists, the text is forwarded to the Anthropic Claude Haiku API for analysis. The result is returned to you and stored in the cache for future use.

API credentials for Anthropic are stored server-side only and are never exposed to the browser extension. The extension itself contains no API keys.

5

Third-party services

TOSTask uses a small number of third-party services to operate. Each is used for a specific technical purpose only.

  • Anthropic Claude Haiku - Used to analyze Terms of Service documents. Only the text of the TOS page is sent. Anthropic's usage policies apply to their API. We do not send any personal user data to Anthropic.
  • Supabase - Used as a real-time database to cache anonymous URL and analysis records. No personal data is stored in Supabase.
  • Railway - Used to host the TOSTask backend server. Network traffic passes through Railway infrastructure but we do not store logs that include personal identifiers.

We do not use any advertising networks, analytics SDKs, social tracking pixels, or session recording tools.

6

Opt-out and user controls

We are currently building an opt-out option directly in the extension popup. This will allow users who do not want the extension's page detection to run to disable it with one click. We expect to ship this in a future update.

In the meantime, you can always disable or remove the TOSTask extension at any time through Chrome's extension management page (chrome://extensions). Removing the extension stops all activity associated with it immediately.

Because we do not collect any personal data, there is no personal data to request, correct, or delete. The only stored records are the anonymous URL-to-analysis cache entries, which are not linked to any individual.

7

Data retention

Cached analysis records (URL, domain, and analysis result) are retained in our database indefinitely unless the underlying Terms of Service page changes significantly, at which point we may update or remove the cached entry. Because these records contain no personal information, there is no specific retention period that applies to individuals under applicable privacy frameworks.

There are no user accounts, sessions, or personal records to delete or expire.

8

Children's privacy

TOSTask is not directed at children under the age of 13 and we do not knowingly collect any data from children. Because we collect no personal data from any user, this applies equally across all age groups. If you believe a minor has used the extension in a way that raises a concern, please contact us at tostask.help@gmail.com.

9

Security

We take reasonable steps to protect the data we do store. Our backend infrastructure is hosted on Railway with standard security practices in place. Supabase provides encrypted storage and secure access controls for our database. API keys and server credentials are never stored in the extension itself and are managed securely server-side.

No method of transmission over the internet or method of electronic storage is 100% secure. However, because we store no personal data, the impact of any potential security event is limited to anonymous cached analysis records.

10

Changes to this policy

If we make material changes to this Privacy Policy, we will update the "Last Updated" date at the top of this page. We will also make a reasonable effort to notify users through the Chrome Web Store listing or the extension itself. Continued use of TOSTask after a policy update indicates acceptance of the revised terms.

We will never change this policy in a way that introduces the collection of personal data without providing clear advance notice and, where required by law, obtaining consent.

11

Developer's note

TOSTask was built by a student developer with a genuine interest in making the web more transparent for everyday users. This privacy policy is written honestly and reflects how the product actually works. We are not a large corporation with legal teams optimizing language to obscure obligations. What you read here is what we actually do.

If something here seems unclear or if you have a question this policy does not answer, please reach out directly. We would rather clarify something than leave you guessing.

Plain summary: We cache anonymous analysis results to make the extension faster. We do not know who you are, we do not track you, and we do not sell anything. That is the whole story.

Questions about your privacy?

We are happy to answer any questions about how TOSTask handles data. Reach out directly and we will get back to you as soon as we can.

Contact Us