Naranjo
Privacy Policy — Last updated: April 2, 2026
Privacy Policy — Last updated: April 2, 2026
Naranjo ("the Extension") is a browser extension that processes selected text using AI language models. This policy explains what data the Extension accesses, how it is used, and what is stored.
When you invoke a Naranjo action, the text you have selected on a webpage is sent directly to the AI provider you have configured. This text is never sent to Naranjo's developers — it goes only to the provider endpoint you specify in settings. For Ollama specifically, the destination depends on your configuration: if no cloud API key is set, requests are sent to your local Ollama server (http://localhost:11434) and no data leaves your machine; if you configure an Ollama cloud API key in settings, requests are routed to ollama.com's API instead.
If you configure a cloud AI provider, you supply your own API key. These keys are stored exclusively in Chrome's local extension storage (chrome.storage.local) on your own device. They are never transmitted to Naranjo's servers (which do not exist) or any third party other than the respective provider's API endpoint.
The Extension injects a content script on all pages to enable the quick-menu overlay and keyboard shortcuts. It reads the current page's selected text only when you explicitly trigger an action. It does not read page content passively, track URLs, or monitor your browsing history.
A log of recent actions (context name, input text snippet, status) is stored locally in chrome.storage.local to populate the Activity tab in the popup. This data never leaves your device.
Naranjo routes your requests to the AI provider(s) you configure. Each provider has its own privacy policy and data handling practices:
| Provider | Privacy Policy |
|---|---|
| Ollama | Local mode (default): runs entirely on your machine — no external data transfer. Cloud mode: if you configure an Ollama cloud API key in settings, requests are sent to ollama.com and are subject to their privacy policy. |
| OpenAI | openai.com/policies/privacy-policy |
| Anthropic | anthropic.com/privacy |
| Google Gemini | policies.google.com/privacy |
| Mistral AI | mistral.ai/terms/#privacy-policy |
| xAI (Grok) | x.ai/privacy-policy |
| DeepSeek | deepseek.com/en/privacy_policy |
By configuring a cloud provider, you actively consent to your selected text being sent to that provider's API endpoint over an encrypted HTTPS connection. You agree to that provider's terms and privacy policy. Naranjo's developers have no access to this data.
The Extension requests the following Chrome permissions:
| Permission | Reason |
|---|---|
storage | Save your provider configurations, custom contexts, and activity log locally |
contextMenus | Add Naranjo actions to the right-click context menu |
activeTab / tabs | Read selected text and inject response overlays into the active tab |
scripting | Inject the content script for the quick-menu overlay |
http://localhost:11434/* | Allow requests to a locally running Ollama instance on its default port. No data leaves your machine. |
https://ollama.com/* | Used in Ollama cloud mode: fetch the list of available models and send prompts to the Ollama cloud API when a cloud API key is configured. Not contacted in local mode. |
https://api.openai.com/* | Send requests to OpenAI when you have that provider enabled. |
https://api.anthropic.com/* | Send requests to Anthropic when you have that provider enabled. |
https://generativelanguage.googleapis.com/* | Send requests to Google Gemini when you have that provider enabled. |
https://api.mistral.ai/* | Send requests to Mistral AI when you have that provider enabled. |
https://api.x.ai/* | Send requests to xAI (Grok) when you have that provider enabled. |
https://api.deepseek.com/* | Send requests to DeepSeek when you have that provider enabled. |
All data (provider configs, API keys, custom prompts, activity log) is stored in Chrome's local extension storage. You can delete it at any time by:
All requests from Naranjo to cloud AI providers are transmitted over encrypted HTTPS/TLS connections. API keys and configuration data stored in chrome.storage.local are protected by Chrome's built-in storage isolation — they are inaccessible to other extensions or websites.
Naranjo's developers and maintainers have no ability to access, view, or retrieve any data stored on your device or sent to your configured AI providers.
Naranjo's use of data complies with the Chrome Web Store Limited Use Policy. Specifically:
Because Naranjo stores all data locally on your device and does not transmit it to the extension's developers, we do not hold any personal data about you. However, you retain the following rights:
To exercise any rights related to data held by a third-party AI provider, please refer to that provider's privacy policy directly.
The Extension is not directed at children under 13 (or under 16 in the EU/EEA). We do not knowingly process data from children. If you believe a child has used this Extension to send data to a third-party AI provider, please contact that provider directly to request deletion.
If this policy changes materially, the updated date at the top of this document will be revised. Continued use of the Extension after changes constitutes acceptance of the new policy.
For questions or concerns about this privacy policy, please open an issue on the project's GitHub repository.