structuredqueries-server Privacy Policy

Request Timing

When network requests happen

The landing page does not load the embedded plugin UI until you explicitly click Open web client.
The Chrome extension does not create its local browser session id until you explicitly open the plugin UI.
After you open the UI, the client may call /api/health, restore an existing auth session, and check previously saved analysis status.
Voice list requests are deferred until setup or settings need them.
No voice websocket connection is opened until you explicitly start voice chat.

Extension Permissions

activeTab: lets the extension work with the active HTTP or HTTPS tab after you invoke it.
scripting: injects the overlay content script into the active page on demand.
storage: stores local session state, selected settings, cached analysis state, and pending request state in the browser.
identity: supports the optional Continue with Samsar One sign-in flow inside Chrome.
https://structurequeries.samsar.one/*: the only backend host permission used for API and websocket traffic.

Data Sent

Setup and account actions can send a locally generated browser session id and, if you enter them, your display name, email, username, selected language, and selected voice.
Authenticated actions can send a Samsar auth token or an external-user API key so the backend can provision sessions, bill usage, and open recharge links.
Page analysis sends the page URL, browser session id, billing credential, and the selected maximum prepare-credit cap.
Voice chat sends the browser session id, assistant session id, page URL, analysis template id, selected language, selected voice, and recorded audio only after you start voice.
The current implementation no longer sends page titles, extension ids, or browser user-agent strings from the plugin UI where they are not required for functionality.

Local Storage

The extension stores its state in chrome.storage.local, including the browser session id, registration state, selected language and voice, analyzed-page cache, prepare-page settings, and pending prepare requests.
The web client stores equivalent state in localStorage, including the auth token, browser session id, registration state, selected language and voice, page state, and prepare-page settings.
That local state stays in your browser until you sign out, clear site data, or remove the extension data.

Processors

Samsar handles user auth, session provisioning, billing-linked browser sessions, and grounded assistant retrieval.
Firecrawl is used during page preparation to crawl and extract public webpage content when configured.
ElevenLabs is used for voice listing, transcription, and speech synthesis when configured.

Deep Analysis Cache

When you prepare a page for deep analysis, the backend creates embeddings from the prepared document content and caches them server-side so the page does not need to be prepared again for each follow-up question.
By default, that server-side embeddings cache is kept for 1 hour.
If you change the caching time in settings, the cache can be kept longer, up to 1 day in the current implementation.
After the selected cache time expires, the cached embeddings are deleted and the page must be prepared again before further grounded analysis can continue.

Retention

This template only defines the browser-side storage listed above. Server-side retention depends on how you configure and operate the backend and the third-party services it calls.
This app uses third-party APIs internally and externally, and those providers may apply their own data retention policies to requests, responses, logs, or derived records handled by their systems.
If you adapt this template for production, you should review your backend logs, billing records, and third-party retention settings and update this policy to match your deployment.