PassbackAI· privacy Open PassbackAI →

How PassbackAI handles your data

(Short answer: it doesn't.)

The whole thing in one paragraph

PassbackAI is a browser-only review surface for LLM responses. The website (passbackai.com) has no backend. The browser extension has no backend. There is no server, no database, no server-side storage. Your copied text moves from one tab in your browser to another tab in your browser, in RAM, and is cleared the moment the destination tab receives it. Nothing about you and nothing about your content leaves the machine you're sitting in front of. The website does send anonymous usage events to Vercel Analytics — page views, and aggregate counts like "a comment was added" or "export was copied" — but never the document, never the annotations, never anything you typed.

That paragraph is the whole product, and it's the whole privacy model. The rest of this page is just the cost of you not having to take our word for it.

What runs where

Two small content scripts run on every webpage you visit. They have to, because the value of PassbackAI is detecting when you copy a long response on any LLM chat — Claude, ChatGPT, Gemini, Perplexity today, and whatever launches next. We can't pre-list every chat tool that hasn't been invented yet. So the scripts run everywhere, and they do exactly two things:

  1. The first script wraps navigator.clipboard.writeText — the function any web page calls when it puts text on your clipboard. When that function is called with a string longer than 300 characters, the script forwards the text to the rest of the extension and lets the original write through unchanged. The whole thing is about a kilobyte.
  2. The second script listens for the copy event (you pressing ⌘C on a selection) and reads the same selection — same 300-character threshold. If the threshold is hit, it shows the toast you see in the bottom-right corner.

Neither script reads anything else from the page. Not the URL beyond location.hostname. Not your form input. Not your cookies. Not the rest of the DOM. Not your scroll position. Not the content you didn't copy.

What happens to your copied text

When you click "Review" on the toast, the extension opens passbackai.com in a new tab and hands the text to that tab through the browser's normal page-injection mechanism. The handoff is the only moment the extension and the passbackai.com tab talk to each other. The extension's in-memory copy of the text is cleared the instant the passbackai.com tab acknowledges it. passbackai.com itself runs entirely client-side: your annotations live in your browser's localStorage, on your machine, and nowhere else.

If you don't click "Review" — if you let the toast time out, or click ✕ — the captured text is dropped on the floor and never leaves the source tab.

The only thing PassbackAI remembers

One boolean per origin: whether you've clicked ✕ on the toast on this site. If you have, the toast stays quiet on that site for the rest of your browser session, then forgets. That's the entire persistent state of the extension.

We don't store: your copied text, your refined prompts, your annotations, your IP address, your browsing history, your tab state, your account (because there is no account), or which LLMs you use most. None of that touches a server because there is no server. Vercel Analytics does aggregate page-view frequency and usage counts — cookieless, no fingerprinting — but those numbers are never tied to you or your content.

What would have to change for PassbackAI to start collecting data on you

Source code edits in three places, plus a Chrome Web Store re-review (which exposes the change publicly), plus a public reversal of the privacy commitments above. None of those things can happen quietly. If they happen at all, you'll see them in the listing's update notes and in the extension's request for new permissions.

The hedge

"Don't you have to trust us anyway?" Sort of, yes. But the most important thing about the PassbackAI privacy model isn't a promise we make — it's a structural fact: there is no backend to lie about. We could not collect your data even if we wanted to, because we did not build the thing that would do the collecting. The whole project is shaped around making it expensive to ever break that. That's the design.