AI Matrx Logo

Privacy Policy

Last updated: May 8, 2026

AI Matrx ("we", "us") provides an AI-agent platform that you access through our website at https://www.aimatrx.com and through our Chrome extension "Matrx Extend" (the "Extension"). This Privacy Policy explains what information we collect, how we use it, where it goes, and how long we keep it. We do not sell your data, we do not run advertising, and we do not share your data with data brokers.

Questions, deletion requests, or anything else: email support@aimatrx.com.

1. Scope

This policy covers:

  • The AI Matrx web application at aimatrx.com.
  • The Matrx Extend Chrome extension, which runs an AI agent inside your browser and can read and act on the pages you choose to give it.
  • The optional Matrx Local desktop companion, when you install it and connect it to the Extension.

It does not cover third-party websites you visit or third-party services we link to. Each of those has its own policy.

2. Information we collect

2.1 Account information

When you sign up we collect the information you provide: email address, name (if you set one), profile information, and a password (which is stored, hashed, by our authentication provider Supabase — we never see your plain-text password).

The Extension stores your session locally on your device using Chrome’s built-in extension storage (chrome.storage.local). Refresh tokens are encrypted at rest with AES-GCM before being stored.

2.2 Content and prompts you send to agents

When you use the Extension or the web app to chat with an agent, the following is transmitted to our agent backend so the agent can reason over it:

  • The text of your messages and any files you attach.
  • For Extension chats, page context derived from the active browser tab: URL, page title, language, viewport dimensions, the visible text or rendered HTML/markdown, the accessibility tree, headings, links, page metadata (Open Graph, Twitter, canonical, JSON-LD, schema.org blocks), any text you have selected, and an inventory of forms / images / videos / audio elements present.
  • Prior messages in the same conversation, so the agent has continuity.
  • Limited orchestration metadata: the current tab id, window id, open-tab count, your admin status, your selected permission mode, which optional permissions you have granted, and your extension version.
  • Domain-scoped notes ("guidance") you have authored for the current site, which the Extension auto-attaches when you are on that site.

The agent backend then routes your request to a third-party large language model provider (see Section 3). Page content is processed solely to generate the agent’s response.

2.3 Browser data the agent can access on your behalf

The Extension declares Chrome permissions that let the agent perform browser-level actions when you ask it to. The agent only reads or acts on these surfaces in response to your prompts; nothing is collected passively in the background.

  • Tabs and tab groups: list, open, close, group, switch to, reload, and read URL/title of tabs in your current Chrome profile.
  • Browsing history: search and list your Chrome history when an agent tool such as "search history" is invoked.
  • Bookmarks: read your bookmark tree when invoked.
  • Downloads: list, cancel, or initiate downloads when invoked.
  • Recently closed tabs (sessions): list and restore.
  • Web navigation events: detect when a page finishes loading so the agent can read it.
  • Clipboard write: write to your clipboard (for example, copying an audit receipt). The Extension does not read your clipboard unless you grant the optional clipboardRead permission.
  • Notifications: shown when scheduled agent tasks become due.
  • Native messaging: used only if you have installed the optional Matrx Local desktop companion, to bridge between the Extension and the desktop engine.
  • Debugger (Chrome DevTools Protocol): used by admin-only diagnostic tools (CDP). When attached, Chrome shows a visible "is being debugged" banner. CDP-derived data (console messages, network metadata, accessibility tree) is treated the same as any other page content described in Section 2.2.

2.4 Optional permissions you may grant at runtime

These are notrequested at install time. The Extension asks for them only when you toggle them on in Settings → Advanced agent capabilities, and you can revoke them at any time from the same screen or from Chrome’s extension settings.

  • Cookies: read, set, or delete cookies on the current origin.
  • Page capture: save the current page as an MHTML archive.
  • Clipboard read: read clipboard contents on demand.
  • Tab capture: record video of the active tab when you start a recording.
  • All-sites access (<all_urls> host permission): allows page-reading content scripts to run on any website. Default is off; enable it if you want the agent to operate on arbitrary sites beyond the small list of always-allowed Matrx hosts.

2.5 Microphone audio (optional voice input)

If you press the microphone button in the Extension, your microphone captures audio locally. Audio chunks are sent to our backend at aimatrx.com, which proxies the audio to Groq for speech-to-text transcription, and (when you ask an agent to speak) proxies generated text to Cartesia for text-to-speech synthesis. Audio is processed for the request only; we do not retain the raw audio.

2.6 Data stored locally on your device

The Extension keeps the following on your machine, inchrome.storage.local, and never uploads it unless you explicitly choose to:

  • Settings, voice preferences, theme preference.
  • Cached recent conversations (the authoritative copy lives on our server — see Section 3.2).
  • "Demos" you record — sequences of your own browser actions you save for the agent to replay.
  • Per-domain "guidance" notes, screenshots, and recordings you create.
  • A local audit log of cryptographic run receipts: the Extension generates a device-bound Ed25519 keypair and signs a record of each tool call (call id, hashes of inputs and outputs, timestamps) so you can later verify what the agent did. The audit log is local-only; nothing is uploaded.
  • A debug log ring buffer (last several hundred events). This is for your own troubleshooting and can be exported or cleared from the Debug tab.
  • A short log of which tabs recently produced sound, used by the "recently audible" agent tool.

2.7 What we do not collect

  • No analytics, telemetry, or third-party trackers in the Extension.
  • No advertising identifiers, fingerprinting, or precise location data.
  • No selling of personal information; no data brokers.
  • No reading of pages you have not directed the agent to operate on.

3. Where your data goes

3.1 Sub-processors

We share data with the following providers strictly to operate the Service:

  • Supabase— authentication, database storage, and realtime cross-device messaging. Hosts your account record, conversation history, and saved artifacts. (Supabase privacy policy)
  • Vercel— hosting for our web application and API routes. Receives request metadata (IP address, user-agent) as part of normal HTTPS serving. (Vercel privacy policy)
  • Groq— speech-to-text. Receives the audio you submit when you use voice input. (Groq privacy policy)
  • Cartesia— text-to-speech. Receives the text submitted for synthesis. (Cartesia privacy policy)
  • Large language model providers— Anthropic, OpenAI, Google (Gemini), and other providers as configured per agent. When you send a message to an agent, the agent backend forwards your message and any included page context to whichever provider that agent is configured to use, so it can generate a response. Each provider’s own privacy and data-retention policies apply to that processing. We do not train models on your content, and we use providers’ non-training, non-logging endpoints where they are offered.

3.2 What is stored on our servers

Your account record (email, profile fields), your conversation history, agents and prompts you have configured, and artifacts you save (notes, guidance items, recorded demos that you choose to sync) are stored on our infrastructure (Supabase) under your user id.

These are retained until you delete them. You can delete individual conversations, artifacts, or your entire account at any time. Deleting your account removes your stored data within a commercially reasonable period, except where we are required to retain a record for legal, security, or fraud-prevention reasons.

3.3 Cross-device messaging

The Extension subscribes to a per-user Supabase Broadcast channel so that messages sent from your other devices or from the web app can be delivered to the Extension in real time. Only your authenticated sessions can publish or receive on your channel.

3.4 In-page integrations (WebMCP and externally connectable origins)

On a small allowlist of origins we control (aimatrx.com and our development hosts), the Extension exposes its tool catalog to in-page agents via the WebMCP API and accepts authenticated messages via Chrome’s externally_connectable bridge. These bridges only operate on origins on the allowlist; arbitrary websites cannot use them to call the Extension.

4. How we use the information

  • To authenticate you and keep your session active.
  • To run the AI agent you have invoked: deliver your prompts and the context you have authorized, return responses, and execute the browser tools you ask it to use.
  • To maintain conversation history so the agent has memory across sessions.
  • To support, debug, and improve the Service. We may review aggregated, de-identified usage signals (for example: error rates, tool failure counts) for reliability work; we do not use the contents of your conversations or page captures for product analytics.
  • To comply with applicable law, prevent abuse, and protect the security of the Service.

We do not use your personal data for behavioral advertising, and we do not sell or rent it to anyone.

5. Retention

  • Account record: kept until you delete your account.
  • Conversations and saved artifacts: kept until you delete them or your account.
  • Microphone audio (voice input):processed for the request and not retained by us. Provider retention is governed by Groq’s and Cartesia’s respective policies.
  • Server logs: request-level operational logs (IP, timestamps, error codes) are retained for a limited period for security and debugging, then rotated out.
  • Local extension data:stays on your device until you clear it, uninstall the Extension, or wipe Chrome’s extension storage.

6. Your choices and rights

  • Access and export. Sign in to the web app to view your account record, conversations, and saved artifacts.
  • Delete. Delete individual conversations or artifacts from inside the app. To delete your entire account, email support@aimatrx.com from the address on file.
  • Revoke optional permissions.In the Extension open Settings → Advanced agent capabilities, or open Chrome’s extension settings page, to revoke any optional permission at any time.
  • Uninstall. Uninstalling the Extension removes the Extension and its locally stored data from that device. Your server-side account record is unaffected; delete it separately if you want it gone.
  • EU/UK/California rights. Depending on where you reside, you may have rights of access, rectification, erasure, portability, restriction, and objection (GDPR, UK GDPR, CCPA/CPRA). To exercise any of them email support@aimatrx.com and we will respond within the timeframes required by the applicable law.

7. Security

We use HTTPS for all client-server traffic, store credentials with our authentication provider (Supabase) rather than rolling our own, encrypt refresh tokens at rest in extension storage, and gate privileged tool actions behind explicit user confirmation in the Extension. No method of transmission over the Internet or method of electronic storage is 100% secure; we cannot guarantee absolute security but we work to keep practices in line with the sensitivity of the data.

8. International data transfer

We are based in the United States. Data we process may be stored or processed in the United States or in any other country where our sub-processors operate. By using the Service you consent to such transfers. We rely on the standard contractual mechanisms our sub-processors offer for international transfer where applicable.

9. Children

The Service is not directed to children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal data from children under that age. If you believe a child has provided us personal data, please contact support@aimatrx.com and we will delete it.

10. Third-party links

The Service and the agents you run through it may navigate to or retrieve content from third-party websites. We are not responsible for the privacy practices of those sites, and this policy does not cover them.

11. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top reflects the most recent change. For material changes that affect how your data is handled, we will notify active users by email and/or through an in-product notice prior to the change taking effect.

12. Contact

AI Matrx
Email: support@aimatrx.com