Portfolio
Back to Project

Privacy Policy

For: Why I Built TokenFlow: A Chrome Extension to See How AI Thinks

Privacy Policy for Tokenization & Embedding Visualizer

Last Updated: February 10, 2026

Introduction

Tokenization & Embedding Visualizer ("the Extension") is an educational Chrome extension designed to help users understand how text is converted into tokens and embeddings. This privacy policy explains how the Extension handles user data.

Data Collection and Usage

What Data We Collect

The Extension collects and processes the following data:

  1. Selected Text: When you select text on a webpage and activate the Extension, that text is temporarily stored and processed.

  2. Chrome Storage: The Extension stores your last selected text in Chrome's local storage to maintain state when reopening the side panel.

How We Use Your Data

  • Text Processing: Selected text is processed locally in your browser using the MiniLM transformer model to generate tokens and embeddings for visualization.

  • Educational Visualization: The processed data is used solely to display educational visualizations showing how text becomes tokens and vector embeddings.

Data Storage

  • Local Storage Only: All data is stored locally in your browser using Chrome's storage API. No data is transmitted to external servers owned or operated by us.

  • Temporary Storage: Selected text is stored temporarily and can be cleared at any time by clearing your browser's extension data.

Third-Party Services

AI Model (Bundled Locally)

The Extension includes a pre-bundled AI model:

  1. Model Included: The "Xenova/all-MiniLM-L6-v2" model (~23 MB) is included in the extension package.

    • No downloads required during normal operation

    • The model runs entirely in your browser using WebAssembly (WASM)

    • All processing happens locally on your device

No External Connections Required

Important: The Extension operates completely offline once installed:

  • ✅ All AI models are bundled in the extension package

  • ✅ All JavaScript, CSS, and fonts are bundled locally

  • ✅ No data is sent to external servers

  • ✅ No external downloads occur during normal use

The extension's Content Security Policy (CSP) allows connections to certain domains (Hugging Face, CDN services) for technical compatibility with the AI library, but these connections are not used during normal operation since all required files are already bundled.

No Remote Code Execution

The Extension does not execute any remote code:

  • All JavaScript, CSS, and fonts are bundled locally within the extension package

  • No external scripts are loaded or executed at runtime

  • The AI model is bundled as a data file (ONNX format), not executable code

  • The Extension fully complies with Chrome Web Store's remote code policy

Permissions Explanation

The Extension requests the following permissions, each necessary for its educational purpose:

Required Permissions:

  • sidePanel: To display the visualization interface in Chrome's side panel

    • Why needed: Provides a non-intrusive interface for showing tokenization and embedding visualizations

    • User benefit: Keeps your browsing experience uninterrupted while viewing the analysis

  • contextMenus: To add a right-click menu option for easy access

    • Why needed: Allows quick activation via right-click on selected text

    • User benefit: Convenient access to the extension's features

  • activeTab: To read selected text from the current webpage

    • Why needed: Captures the text you select for visualization

    • When used: Only when you explicitly activate the extension (click icon or use context menu)

    • Privacy: Does NOT access tabs in the background; only responds to your explicit actions

  • scripting: To inject code that captures text selection on web pages

    • Why needed: Detects when you select text and enables automatic text capture

    • Privacy: Only captures text selections; does not modify page content or track behavior

  • storage: To save your last selected text for persistence across sessions

    • Why needed: Remembers your last visualization when you reopen the side panel

    • Data stored: Only your selected text (stored locally in your browser)

    • Privacy: All data stays on your device; nothing is synced or sent externally

Host Permissions:

  • Access to all websites (<all_urls>):

    • Why needed: Allows you to use this educational tool on any webpage (articles, documentation, tutorials, etc.)

    • How it's used: The extension only activates when you explicitly select text and open the side panel

    • Privacy: No background monitoring, data collection, or page modification occurs

Important: All permissions are strictly necessary for the extension's single purpose: visualizing how text becomes tokens and embeddings. No unnecessary permissions are requested.

Data Security

  • Client-Side Processing: All text processing and AI inference happens locally in your browser. Your data never leaves your device.

  • No External Transmission: We do not transmit, sell, or share your selected text or any personal information with third parties.

  • No Analytics: The Extension does not include any analytics, tracking, or telemetry.

Data Retention

  • Session-Based: Selected text is retained only while you use the Extension and is cleared when you close the browser or clear extension data.

  • User Control: You can clear all stored data at any time by:

    • Removing the Extension

    • Clearing Chrome's extension storage

    • Using Chrome's "Clear browsing data" feature

Children's Privacy

The Extension does not knowingly collect personal information from children. It is designed as an educational tool and processes only the text that users explicitly select.

Changes to This Privacy Policy

We may update this privacy policy from time to time. Any changes will be reflected in the "Last Updated" date at the top of this document. Continued use of the Extension after changes constitutes acceptance of the updated policy.

Your Rights

You have the right to:

  • Know what data is collected (as outlined above)

  • Access your stored data through Chrome's developer tools

  • Delete your data by removing the Extension or clearing browser storage

  • Stop data collection by uninstalling the Extension

Contact Information

If you have questions or concerns about this privacy policy or the Extension's data practices, please contact:

Developer: Ankur Khera
Email: mastermindankur@duck.com

Compliance

This Extension complies with:

  • Chrome Web Store Developer Program Policies

  • General Data Protection Regulation (GDPR) principles

  • California Consumer Privacy Act (CCPA) principles

Open Source

The Extension's source code is available for review, allowing you to verify our privacy practices and see exactly how your data is handled.

Summary: Your privacy is important to us. The Tokenization & Embedding Visualizer processes all data locally in your browser and does not transmit your selected text or personal information to any external servers. The Extension only downloads AI models and libraries from third-party CDNs to enable local processing.