Phantom Auth0 Privacy Policy

Phantom Auth0 is a Chrome extension and companion service for browser-based AI assistance with Auth0-backed login, connected accounts, delegated actions, and approval-aware workflows.

This Privacy Policy explains what data Phantom Auth0 may access, how that data is used, when it is shared, and what choices users have.

Summary

Phantom Auth0 is designed to help a user control the browser and, if the user chooses, connect external services such as Google and Linear through Auth0.

Phantom Auth0 may process browser and page data, microphone audio, optional visible-tab or screen data, Auth0 session and connected-account state, delegated action requests and results, and local preferences stored by the extension.

Phantom Auth0 does not sell personal data and does not use personal data for advertising.

Data We Access

Depending on which features a user enables, Phantom Auth0 may access the current tab URL and title, open tab metadata, page text, DOM structure, accessibility information, and visible interactive elements needed to carry out a requested browser action.

If the user starts a voice session, Phantom Auth0 may capture microphone audio and send it to the configured AI runtime or relay service to transcribe speech, generate responses, and execute requested actions.

If the user enables vision or visible-tab understanding features, Phantom Auth0 may capture screenshots or visible-tab frames and send them to the configured AI runtime or relay service so the model can understand what is on screen.

If the user signs in or connects external accounts, Phantom Auth0 may process Auth0 identifiers, session state, connected-account status, approval state, and delegated action state.

If the user asks Phantom Auth0 to act on connected services, Phantom Auth0 may process the minimum data needed to complete that request, such as calendar availability, email draft or send requests, Google Docs, Sheets, Drive, or Tasks operations, and Linear teams or issue creation requests.

How We Use Data

Phantom Auth0 uses data only to provide browser-agent features, authenticate users, connect and manage delegated accounts through Auth0, execute user-requested actions in connected services, show action history and approval state, improve reliability and security, and diagnose operational issues.

Phantom Auth0 does not use user data for targeted advertising, profiling for ads, or data brokerage.

Sharing and Third Parties

Phantom Auth0 may share data with third-party service providers only when necessary to provide the requested feature. Depending on configuration, those providers may include Auth0 for login and connected accounts, Google for AI runtime features or Google Workspace actions, Linear for Linear actions, and cloud infrastructure providers used to host the companion service.

Data is shared only as needed to deliver the user-facing feature, maintain security, or comply with law.

Extension Permissions

• activeTab to interact with the current tab after user invocation
• tabs to inspect, open, switch, or close tabs when requested
• scripting to inspect page structure and perform requested browser actions
• storage to save preferences, local memory, and session state
• sidePanel to show the extension UI
• tabCapture to capture visible-tab or tab audio data for enabled voice or vision features
• debugger to support advanced browser interaction and runtime tooling used by the product
• <all_urls> host permissions so the extension can operate on the pages where the user asks it to act

Retention and Security

Local extension data remains on the user’s device until it is removed by the extension, overwritten, or cleared by the user. Hosted session, approval, and delegated-action data may be retained as needed to operate the service, maintain security, provide action history, or troubleshoot issues.

Phantom Auth0 is designed to reduce unnecessary exposure of provider credentials by using Auth0-backed connected-account flows rather than storing raw third-party tokens directly in the extension. No system is perfectly secure, and users should use caution when sharing highly sensitive information through microphone, screen, or connected-service workflows.

User Choices

Users can choose whether to sign in to the companion, connect external accounts, start microphone sessions, enable screen or vision features, and ask the extension to perform delegated actions. Users can also disconnect connected accounts and clear local extension data through product or browser controls, depending on the feature.

Google API Data and Limited Use

If Phantom Auth0 accesses information from Google APIs, the use of that information is limited to providing and improving user-facing features requested by the user. Phantom Auth0 does not use Google API data for advertising and does not sell Google API data.

Phantom Auth0 is designed so that humans do not routinely read Google API data. Human access may occur only with the user’s explicit consent, when necessary for security or abuse investigation, or to comply with applicable law.

The use of information received from Google APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements. See also the Google API Services User Data Policy.

Changes and Contact

This Privacy Policy may be updated from time to time. If Phantom Auth0 begins using data in a materially different way, the policy should be updated before that new use is introduced.

Project repository: github.com/youneslaaroussi/phantom-auth0

Developer contact: hello@youneslaaroussi.ca