WizLayer
LoginSign Up

Legal

Privacy Policy

Last updated — February 10, 2026

At a Glance

  • WizLayer processes text only when you take an explicit action — generate, summarize, translate, or chat.
  • Text is sent to our servers solely to perform the requested AI task and is not stored after the response.
  • We do not collect browsing history, passwords, cookies, or form field values.
  • Content scripts run on every page for lightweight UI setup only. No data leaves your device until you act.
  • All local data can be removed by logging out or uninstalling the extension.
  • We never sell, rent, or share your data with third parties for advertising.

WizLayer (“we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our browser extension and web service (collectively, the “Service”).

1. Data We Collect

1.1 Stored Locally on Your Device

  • Authentication token and basic profile (email, display name, avatar)
  • User preferences: theme, preferred language, grammar-check toggle
  • Field-selector mappings per domain (remembers which fields to auto-fill)
  • Last token-verification timestamp

No page content, browsing history, or form field values are stored locally.

1.2 Sent to WizLayer Servers

Data is only sent when you take an explicit action:

  • Content generation — topic, tone, language, field metadata (never field values)
  • AI chat — message text, current page URL and title
  • Page summarization — page URL, title, extracted visible text
  • Toolbar AI — selected text on the page
  • Grammar checking — text content of the focused form field
  • Authentication — email/password or Google OAuth token

1.3 Data We Do NOT Collect

  • Browsing history or a list of visited URLs
  • Cookies or session tokens from other websites
  • Passwords or contents of password fields
  • Full page HTML or source code
  • Data from pages you don't interact with through WizLayer
  • Any data for advertising, analytics, or tracking

2. How We Use Data

All data sent to WizLayer servers is used exclusively to perform the feature you requested:

FeatureData UsedPurpose
Content generationTopic, tone, language, field metadataGenerate blogs, social posts, emails, product descriptions
AI chatMessage text, page URL & titleProvide contextual AI responses
Page summarizationPage URL, title, visible textGenerate a summary of the current page
Toolbar actionsSelected text onlyExplain, summarize, or translate selected text
Grammar checkText field contentIdentify and suggest grammar corrections
AuthenticationEmail/password or OAuth tokenVerify identity and authorize access

We do not use any collected data for profiling, advertising, or purposes unrelated to the feature you activated.

3. When Data Is Sent Off-Device

Data leaves your device only when you perform one of these actions:

  • Click “Generate” in any content creation form
  • Send a message in the AI chat
  • Click “Summarize Page”
  • Click Explain, Summarize, or Translate on the selection toolbar
  • Focus a text field with grammar checking enabled (can be disabled in Settings)
  • Sign in or create an account

Background exceptions:

  • Token refresh — every ~6 hours the extension refreshes your auth token. Only the token is sent, no page or user content.
  • Grammar monitoring — when enabled and a text field is focused, that field's content is sent for analysis. Disable in Settings.

4. Browser Extension Permissions

PermissionWhy It's Required
storageStore your auth token, preferences (theme, language, grammar toggle), and field-selector mappings locally on your device.
activeTabIdentify the currently active tab so WizLayer can interact with the page you are viewing.
sidePanelDisplay the WizLayer side panel where you access all features.
tabsQuery the active tab for page context, route messages between UI and content script, and manage the OAuth sign-in tab.
scriptingInject the content script into tabs opened before installation. Never injects arbitrary or dynamic code.
alarmsSchedule periodic auth token refresh (~every 6 hours) to maintain your session.
<all_urls>WizLayer works on any website — custom domains, CMS platforms, and web apps. Required for selection toolbar, grammar checking, form detection, and page summarization.

Content scripts: A content script runs on every page at document idle. It performs three lightweight actions: (1) injects CSS theme variables, (2) initializes a selection toolbar listener (appears only when you select 3+ characters), and (3) starts a grammar field-focus listener (can be disabled). No page content is read, processed, or sent until you initiate an action.

5. Authentication

  • Email & password — sent over HTTPS to our auth provider (Supabase). Passwords are never stored in the extension.
  • Google OAuth — uses Google's standard OAuth flow. WizLayer only receives your name, email, and profile picture. We do not access Gmail, Drive, Contacts, or any other Google service.

Your auth token is stored locally in chrome.storage.local and refreshed every 6 hours. On logout, your token and profile data are removed immediately.

6. Local Storage

All data stored by WizLayer resides in chrome.storage.local on your device:

  • Authentication token
  • Profile information (email, display name, avatar URL)
  • Theme and language preferences
  • Grammar-check toggle state
  • Per-domain field-selector mappings

No browsing history, page content, or form field values are stored locally or remotely.

7. Data Sharing & Third Parties

WizLayer does not sell, rent, trade, or share your personal data with third parties for advertising, marketing, or any unrelated purpose.

Service providers:

  • AI service providers — process text to generate content, summaries, translations, and grammar suggestions.
  • Authentication provider (Supabase) — manages account creation, sign-in, and token verification.
  • Infrastructure providers — host servers and databases.

We do not use Google Analytics, Facebook Pixel, or any third-party tracking or ad networks.

8. Data Retention

  • AI-processed text — not stored after the response is delivered.
  • Auth tokens — stored locally until you log out or uninstall.
  • Account data — retained on server for the duration of your account. Deleted within 30 days of deletion request.
  • Generation history — retained for 90 days, then automatically deleted.
  • User preferences — stored locally, removed on uninstall.

9. Security

  • All communication occurs over HTTPS (TLS encryption in transit)
  • Auth tokens are cryptographically hashed (SHA-256) before server-side storage
  • Passwords are hashed using bcrypt
  • The extension never injects arbitrary or dynamically generated code
  • Content scripts perform no direct network requests — all server communication routes through the background service worker
  • API endpoints implement rate limiting and input validation

No method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

10. Your Controls

ActionWhat Happens
Disable grammar checkingNo field text will be sent for grammar analysis
Change languageUpdated in Settings, stored locally only
Log outAuth token and profile removed from local storage immediately
Uninstall extensionAll local data removed — tokens, preferences, field mappings
Request account deletionServer-side data deleted within 30 days

No data is ever sent to WizLayer servers without you taking an explicit action. To request account deletion, email privacy@wizlayer.ink.

11. Children's Privacy

WizLayer is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us at privacy@wizlayer.ink and we will delete that information promptly.

12. International Data Transfers

WizLayer servers may be located outside your country of residence. By using WizLayer, you consent to the transfer of your data to servers in other jurisdictions. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

13. GDPR & CCPA Compliance

European Users (GDPR)

  • Right to data portability
  • Right to restriction of processing
  • Right to object to automated decision-making
  • Right to lodge a complaint with a supervisory authority

Legal basis for processing:

  • Contract performance — processing necessary to provide the Service you requested.
  • Consent — you have given explicit consent for specific activities.
  • Legitimate interests — security, fraud prevention, and service improvement that do not override your rights.

California Users (CCPA)

  • Right to know what personal information we collect
  • Right to request deletion of your personal information
  • Right to opt-out of the sale of personal information (we do NOT sell your data)
  • Right to non-discrimination for exercising your CCPA rights

14. Do Not Track Signals

Our Service does not track users over time or across third-party websites. We do not respond to “Do Not Track” browser signals because we do not engage in the tracking that DNT is designed to prevent.

15. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Post the updated policy with a new “Last Updated” date
  • Send an email notification to your registered email address
  • Display a notice in the extension or web dashboard

Continued use of WizLayer after changes constitutes acceptance of the updated policy.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your data:

Privacy: privacy@wizlayer.ink

Support: support@wizlayer.ink

Website: wizlayer.ink

We will respond to your inquiry within 30 days.

By using WizLayer, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please do not use our Service.

← Back to Home