AI Coach Extension — Privacy Policy
Last updated: April 9, 2026
Our Commitment to Your Privacy
Made That! makes money when organizations purchase our paid products — not by selling, monetizing, or advertising against your data. Your conversation text is never used to train AI models, and we collect only what is necessary to provide the coaching service.
Overview
The Made That AI Coach Chrome extension ("the Extension") helps you write better AI prompts by providing real-time coaching feedback on your conversations with ChatGPT, Claude, and Gemini. This policy explains what data the Extension collects, how it is used, and how it is protected.
Information We Collect
Conversation text (on-demand only)
When you click "Coach Me" or "Coach All," the Extension reads the conversation messages visible on the current AI platform tab. This text is sent to our API for coaching analysis and is not stored on our servers after the response is returned. We do not passively monitor or continuously read page content.
Authentication information
When you sign in with Google, an access token and refresh token are stored locally in chrome.storage.local. These tokens are used solely to authenticate API requests and are never transmitted to any third party.
Coaching session metadata
After each coaching analysis, we store metadata (score, gap categories, timestamp) on our servers to track your improvement over time. The original conversation text is not retained — only the numerical score and category labels.
Consent status
Your consent choice (granted or not) is stored locally and recorded on our server to demonstrate compliance.
Information We Do NOT Collect
- Browsing history or URLs you visit
- Page content from non-AI-platform websites
- Passwords, form data, or autofill information
- Cookies from any website
- Data from other browser extensions
- Background or passive data collection of any kind
How We Use Your Information
- Coaching analysis: Conversation text is sent to our API, processed by an AI model (via OpenRouter), and the coaching feedback is returned to you. The conversation text is not stored after the response is generated.
- Context enrichment: If you use the Enrich feature, selected text is sent to our API to retrieve relevant team context. The selected text is not stored.
- Score tracking: Numerical scores and gap categories are stored to show your improvement history.
AI and Your Data
We take special care with how AI processes your information:
- No AI training on your data.Your conversation text is never used to train, fine-tune, or improve any AI model — not ours, and not our providers'.
- Transient processing only. Conversation text is sent to the AI model, a coaching response is generated, and the text is discarded. It is not logged, cached, or stored at any point in the pipeline.
- Provider restrictions. Our AI service providers (OpenRouter, and the underlying model providers — Google Gemini by default, Anthropic Claude as a fallback) are contractually restricted from retaining or training on content submitted through our API.
Information About Others
Your AI conversations may contain information about other people. We process this information solely to provide coaching feedback to you. We do not use it to contact, profile, advertise to, or build records about any individuals mentioned in your conversations.
Permissions
| Permission | Purpose |
|---|---|
activeTab | Read conversation text from the active AI platform tab when you click Coach Me |
sidePanel | Display coaching feedback in Chrome's side panel |
tabs | Detect which AI platform you're on and manage the OAuth sign-in flow |
storage | Store authentication tokens and preferences locally on your device |
Third-Party Services
We share information with the following service providers, each bound by agreements that require them to follow data privacy and security requirements:
- Made That API (api.madethat.com) — our backend that processes coaching requests and stores session metadata. Operated by Made That, Inc.
- OpenRouter — routes coaching requests to third-party AI models. Our default model is Google Gemini (
google/gemini-3-flash-preview); we may also route to Anthropic Claude models depending on availability and configuration. OpenRouter and the underlying providers process conversation text transiently and are contractually restricted from retaining or training on it. - Supabase — manages user authentication (Google OAuth). Receives only authentication credentials, not conversation text.
Data Storage and Security
- Authentication tokens are stored locally in
chrome.storage.localand never synced across devices. - All API communication uses HTTPS encryption.
- Server-side data is hosted on Fly.io with Supabase (Postgres) and protected by row-level security policies.
- Conversation text is processed in memory and not written to any database or log.
Data Retention
We retain data for different periods depending on what it is and how it is used:
| Data | Retention |
|---|---|
| Conversation text | Not retained — discarded after the coaching response is generated |
| Session metadata (scores, gaps) | Retained while your account is active; deleted upon account deletion request |
| Authentication tokens | Stored locally until you sign out or uninstall the Extension |
| Consent record | Retained for compliance purposes |
Your Rights and Controls
All users
- Consent control: You can decline the first-run consent dialog and use the Extension in limited mode (no data sent to our API).
- Sign out: Clear your authentication tokens at any time from the Extension settings.
- Uninstall: Remove the Extension to delete all locally stored data.
- Data deletion: Request deletion of server-side session metadata by contacting support@madethat.com.
European Economic Area (EEA) and UK residents
Under the GDPR, you have additional rights including:
- Access and portability: Request a copy of your personal data in a structured, machine-readable format.
- Rectification: Request correction of inaccurate personal data.
- Erasure: Request deletion of your personal data.
- Restriction: Request that we limit processing of your data in certain circumstances.
- Objection: Object to processing based on legitimate interests.
Our legal basis for processing is your explicit consent (provided via the first-run consent dialog) and our legitimate interest in providing the coaching service.
California residents
Under the CCPA/CPRA, you have the right to:
- Know what personal information we collect and how it is used.
- Request deletion of your personal information.
- Opt out of the sale or sharing of personal information.
- Non-discrimination for exercising your privacy rights.
We do not sell or share your personal information as defined under the CCPA/CPRA.
Data Transfers
Our servers are located in the United States. If you use the Extension from outside the United States, your conversation text will be transmitted to and transiently processed in the United States. Session metadata is stored on servers in the United States. By using the Extension and providing consent, you acknowledge this transfer.
Children's Privacy
The Extension is not directed at children under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us at support@madethat.com and we will delete it promptly.
Changes to This Policy
We may update this policy to reflect changes in the Extension or applicable regulations. The "Last updated" date at the top of this page will be revised accordingly. Continued use of the Extension after changes constitutes acceptance of the revised policy.
Contact
If you have questions about this privacy policy or the Extension's data practices, contact us at support@madethat.com.