Browser Extension Privacy Policy

This Privacy Policy applies specifically to the OmniSubs browser extension (the "Extension") published by EGO HERO LLC("EGO HERO", "we", "us", or "our") on the Chrome Web Store and similar distribution channels. It describes what the Extension collects on your device, what it sends to our servers, and the permissions it requests. For information about how our servers and third-party AI providers handle your content after it arrives, see our main Privacy Policy, which applies in addition to this one.

1. What the Extension Does

The Extension adds a side panel to your browser that detects <video>elements on the page you are viewing and lets you transcribe and translate their audio into subtitles that are rendered back on top of the player. The Extension does not operate on any page until you explicitly open the side panel and click "Start" for a specific video.

2. What Leaves Your Device

The Extension is deliberately narrow about what it transmits. Nothing is sent anywhere until you initiate a transcription or translation job for a specific video.

• Audio from videos you click Start on. When you start a job, the Extension captures the audio of the selected video as it plays in your browser, splits it into short chunks, and sends those chunks to https://omnisubs.app/api/transcribe. The original video file (or stream) is never uploaded. Only audio is transmitted, and only for the one video you selected.
• Subtitle text for translation. The text produced by transcription is sent to https://omnisubs.app/api/translate to be translated into the language you selected.
• Job metadata. Alongside each job we record filename/stream label, duration, target language, chosen tone, success/failure status, and cost signals, via https://omnisubs.app/api/extension/jobs and related billing endpoints. This is used to show job history in the side panel, to bill credits accurately, and to diagnose failures.
• Your authentication token. Calls to our API use a bearer token issued by your existing omnisubs.app session (see Section 4 below).
• Problem reports (only if you click the report button). If you choose to report a problematic page using the "Report a problem" button in the side panel, the Extension collects the URL of the page, a short description you type, and diagnostic snapshots (detected video sources, your most recent job for that tab, extension version) and sends them to https://omnisubs.app/api/extension/report so our team can investigate. Your account email and user ID are included so we can follow up with you if needed. Reports are not sent unless you click the report button.

The Extension does not transmit any data to any host other than omnisubs.app. There are no third-party analytics, no ad trackers, no third-party scripts, and no telemetry pings. Network requests initiated by the Extension are limited to the following endpoints under https://omnisubs.app:

• /api/extension/token — sign-in token exchange
• /api/transcribe — audio to text
• /api/translate — text to translated text
• /api/credits/balance — credit-balance display
• /api/credits/debit — billing
• /api/extension/jobs — job history record
• /api/extension/vtt — final subtitle file upload
• /api/extension/report — problem reports (only when you press the report button)

3. What the Extension Stores on Your Device

• Authentication tokens are kept in chrome.storage.session, which is automatically cleared when you close your browser. They are never persisted to disk.
• Language and tone preferences, last-used target language, and your side-panel UI state are kept in chrome.storage.local so the panel remembers your choices next time you open it.
• Applied-subtitle state per tab (which video has subtitles, and the VTT text of the last job) is kept in chrome.storage.local so that refreshing a page or navigating within a site can re-apply the subtitles without re-running the job.
• Diagnostic breadcrumbs — a short rolling log of what the Extension did recently (phases entered, errors caught) — are kept in chrome.storage.local purely to help you debug locally and to attach to a problem report if you choose to send one. They are not transmitted unless you submit a report.

You can clear all of this at any time by uninstalling the Extension or by clearing site storage forchrome-extension:// in your browser settings.

4. Sign-In

The Extension signs you in using your existing omnisubs.app account. When you sign in from the side panel, the Extension calls the /api/extension/token endpoint on omnisubs.app, which issues a short-lived bearer token bound to your account. Token refresh happens automatically in the background (using the alarms permission) so long jobs do not stall mid-pipeline. Tokens are never shared with any other host and are cleared from memory and session storage when the browser closes.

5. Permissions and Why We Need Them

The Extension requests the minimum set of permissions necessary to operate. Chrome displays these permissions at install time; here is what each one is used for:

• storage — saves preferences, applied-subtitle state, and the session-only authentication token. Described in Section 3.
• activeTab / scripting — the content script reads <video> elements in the tab you are actively using and injects the subtitle overlay onto that page. No cross-tab access.
• alarms — refreshes the short-lived authentication token every 30 minutes so long transcription jobs do not stall.
• webNavigation — clears the per-tab video registry when you navigate away, so stale thumbnails from the previous page do not show up in the side panel.
• webRequest — observes (does not modify or block) media-asset network requests so we can recognize HLS manifests, DASH manifests, and progressive MP4s sitting alongside <video>elements. This lets us offer a faster "direct file" path on sites that serve audio as a plain file.
• sidePanel — the Extension's UI is a side panel so it can stay open while you interact with the player.
• Host permission <all_urls> — the Extension must be able to detect <video> elements on whatever site you choose to caption. Users bring their own sites; we cannot enumerate every legitimate website ahead of time. The Extension performs no cross-site correlation. Each tab is handled in isolation, and nothing on any page is transmitted anywhere unless you press Start on a specific video in that tab.

6. What the Extension Does NOT Do

• It does not read passwords, form fields, keystrokes, or the general text content of pages.
• It does not inject advertising, affiliate links, or third-party scripts.
• It does not attempt to bypass DRM, paywalls, watermarks, or access controls. Streams protected by Encrypted Media Extensions (Netflix, Disney+, Prime Video, HBO Max, etc.) are detected up front and refused.
• It does not send any data to hosts other than omnisubs.app.
• It does not use your content to train machine-learning models. Our contracts with the third-party transcription and translation providers described in the main Privacy Policy prohibit such use as well.
• It does not contain remote code. Every script that runs is contained in the packaged Extension and was reviewed by the Chrome Web Store.

7. Third-Party Processing

Once your audio and subtitle text arrive at omnisubs.app, they are handled by the server-side pipeline and the categories of third-party providers described in our main Privacy Policy (notably a speech-to-text transcription provider, a machine-translation provider, an authentication/database/object-storage provider, a payment processor, and an application-hosting provider). Those disclosures — including data retention, categories of data shared with each provider, and how to exercise your data rights — apply equally to the Extension and are incorporated into this policy by reference.

8. Data Retention

The per-job records created by the Extension are stored in your OmniSubs account and follow the retention rules in the main Privacy Policy. You may delete individual jobs and generated subtitles at any time from your generations history, and you may delete your account, which removes associated job records and subtitles subject to short backup-window persistence.

Problem reports submitted through the Extension are retained as internal support records for as long as needed to investigate and resolve the reported issue. They are not used for any other purpose.

9. Children

The Extension is not intended for children under 13 (or the equivalent minimum age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If we learn that we have done so, we will delete it.

10. Your Rights

The same rights described in our main Privacy Policy — including access, correction, deletion, objection, restriction, and portability, as applicable under GDPR, CCPA/CPRA, or similar laws — apply to any personal data we process in connection with the Extension. To exercise them, contact hello@egohero.com.

11. International Data Transfers

Data transmitted by the Extension to omnisubs.app and processed by our third-party providers may be stored and processed in countries other than your own. See the International Data Transfers section of our main Privacy Policy for details.

12. Security

All network traffic between the Extension and omnisubs.app is transmitted over HTTPS (TLS). Authentication tokens are kept in chrome.storage.session rather than on disk so they do not persist across browser restarts. However, no method of transmission or storage is 100% secure and we cannot guarantee absolute security.

13. Changes to this Policy

We may update this Policy from time to time. Material changes will be reflected in the "Last updated" date above and may also be announced in the Extension's release notes on the Chrome Web Store listing or via the side panel itself.

14. Contact

Questions about this Policy or about data processed by the Extension may be sent to EGO HERO LLC at hello@egohero.com.

See also our main Privacy Policy and our Terms of Service.