Airglow

Privacy Policy

Last updated June 4, 2026

Airglow is open source. You can review any claims on Github.

This page describes what information the Airglow browser extension handles and where it goes.

What Airglow does

Airglow is a browser extension that runs small, focused apps on websites you choose. An app might tag every link on Hacker News, summarize the email you have open in Gmail, extract a profile from LinkedIn, or block distracting sites. You install apps from the Airglow catalog (or, if you are a developer, from your own machine), and the extension is the runtime that loads and runs them inside your browser.

Most of what Airglow handles never leaves your computer. The sections below describe the few exceptions.

Information that stays on your device

The following is stored only in your browser's local extension storage. We cannot read it; it is not sent to Airglow or to anyone else.

  • App settings. Configuration each app needs to work (e.g. the page IDs a Notion app should sync to, the redirect list a focus-blocker should enforce).
  • Credentials you enter for connected services. API keys (e.g. an Anthropic or OpenAI key for an AI-powered app) and OAuth tokens (e.g. for Gmail, Calendar, Notion). Apps read these when they call the service on your behalf.
  • A rolling debug log. The last 1,000 informational, warning, and error entries from your apps, used to help you debug an app when something is wrong.

All of this is removed when you uninstall the extension.

Information sent to Airglow

The extension sends only two kinds of traffic to servers we operate. Both are minimal.

  • Update check. Once an hour, the extension downloads the public extension manifest from our open-source repository on GitHub to see whether a newer build is available, and to honour a remote "disable this app" flag if we ever need to flip a misbehaving app off across all installs. This request carries no user data beyond what any web request carries (your IP address, your browser's user agent).

  • Product analytics (PostHog). We send a small number of event records so we can understand how Airglow is used:

    • Extension installed — fired once, after install.
    • User identified — fired only if you enter an email in the extension dashboard. We send that email so we can contact you about your account if you ever ask us to.
    • Apps registered — the list of app IDs you have installed (e.g. hn-tagger, focus-blocker). Sent when the set changes.

    Each event is tagged with a random ID generated on first run so we can tell repeat usage from new installs. We never send the contents of pages you visit, the credentials you have stored, or what your apps are doing.

Information sent to third parties on your behalf

Most Airglow apps exist to call a third-party service for you (e.g. an AI provider to summarize text, Gmail to read your messages, Notion to write a page). When an app does this, your browser makes the request directly to that third party, using the credentials you provided for that service. Airglow servers do not see the request or the response.

Which third parties are involved depends entirely on which apps you install. Common examples:

  • AI providers — Anthropic, OpenAI, Google (Gemini), and similar — when an AI-powered app sends them text or images to process.
  • Service APIs — Gmail, Google Calendar, Google Sheets, Notion, GitHub, LinkedIn, and so on — when an app reads from or writes to a service you have connected.
  • Composio — an integration broker we use to simplify connecting to many services. When an app calls a Composio-managed integration, the request goes through Composio servers.

Each third party has its own privacy policy. You are in control of which apps are installed and which services they are connected to; remove an app and it stops calling anything.

What permissions the extension uses, and why

Airglow asks for the permissions an app platform needs:

  • storage — for the on-device data described above.
  • userScripts — to run installed apps on the pages they target.
  • scripting and webNavigation — so apps work correctly on sites that swap content without a full page reload (Gmail, LinkedIn, X) and inside special iframes that userScripts alone cannot reach.
  • declarativeNetRequest — to let apps embed third-party pages inside the Airglow dashboard.
  • identity — for OAuth sign-ins to the services apps connect to.
  • offscreen — to run an app's one-time startup code in isolation from the rest of the extension.
  • alarms — for the hourly update check.
  • nativeMessaging — only used when our optional developer CLI is installed locally.
  • host access to all sites — because we cannot know in advance which sites your apps will target.

At runtime, the extension only acts on sites the apps you have installed declare they need. You can further restrict access per-site through Chrome's built-in site-access controls on the extension's toolbar icon.

What we don't do with your data

The extension does not sell or rent any data, and does not use any data for advertising, ad targeting, or determining creditworthiness.

Contact

privacy@airglow.dev