verified_user
Jester AI does not collect, store, or transmit any personal data to its own servers.
The developer has no backend and receives no user data whatsoever. Everything stays between your browser and Google's API.
Jester AI is a Chrome browser extension that uses AI to detect phishing and brand-impersonation threats in real time. This policy explains what data the extension accesses, how it is used, and what is never collected.
Jester AI operates entirely client-side. All analysis happens between your browser and Google's Gemini API using your own API key. No data ever reaches a developer-controlled server.
To perform phishing analysis, Jester AI reads the following from each page you visit. None of this is sent to the extension developer — it is sent directly from your browser to the Google Gemini API using your own key.
- Page URL & hostname — used to identify suspicious domain patterns against known phishing databases.
- Page text content — scanned locally to detect brand name mentions (e.g. "Google", "PayPal").
- Form structure — checks whether a page contains login or password input fields, which increases phishing risk score.
- Page headings & button labels — sent to the Gemini AI API as metadata for threat analysis.
- Page screenshot — captured and sent to the Gemini API for visual brand-impersonation analysis (deep scan mode only).
To use Jester AI, you must provide a Google Gemini API key. This key is handled as follows:
- Stored locally in your browser using
chrome.storage.local — it never leaves your device except to make requests directly to Google's API.
- Encoded with Base64 in storage. Note: this is obfuscation, not encryption. Your key remains on your device only.
- Never transmitted to the extension developer or any third party other than Google.
- Removable at any time via the extension settings panel (⋮ icon).
Jester AI communicates with exactly three external services. No other external connections are made.
Google Gemini API
Page metadata and screenshots are sent here for AI threat analysis. Requests are made using your own API key.
policies.google.com/privacy →
OpenPhish Feed
A public list of known phishing URLs, fetched from GitHub every 12 hours and stored locally in your browser for fast matching.
openphish.com →
Wayback Machine CDX API
When a page scores 5/10 or higher, the domain is checked against the Internet Archive's CDX API to determine how old and established it is. No personal data is sent — only the domain name.
archive.org →
The following data is stored in chrome.storage.local on your device only. You can clear it by removing the extension or via Chrome's extension storage settings.
- Gemini API key — Base64-encoded, stored locally only.
- Trusted domain whitelist — sites you have manually marked as safe.
- Last scan verdict — status, reason, and rating for the current tab.
- OpenPhish URL cache — the fetched list of known phishing URLs.
- Extension preferences — power state, sensitivity level, language, light mode, notification settings.
The developer of Jester AI has no server, no database, and no access to any user data. The following are never collected under any circumstances:
Name, email, or account info
Browsing history
Passwords or form values
Analytics or usage data
Crash reports
Data sent to developer servers
Device identifiers
Location data
Jester AI requests only the permissions strictly necessary for its security functionality.
activeTab
Read the current page's URL and content for scanning.
storage
Save your settings, API key, and whitelist locally on your device.
tabs
Identify which tab triggered a scan and reload tabs when trust status changes.
notifications
Alert you when a high-risk phishing site is detected.
<all_urls>
Required to scan any website you visit. No browsing data is collected from this permission.
Jester AI is not directed at children under the age of 13 and does not knowingly collect any data from them. If you believe a child has provided information through this extension, please contact us immediately.
If this policy is updated, the effective date at the top of this page will be changed to reflect the revision. Continued use of the extension after changes constitutes acceptance of the revised policy.
For any privacy-related questions or concerns, reach out directly: