Browser Extension Privacy Policy

Last updated: April 4, 2026Effective: April 4, 2026

This policy describes how the CloudStation browser extension handles your data when syncing login sessions to your sandbox environment.

1. Overview

The CloudStation browser extension ("Extension") syncs your browser login sessions to your private CloudStation sandbox environment. It reads cookies from supported websites and transfers them to your sandbox so that AI agents running inside can interact with those websites on your behalf.

This privacy policy explains what data the Extension accesses, how it is used, and your rights regarding that data.

2. Data We Access

The Extension accesses the following data:

  • Browser cookies for supported websites: X (Twitter), LinkedIn, Reddit, YouTube, GitHub, Instagram, and Facebook. This includes session tokens, authentication cookies, and related cookies for these domains.
  • CloudStation authentication token from your active session on app.cloud-station.io. This is used solely to auto-discover your sandbox URL.

The Extension does not access passwords, form data, browsing history, keystrokes, or any data beyond cookies for the listed domains.

3. How We Use Your Data

Cookies are used for one purpose only:

  • Transferred directly to your own CloudStation sandbox via an encrypted HTTPS connection to the sandbox's API endpoint.

The CloudStation authentication token is used solely to call the CloudStation API to discover your sandbox URL. It is not stored or transmitted elsewhere.

4. Data Storage

The Extension does not store cookies or authentication tokens on any external server. Cookies are held in memory only during the sync operation and are discarded immediately after transfer. No data is persisted by the Extension itself.

Once transferred, cookies reside in the Chrome browser instance inside your private sandbox. Your sandbox is isolated — only you have access to it.

5. Data Sharing

We do not share your data with any third parties. Cookies are transferred exclusively between your local browser and your own CloudStation sandbox. No analytics services, advertising networks, or other third parties receive any data from the Extension.

6. Network Requests

The Extension makes exactly two types of network requests:

  1. GET to api.cloud-station.io/services/sandbox — to discover your sandbox URL using your CloudStation session.
  2. POST to your-sandbox-url/browser/cookies/import — to transfer cookies to your sandbox Chrome instance.

No other network requests are made. No remote code is fetched or executed. All JavaScript is bundled locally in the Extension package.

7. Your Control

  • You choose which sites to sync — individually or all at once.
  • The Extension only runs when you click the popup. No background syncing occurs.
  • Uninstalling the Extension removes all local data immediately.
  • Cookies in your sandbox persist only while the sandbox is active and can be cleared at any time via the sandbox browser settings.

8. Security

  • All data transfers use HTTPS encryption.
  • The Extension uses Chrome Manifest V3, the most secure extension architecture.
  • Each CloudStation sandbox is isolated per-user with its own Chrome instance.
  • The Extension never accesses or transmits actual passwords — only session cookies.

9. Children's Privacy

The Extension is not directed at children under the age of 13. We do not knowingly collect data from children.

10. Changes to This Policy

We may update this privacy policy from time to time. Changes will be reflected on this page with an updated effective date. Continued use of the Extension after changes constitutes acceptance of the updated policy.

11. Contact

If you have questions about this privacy policy or the Extension, contact us at:

Contact Us

If you have any questions about this document, please contact CloudStation at [email protected].