Privacy Policy

PrompTutor – Chrome Extension

Last updated: April 2026

Overview

PrompTutor is a Chrome extension built for educational research on student–AI interactions at Carnegie Mellon University. This policy explains exactly what data the extension collects, how it is used, and the controls available to you. By installing and using PrompTutor you agree to this policy.

Data We Collect

Data	When collected	Purpose
Google account name, email address, and profile picture	At sign-in via Google OAuth	Account identification. The email is hashed to a one-way anonymous ID before any data is stored or transmitted. The original name, email, and picture are never sent to our servers.
AI chat conversation text	Only when you have explicitly enabled data collection	Educational research into how students interact with AI chatbots.
Prompt text (Guidance mode only)	When you manually trigger the guidance check	Sent to our detection API to classify whether the prompt is answer-seeking and to generate a suggested rephrasing. The result and your response to the suggestion are logged for research.
Platform name and page URL	Alongside chat or guidance data	Research context (which AI platform was in use).

We do not collect passwords, payment information, browsing history, data from sites other than the listed AI platforms, or any data while collection is disabled.

Supported Platforms

The extension only activates on the following AI chat platforms:

ChatGPT (chat.openai.com, chatgpt.com)
Claude (claude.ai)
Grok (grok.com, x.com/i/grok)
Microsoft Copilot (copilot.microsoft.com, bing.com/chat)
DeepSeek (chat.deepseek.com)
Doubao (doubao.com)
Gemini (gemini.google.com)
Perplexity (perplexity.ai)
Poe (poe.com)
HuggingChat (huggingface.co/chat)

Opt-In Only

Data collection is strictly opt-in. After signing in you must explicitly toggle the "Share Data" switch to begin collection. You can disable collection at any time from the extension popup or from the floating toggle on any supported page.

Anonymization

Your Google email is hashed using SHA-256 before it is used as a user identifier. The original email, name, and profile picture are stored only in your local browser and are never transmitted to our servers. All research data on our servers is keyed to this one-way hash and cannot be reversed to identify you.

How Data Is Used

Academic research on AI-assisted learning at Carnegie Mellon University.
Aggregate analysis of prompting patterns — no individual user profiling.
The prompt guidance feature uses your prompt text to provide real-time feedback; this data is also retained for research.

Data Storage and Security

Data is transmitted over HTTPS to research servers. Access is restricted to authorized members of the research team. Data is retained for the duration of the research project and deleted thereafter, or immediately upon your request.

Permissions Used

Permission	Why it is needed
`storage` / `unlimitedStorage`	Store your login state, preferences, and locally-buffered chat logs.
`identity`	Google OAuth sign-in via Chrome's identity API.
`activeTab`	Read the active tab URL to determine which AI platform is open.
`alarms`	Schedule periodic background sync of locally-buffered logs to the server.
Host permissions (listed AI sites)	Inject content scripts that capture chat data and display the guidance UI on those specific sites only.

Your Rights and Controls

View your data — click "View My Data" in the extension popup at any time.
Delete your data — click "Delete All Data" in the popup to permanently remove all uploaded logs from our servers.
Disable collection — toggle the switch off at any time; no further data is sent.
Uninstall — removing the extension immediately stops all activity. Locally stored data is cleared with the extension.
Sign out — signing out clears all locally stored credentials and preferences.

Third Parties

We do not sell, rent, or share your data with third parties. The only external service used is Google OAuth for authentication. Data is used solely for academic research.

Children's Privacy

PrompTutor is not directed at children under 13. We do not knowingly collect data from children under 13.

IRB Approval

This research is conducted under oversight of the Carnegie Mellon University Institutional Review Board (IRB).

Changes to This Policy

We may update this policy from time to time. Significant changes will be communicated via the extension or this page. Continued use after changes constitutes acceptance of the updated policy.

Contact

Questions or data requests:

Email: EasonC13@cmu.edu

Institution: Carnegie Mellon University