Void Works

Privacy Policy

Introduction

Welcome to the Privacy Policy for Shortcut Assistant, a Chrome extension designed to enhance your browsing experience. This policy outlines how we handle your personal information and your privacy rights. It covers our use of Google Analytics for anonymous usage statistics, a proxy service for AI features and authentication, Google sign-in, Sentry (or equivalent) for error and performance monitoring, and the optional use of your own OpenAI API key.

Data Collection Summary

Overview

Shortcut Assistant sends certain information to third-party services so we can provide AI features, authenticate users, understand how the extension is used, and maintain reliability. The sections below describe what is collected, why, and where it goes.

Google Analytics

We use Google Analytics 4 (Measurement Protocol) to collect anonymous usage statistics about how the extension is used.

What we collect

A randomly generated client identifier stored in your browser (Chrome synced storage), used to distinguish installations without identifying you by name.
A session identifier stored for the current browser session (refreshed after periods of inactivity).
The extension version.
Event names when you use certain features, for example:
- Opening the extension popup
- Using keyboard shortcuts (e.g. changing story state, iteration, or estimate)
- Using the omnibox shortcut (sc)
Optional event parameters (e.g. which keyboard shortcut was used).

What we do not intend to collect via Analytics

Story titles, descriptions, notes, or other Shortcut content
Your name, email, or Shortcut account details

Why we use it

To understand which features are used and to improve the extension.

Where it is sent

To Google (google-analytics.com), subject to Google's privacy policy.

Legal basis / consent

By installing and using Shortcut Assistant, you consent to this anonymous usage collection, or you may discontinue use of the extension if you do not agree.

Our proxy service

When you use AI features or sign in through the extension, data is sent to a proxy server operated by us (hosted at our configured backend URL).

What we collect

AI requests: Story or prompt text you submit for analysis, an anonymous instance identifier (the same client identifier used for analytics), and the type of analysis requested.
Account registration: Your Google authentication token and Shortcut API token when you connect your account, so we can authorize requests on your behalf.
Label suggestions: The Shortcut story ID when you use label-related features.

Why we use it

To provide AI-powered story analysis and related features without requiring you to configure your own API keys, and to authenticate registered users. When you do not provide your own API key, story descriptions are forwarded from our proxy to OpenAI for processing.

Retention

We do not permanently store story content for AI processing. Request logs may be retained for up to 7 days for abuse prevention, security, and operational monitoring.

Optional API key

If you provide your own OpenAI API key, it is stored only on your device and is not sent to our proxy for those requests (when that path is used).

Data security

We implement appropriate security measures to protect against unauthorized access to or unauthorized alteration, disclosure, or destruction of data. This includes secure data handling by our proxy server.

Google sign-in (OAuth)

If you sign in with Google, the extension uses Chrome's identity API to obtain a Google authentication token (OpenID scope).

What we collect

A Google auth token obtained through Google's OAuth flow.

Why we use it

To register and authenticate your account with our proxy service.

Where it is sent

To Google as part of the sign-in flow.
To our proxy server when you complete registration (together with your Shortcut API token).

Google's handling of your data is governed by Google's privacy policy.

Error and performance monitoring (Sentry)

We use Sentry (or equivalent error monitoring on our backend) to collect anonymous error and performance data to diagnose crashes, failures, and stability issues. Error reporting may occur on our proxy or backend services rather than only inside the browser extension.

What may be collected

Error messages, stack traces, and technical metadata needed to debug issues.
Performance-related signals where enabled.

What we aim to avoid

Intentionally collecting story content or personal identifiers in error reports; however, errors could theoretically include snippets of data present in memory at the time of a failure.

Why we use it

To identify and fix bugs and improve reliability.

Where it is sent

To Sentry (or our monitored backend), subject to Sentry's privacy policy.

Summary table

Service	Data types	Purpose
Google Analytics	Anonymous IDs, extension version, feature usage events	Product analytics
Our proxy	Prompts/story text, instance ID, tokens, story IDs	AI features, auth, labels
Google OAuth	Auth token	Sign-in
Sentry	Errors / performance (anonymous)	Reliability

User Consent

By using Shortcut Assistant, you consent to: anonymous usage collection via Google Analytics; the optional provision of your own OpenAI API key stored locally on your device; forwarding of story descriptions and related data to our proxy server (when you use AI features or sign in without using your own API key for those requests); transmission of Google and Shortcut tokens when you register or authenticate; and anonymous error and performance data collection via Sentry or equivalent monitoring on our backend. If you do not agree, please discontinue use of the extension.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. You are advised to review this Privacy Policy periodically for any changes.

Contact Us

If you have any questions or suggestions about our Privacy Policy, do not hesitate to contact us at privacy@jensastrup.io