Privacy Policy

1. Privacy Overview

Aera Browser is designed with privacy as a core principle. Here's a quick summary:

Local-First Design: Your browsing data, history, bookmarks, and preferences are stored locally on your device
No Browsing Data Collection: While we operate servers for account authentication and updates, we do not collect or store your browsing data, history, or page content
Your API Keys: AI functionality uses your own API keys, which stay on your device
Direct AI Communication: When you use AI features, your conversations are sent directly to the AI provider—they never pass through our servers
You're In Control: You can clear all your local data at any time from Privacy settings

2. Data Stored Locally

Aera stores the following data locally on your device:

Data Type	Purpose	Your Control
Browsing History	Display recent pages, enable history search	Clear in browser settings
Bookmarks	Save and organize your favorite pages	Add, edit, or delete anytime
Preferences	Remember your settings (theme, search engine, etc.)	Modify in settings
OpenRouter API Key	Enable AI Agent functionality	Add or remove in settings
Chat/Conversation History	Persist your AI Agent conversations	Clear conversations anytime
Extension Data	Store extension configurations and state	Remove extensions in settings
Scheduled Tasks	Store your automated task configurations	Delete tasks anytime
Background Images	Custom theme backgrounds	Remove in appearance settings

All locally stored data remains on your device and is not transmitted to Aera servers for collection. You can clear all local data at once using the "Clear All Local Data" option in Privacy settings. We do not have access to any of this data.

3. AI Agent & Third-Party Data

Important: Data sent to AI providers is not controlled by Aera.

3.1 How AI Features Work

When you use Aera's AI Agent features, your requests are sent directly to third-party AI services through OpenRouter—they never pass through Aera's servers. This process involves:

Your message/instruction is sent directly to the AI provider
Page content the Agent needs to read is sent to the AI provider
Screenshots or extracted page elements may be sent for analysis
Your conversation history may be included for context

3.2 Data Sent to AI Providers

The following data may be transmitted to AI providers when using Agent features:

Your Instructions: The prompts and messages you send to the Agent
Page Content: Text, HTML structure, and metadata from pages the Agent reads
Visual Data: Screenshots or images when visual analysis is needed
Context Information: Current URL, page title, and conversation history
Attachments: Files or images you explicitly attach to messages

3.3 Your API Key

You provide your own OpenRouter API key to use AI features. This key:

Is stored only on your local device
Is never transmitted to Aera
Is sent directly to OpenRouter/AI providers for authentication
Can be removed from settings at any time

3.4 AI Provider Privacy

Data sent to AI providers is subject to their privacy policies. We recommend reviewing:

OpenRouter Privacy Policy
The privacy policies of underlying AI models you select

We have no control over how AI providers handle, store, or use data sent through their services.

4. MCP Server Data

Aera's Model Context Protocol (MCP) server allows external AI tools to interact with the browser.

4.1 MCP Data Exposure

When the MCP server is enabled, connected external tools may access:

Page content and structure of open tabs
Screenshots of browser content
Ability to navigate, click, and type in the browser
List of open tabs and their URLs

4.2 Local Network Only

The MCP server operates on your local machine and is not exposed to the internet by default. However:

External tools on your machine can connect to the MCP server
Data exchanged with external tools is subject to those tools' privacy practices
You control when the MCP server is enabled or disabled

5. Extensions Data

Aera supports Chrome browser extensions, which may have their own data collection practices.

5.1 Extension Permissions

Extensions can request various permissions, including:

Access to your browsing history
Ability to read and modify page content
Access to cookies and other browser data
Network access to send data to external servers

5.2 Third-Party Extensions

Extensions are developed by third parties. We do not control and are not responsible for:

What data extensions collect
How extensions use or share your data
Extension privacy policies or practices

Review each extension's privacy policy before installation and only install extensions from trusted sources.

6. Security & Prompt Injection Risks

Important: AI agents interacting with web content face inherent security risks.

6.1 Prompt Injection

Malicious websites may contain hidden content designed to manipulate AI agents. This could potentially cause:

The Agent to reveal information from other pages or your conversations
Unintended actions to be performed
Sensitive data to be included in AI requests

6.2 Data Leakage Risks

When the Agent reads page content, that content is sent to AI providers. If you visit a malicious site, any data visible on that page could be transmitted. This includes:

Content from other tabs if the Agent is instructed to access them
Information from pages containing your personal data
Details about your browsing session and context

6.3 Your Responsibility

You accept responsibility for the risks associated with using AI Agent features. We recommend:

Being cautious about what pages you allow the Agent to access
Not using the Agent on pages with sensitive personal, financial, or medical information
Reviewing Agent actions, especially on unfamiliar websites
Understanding that AI provider policies govern data once it leaves your device

7. What We Don't Collect

Quixet LLC and Aera do not:

Track your browsing: We don't collect your browsing history, URLs, or page content
Store browsing data on servers: While we operate servers for authentication and updates, we do not collect or store your browsing data
Access your API keys: Your OpenRouter key stays on your device
Intercept AI conversations: Your conversations go directly to the AI provider and never pass through our servers
Sell your data: We don't sell or share personal data with third parties for marketing
Use tracking cookies: Aera doesn't set tracking cookies for analytics
Collect telemetry: We don't collect usage statistics or crash reports (unless you explicitly opt-in to future features)
Access your conversations: Your AI chat history remains on your device

8. Third-Party Services

Aera integrates with various third-party services. Each has its own privacy practices:

8.1 AI Services (OpenRouter)

When using AI features, your data is processed by OpenRouter and underlying AI model providers. Their handling of your data is governed by their respective privacy policies.

8.2 Search Engines

Search queries entered in Aera are sent to your selected search engine (Google, Bing, or DuckDuckGo). Search engines have their own data collection practices.

8.3 Websites You Visit

Websites you visit through Aera may collect data about your visit (cookies, analytics, etc.). This is standard web browsing behavior and is subject to each website's privacy policy.

8.4 Discord (Optional)

If you enable Discord Rich Presence, a simple "Using Aera" status is sent to Discord. No URLs, page content, or other browsing data is shared with Discord.

9. Data Security

9.1 Local Storage Security

Your data is stored locally using standard Electron/Chromium storage mechanisms. The security of this data depends on:

Your device's security measures (encryption, access controls)
Your account passwords and security practices
Physical security of your device

9.2 Transmission Security

When data is sent to AI providers:

Connections use HTTPS encryption
Your API key authenticates requests
Data in transit is encrypted

9.3 No Guarantees

No system is completely secure. While we design Aera with security in mind, we cannot guarantee absolute security of your data, especially data transmitted to third-party services.

10. Your Rights & Controls

You have control over your data in Aera:

10.1 Access & Deletion

History: View and clear browsing history in settings
Bookmarks: Add, edit, or delete bookmarks
Conversations: View and delete AI conversation history
Preferences: Modify or reset your preferences
API Keys: Remove your OpenRouter API key at any time
Extensions: Remove extensions and their data
Clear All Data: Use "Clear All Local Data" in Privacy settings to erase all local data at once

10.2 Feature Controls

MCP Server: Enable or disable the MCP server
Discord Presence: Enable or disable Discord status
Extensions: Enable or disable individual extensions
Scheduled Tasks: Create, modify, or delete automated tasks

10.3 Third-Party Data

For data sent to third-party services (AI providers, search engines), you must contact those services directly to exercise any data rights they may offer.

11. Children's Privacy

Aera Browser is not intended for children under 13 years of age (or the applicable age in your jurisdiction). We do not knowingly collect personal information from children.

If you believe a child has used Aera and provided personal information to third-party services through the browser, please contact those services directly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes:

We will update the "Last Updated" date at the top of this policy
Material changes may be communicated through the Software or our website
Your continued use of Aera after changes constitutes acceptance of the updated policy

We encourage you to review this policy periodically.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your data, please contact us:

Email: support@getaera.app

Contents