Privacy Policy for the Timi Saver Chrome Extension
This Privacy Policy describes how the Timi Saver browser extension (the “Extension”), published by Timi.AI (“we”, “our”, “us”), handles your data. The Extension is an AI design assistant that lets you save image ideas from any public website, turn them into prompts, and generate new visuals.
This policy applies only to the Extension. For the Timi.AI web app, see our main Privacy Policy.
Timi Saver is an independent tool and is not affiliated with, endorsed by, or sponsored by any third-party website or service. All trademarks belong to their respective owners.
1. What the Extension Does
When installed and enabled, the Extension:
- Save: shows a small “T” button when you hover an image. When you click it, the Extension sends that image's URL, the page URL, and the page title to your Timi.AI account, and our backend fetches and stores that single image in your private library on Cloudflare R2.
- Get prompt: when you click it on a saved image, the image is sent to our backend and on to an AI vision model, which returns a text description (prompt) of that image.
- Generate: when you submit a prompt (and optionally reference images), that text and those images are sent to our backend and on to an AI image-generation model to create new images, which are saved to your library.
- Inspire: opens keyword searches on third-party design sites in new browser tabs. This happens entirely in your browser — we do not receive your search queries.
The Extension never sends data automatically. Saving, prompting, and generating only happen when you, the user, explicitly click the corresponding button.
2. Data We Collect
2.1 Data You Actively Submit (per save click)
When you click “Save”, we receive:
| Data | Purpose |
|---|---|
Image URL (e.g. https://pbs.twimg.com/media/...jpg) | To fetch and store the image |
Page URL (e.g. https://x.com/user/status/123) | To remember where you found the image idea |
| Page title | To help you identify the saved item later |
The actual image bytes are downloaded by our server from the public URL above, then stored on Cloudflare R2 under your account.
We collect the page URL and page title solely so you can trace where a saved image came from inside your personal library. They are never used to analyze your browsing behavior, build a profile, or track the sites you visit — they are stored only as a label on the specific item you chose to save, and only for items you explicitly save.
2.2 Data You Submit to AI Features
| Action | Data sent | Purpose |
|---|---|---|
| Get prompt | The saved image (sent to our AI vision provider) | To generate a text prompt describing that image |
| Generate | The prompt text you type, and any reference images you add | To generate new images you requested |
These are sent to our backend only when you click Get prompt or Generate, and on to the AI processors listed in section 4.
2.3 Account Data (one-time, at sign-in)
Your Google email address and name, used only to create and identify your Timi.AI account. We request only the basic profile scope (email and name) — we have no access to your Gmail, Google Drive, contacts, or any other Google data. Sign-in uses Chrome's official secure OAuth flow; we never receive your Google password or Google tokens.
2.4 Data Stored Locally in Your Browser
The Extension stores the following in your browser's local storage (chrome.storage.local), never transmitted to us:
- Your personal auth token (used to authenticate save / generate requests)
- Your settings (e.g. which platforms are pinned in the Inspire tab)
- A local count of how many images you have saved
This data stays in your browser and is removed when you uninstall the Extension.
2.5 Data We Do NOT Collect
- We do not track your browsing history.
- We do not scan or read page contents that you do not actively save.
- We do not use analytics, advertising IDs, or fingerprinting.
- We do not sell, rent, or share your data with advertisers.
- We do not collect cookies from sites you visit.
- Our content script only injects the “T” button UI into the page. It does not monitor your keystrokes, read the DOM of elements you don't hover, or report your page views to our servers.
- We do not collect any data from the third-party tabs opened by the Inspire feature — those searches happen entirely in your browser.
3. How We Use Your Data
| Purpose | Data Used |
|---|---|
| Store your saved images in your private library | Image URL, image bytes, page URL, page title |
| Generate a text prompt describing an image (Get prompt) | The image you select |
| Generate new images you requested (Generate) | Prompt text + reference images |
| Authenticate your requests | Auth token (locally stored, sent in Authorization header) |
| Help you organize and search your image ideas later | Page URL, page title, original image source |
We do not use your saved images for training AI models without your explicit consent.
4. Where Your Data Is Stored
| Data | Storage |
|---|---|
| Image bytes | Cloudflare R2 (S3-compatible object storage) |
| Image metadata, your account info | Supabase (PostgreSQL, hosted in AWS us-east-2) |
| Your settings + API token | Locally in your browser only |
Third-party processors used to deliver features:
- Cloudflare R2 — image storage (Privacy Policy)
- Supabase / Amazon Web Services — metadata & account storage (Privacy Policy)
- kie.ai — AI image generation; receives your prompt text and reference image URLs when you use Generate
- Google Gemini (via the Wavespeed API) — image-to-prompt analysis; receives the image when you use Get prompt
- Google OAuth — sign-in
These providers act as data processors only — they do not have permission to use your data for their own purposes.
5. Data Sharing
We do not share your data with any third party except:
- Infrastructure providers listed above (strictly for storage and delivery).
- Legal compliance, when required by valid court order or law enforcement request.
We have never received a government data request.
6. Data Retention
- Saved images and their metadata are retained as long as your Timi.AI account is active.
- You may delete any saved item from your Timi.AI library at any time, which permanently removes both the database row and the R2 object.
- If you delete your Timi.AI account, all data saved via the Extension is permanently deleted within 30 days.
7. Your Rights
You have the right to:
- Access all data we hold about you.
- Delete any or all saved items.
- Export your saved library.
- Revoke access by uninstalling the Extension (this clears all locally stored settings; cloud-stored items remain in your library until you delete them).
- Request deletion of your account and all associated data.
To exercise any of these rights, email support@timi.ai. We respond within 7 business days.
8. Security
- All traffic between the Extension and our servers is encrypted with HTTPS / TLS 1.3.
- Your API token is stored only in
chrome.storage.local, which is sandboxed per-extension and per-user by Chrome. - Saved images on R2 are protected by signed-URL access controls.
- We follow least-privilege principles for internal access to our databases.
If we discover a security incident affecting your data, we will notify you by email within 72 hours.
9. Children's Privacy
The Extension is not intended for children under 13. We do not knowingly collect data from children. If you believe a child has used the Extension, please contact us and we will delete the account.
10. International Users & Data Locations
Data at rest (saved images, image metadata, account info) is stored in the United States on Cloudflare R2 and AWS us-east-2 (Supabase).
Data in transit through AI processors may be processed in their own infrastructure regions when you trigger an AI feature:
- Get prompt — the image you select is sent through Wavespeed's API gateway to Google Gemini for analysis; processing region depends on Google's and Wavespeed's infrastructure.
- Generate — your prompt text and reference image URLs are sent through kie.ai's API gateway to the underlying generation model (OpenAI GPT Image / Black Forest Labs Flux); processing region depends on the upstream provider.
All AI processors operate under contractual agreements as data processors only — they may not retain, train on, or otherwise use your inputs beyond returning the requested result. Refer to each processor's privacy policy linked in section 4 for their specific regional and retention details.
By using the Extension, you consent to the transfer of your data to the United States and to the AI processor regions above, which may have different data protection laws than your country.
For users in the European Union: we rely on the legitimate interest legal basis (Art. 6(1)(f) GDPR) for operating the service, and your explicit consent (Art. 6(1)(a)) for each save, prompt, or generate action you initiate.
11. Changes to This Policy
We will update this policy when our practices change. The “Last updated” date at the top reflects the most recent revision. If we make material changes, we will notify active users by email at least 14 days before the change takes effect.
12. Contact
| Channel | Contact |
|---|---|
| support@timi.ai | |
| Mailing address | [Insert legal address used for Chrome developer registration] |
| Data Protection Officer | dpo@timi.ai |
13. Chrome Web Store Compliance Statement
This Extension complies with the Chrome Web Store Developer Program Policies, including the Limited Use policy:
- The Extension's single purpose is to help you save image ideas to your Timi.AI library and reuse them to create new visuals.
- We use the data only to provide the features you actively use (save, get prompt, generate).
- We do not sell, transfer, or use your data for purposes unrelated to this single purpose.
- We do not allow humans to read your data, except (a) with your explicit consent for support, (b) for security investigations, or (c) when required by law.
The use of information received from Google APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements.