Privacy Policy

Our Privacy Commitment

TLD2 is built on a privacy-first foundation. Your reading habits, article content, and personal data are yours alone. We designed TLD2 to process everything locally on your device by default, ensuring your information never leaves your computer unless you explicitly choose to use optional cloud features.

Data We Do NOT Collect

TLD2 does NOT collect, store, or transmit the following:

• Browsing History - We never track which pages you visit or read
• Article Content - Article text stays local (except optional Gemini API mode)
• Personal Information - No names, emails, IP addresses, or user profiles
• Usage Analytics - No telemetry, crash reports, or usage statistics
• Cookies or Tracking - No cookies, tracking pixels, or third-party analytics
• Search Queries - We don't log or store your searches or summaries

Local AI Mode (Default)

When using TLD2 in Local AI Mode (the default configuration):

What Happens

• Article content is extracted using Readability.js in your browser
• Summaries are generated by Chrome's built-in AI on your device
• Text-to-Speech synthesis runs via StreamingKokoroJS locally
• All processing occurs in browser memory—no data stored on disk
• Zero network requests are made for content processing

Data Flow Diagram (Local Mode)

Web Page (your browser)
  ↓
TLD2 Content Script (local extraction)
  ↓
Chrome AI Summarizer (local inference)
  ↓
StreamingKokoroJS TTS (local synthesis)
  ↓
Audio Playback (your speakers)

❌ No external servers contacted
❌ No data leaves your device
✅ 100% private processing

Settings Storage (Local Mode)

TLD2 stores only user preferences locally using chrome.storage.local and chrome.storage.sync:

• Voice selection (e.g., "af_sky")
• Speed and pitch settings (e.g., 1.2x speed)
• Auto-play preference (true/false)
• Theme preference (light/dark/auto)

This data is stored only in your Chrome profile and synced across your devices via Chrome Sync (if enabled in your Chrome settings). We have no access to this data.

Cloud AI Mode (Optional - Gemini API)

TLD2 offers an optional cloud mode using Google's Gemini API for enhanced summarization quality. This mode is opt-in only and requires you to provide your own Gemini API key.

What Data is Shared (Gemini Mode Only)

When you explicitly enable Gemini API and provide your own API key:

• Article text content is sent to Google's Gemini API for summarization
• Your API requests are subject to Google's Privacy Policy
• Your Gemini API key is stored locally in chrome.storage.sync

What We Do NOT Share

• We do NOT receive or store your Gemini API key
• We do NOT log or track which articles you summarize
• We do NOT have access to your Gemini API usage data
• API requests go directly from your browser to Google—TLD2 acts as a client only

Data Flow Diagram (Gemini Mode)

Web Page (your browser)
  ↓
TLD2 Content Script (local extraction)
  ↓
[Your Browser] → HTTPS → [Google Gemini API] → [Your Browser]
  ↓
TLD2 Sidebar (display summary)
  ↓
StreamingKokoroJS TTS (local synthesis)
  ↓
Audio Playback (your speakers)

⚠️ Article text sent to Google Gemini API
✅ TTS still processes locally
✅ TLD2 does not receive or log your data

Controlling Cloud Mode

• Gemini API mode is OFF by default
• You must explicitly enable it in TLD2 settings
• You must provide your own Google AI Studio API key
• You can switch back to Local AI mode anytime
• Removing your API key disables cloud mode immediately

Chrome Extension Permissions

TLD2 requests the following Chrome permissions:

Note: TLD2 does NOT request permissions for browsing history, cookies, or broad website access. We only access content when you explicitly invoke TLD2.

Model Downloads

On first use, TLD2 downloads the following AI models to your local device:

• Kokoro TTS Model (~86 MB) - Stored in browser cache (IndexedDB)
• ONNX Runtime WASM (~2-5 MB) - Stored in extension bundle

Models are downloaded from Hugging Face and cached locally. After initial download, no internet connection is required for Local AI mode.

Third-Party Services

Chrome AI Summarizer (Local Mode)

When using Local AI mode, TLD2 uses Chrome's built-in AI Summarizer API. This is a local, on-device API provided by Google Chrome. No data is sent to external servers.

Refer to Chrome's Built-in AI documentation for more details.

Google Gemini API (Optional Cloud Mode)

When you opt-in to Gemini API mode with your own API key:

• Article text is sent directly from your browser to Google's Gemini API
• Governed by Google's Privacy Policy
• You control API usage through your Google AI Studio account

Hugging Face (Model Hosting)

AI models are downloaded from Hugging Face (onnx-community/Kokoro-82M-v1.0-ONNX) on first use. This is a one-time download cached locally. Hugging Face's privacy policy applies to model downloads.

Data Retention

TLD2 does not retain any user data on external servers because we don't have any servers. All data exists only in your browser:

• Settings: Stored in chrome.storage until you uninstall the extension or clear browser data
• Cached Models: Stored in IndexedDB until you clear browser cache or uninstall
• Summary Cache (Optional): If enabled, summaries cached locally for 24 hours to reduce API calls

How to Delete Your Data

1. Settings: Open TLD2 settings and click "Reset to Defaults"
2. Cached Models: Clear browser cache at chrome://settings/clearBrowserData
3. Complete Removal: Uninstall TLD2 extension—all data deleted immediately

Security

TLD2 implements security best practices:

• Manifest V3: Modern Chrome extension architecture with enhanced security
• Content Security Policy (CSP): Strict CSP prevents script injection and XSS attacks
• Static Bundling: All code bundled locally—no remote script execution
• No eval(): No dynamic code evaluation or inline scripts
• HTTPS Only: API requests use HTTPS encryption
• API Key Storage: Gemini API keys encrypted by Chrome's storage API

Children's Privacy

TLD2 does not knowingly collect any information from children under 13 (or applicable age in your jurisdiction). Because we don't collect any personal information at all, TLD2 is safe for users of all ages.

Parents and guardians should supervise young users when accessing web content and using optional cloud features.

International Users

TLD2 is a client-side browser extension that runs locally on your device regardless of location. Since we don't collect or transmit personal data (in Local AI mode), GDPR, CCPA, and similar privacy regulations are not applicable.

If you use optional Gemini API mode, Google's international data practices apply (see Google's Privacy Policy).

Changes to This Policy

We may update this Privacy Policy to reflect changes in TLD2's functionality or legal requirements. Significant changes will be announced through:

• Updated "Last Updated" date at the top of this page
• Changelog entry at tld2.io/changelog
• Extension update notes (if applicable)

Continued use of TLD2 after policy updates constitutes acceptance of changes.

Verification of Privacy Claims

We encourage technical users to verify our privacy claims:

1. Network Monitoring: Use Chrome DevTools (Network tab) to confirm no data is sent in Local AI mode
2. Code Inspection: Review TLD2's source code (available in extension package)
3. Storage Audit: Inspect chrome://extensions → TLD2 → Storage to see stored data
4. Documentation: Read our Privacy Settings Guide for technical details

Contact Us

For privacy-related questions or concerns:

• Email: privacy@tld2.io
• Contact Form: tld2.io/contact

We take privacy seriously and will respond to inquiries within 7 business days.