Depth is a Chrome extension that runs in your browser. By default, it sends article text to Depth Hosted — our managed backend — so we can return a summary, quiz, or Socratic dialogue without you having to wire up a model provider yourself. You can also switch to bring-your-own-key mode in Settings to call a third-party provider (OpenRouter, OpenAI, Anthropic, and others) directly using your own API key. This document explains both modes — what stays on your device, what leaves it, and what never gets collected at all.
Depth processes web pages locally in your browser. When you ask for a summary, quiz, or Socratic dialogue, the article text is sent over HTTPS to either Depth Hosted (the default — our managed backend, which assigns you an anonymous account and routes to a language model on your behalf) or, if you've switched to bring-your-own-key, to the model provider you configured. We don't sell data, run ads, or load third-party analytics. The Depth extension has no telemetry pings and the marketing site sets no cookies.
01Who this policy covers
This policy applies to the Depth browser extension distributed via the Chrome Web Store
and to the marketing site at depth.microfalls.com. It is published by the
Depth contributors (collectively, "we" or "Depth"). It does not cover the third-party
model providers you connect Depth to — each has its own privacy policy that applies to
the requests you send them. We point to those policies below.
02What data the extension handles
The extension has three runtime contexts — a content script that runs on the current tab, a background service worker that owns network traffic, and an options page for your settings. The table below describes every category of data each of them touches. Rows marked hosted apply only when you're using Depth Hosted (the default); rows marked BYO apply only when you've switched to bring-your-own-key. The rest apply in both modes.
| Category | Where it lives | What we do with it |
|---|---|---|
| Page text | Extracted from the active tab via Mozilla Readability when you open the panel. | Sent over HTTPS to Depth Hosted (default) or to the BYO provider you configured. Not stored by Depth in any form other than the local cache below. |
| Hosted session hosted | Tokens at depth:hostedAccessToken / hostedRefreshToken and a user ID at hostedSubjectId. |
Authenticates your requests to Depth Hosted. The user ID is anonymous by default — generated for you on first use — and only becomes tied to your identity if you sign in with Google to upgrade to a permanent account. |
| Account state hosted | Cached projections at hostedEmail, hostedTier, hostedSubscriptionStatus. |
Mirrors your Depth Hosted account so the options page can render your tier and remaining quota without an extra round trip. Populated lazily on demand. |
| API key BYO | chrome.storage.local on your device, scoped to the extension. |
Read by the service worker when calling your provider. Never transmitted anywhere except to that provider's API endpoint. |
| Generated content | Local cache under depth:cache:<kind>:<hash> with a 7-day TTL. |
Used to skip a regenerate when you reopen the same page; invalidated when you change provider, model, language, or after 7 days. |
| Per-page session state | Local storage under depth:session:<url> with a 24-hour TTL. |
Remembers which depth you were on, your quiz answers, and your in-progress Socratic conversation so the panel doesn't reset between visits. |
| Saved cards ("deck") | Local storage under depth:deck. |
Holds anything you explicitly save with "Save to deck." Kept until you remove them or uninstall. |
| Settings | Local storage on your device. | Stores your provider mode, provider, model, language preference, and a consent fingerprint indicating which provider you've agreed to send page text to. |
Everything in this table lives on your device. The hosted backend also stores a server-side record of your account and request history — see section 04 below. To clear local data, remove the extension from Chrome (which deletes its storage) or use the Reset controls in Settings.
03What leaves your browser during generation
The payload is the same in both modes, but the destination differs. We do not send your browsing history, your other tabs, your IP address beyond what HTTPS naturally exposes to the receiving server, images, iframes, or any other page on your machine. For Deep Dive (Socratic dialogue), each of your turns is sent along with a short grounding summary so the model can stay on-topic.
If you use Depth Hosted (the default)
Each generation is a single HTTPS request to our backend at
nyducfbgsvbhyazfnysh.supabase.co/functions/v1, containing:
- The article title and the text extracted by Mozilla Readability.
- Your preferred output language, if you set one.
- An
Authorizationheader carrying your hosted access token, which the server uses to identify your (anonymous or permanent) account, enforce the daily free-tier quota, and route the request.
Depth Hosted then calls a backing language-model provider on your behalf, streams the response back, and records a server-side log entry tied to your account ID for quota accounting and abuse prevention. We retain those logs only as long as needed for billing, quota, and integrity — see section 04. The backing LLM provider sees the article text in our outbound request but does not receive your account ID or any other identifier we hold about you.
If you use bring-your-own-key
The same payload (title, text, language, system prompt) goes directly to the provider you configured in Settings, using your API key. Depth Hosted is not involved and we — the publishers of the extension — receive nothing.
Consent gate
Before any generation starts, the panel checks a stored fingerprint against your current settings. If you change provider mode, provider, model, or language, the consent gate re-prompts you — we want it to be unambiguous which party is about to see the page text.
04Depth Hosted and the third parties it relies on
When you use the default hosted mode, Depth is the data controller for your account and request logs, and we rely on the following sub-processors to operate the service:
- Supabase hosts our backend (Postgres + Edge Functions) and provides the authentication layer. Your anonymous user record, Google sign-in (if you choose one), session tokens, and request logs live there. supabase.com/privacy.
- Stripe handles payments and subscriptions if you upgrade to a paid tier. Stripe receives your email and billing details directly; Depth never sees full card numbers. stripe.com/privacy.
- A backing language-model provider receives the article text in our outbound generation requests so it can produce the summary, quiz, or Socratic reply. The current provider is DeepSeek (platform.deepseek.com/privacy); requests are sent to DeepSeek's API over HTTPS and are governed by their data-handling policies. We don't pass your Depth account identifier through to them, and we contract for a no-training option on submitted data. If we change the backing provider we will update this policy and surface the change in the extension before any new data flow begins.
What Depth Hosted itself logs: per request, we keep a record of your account ID, timestamp, request kind (generate / quiz / dive), token counts, and any error code, for up to 90 days. This is what lets us enforce the daily free-tier quota, bill paid tiers, and investigate abuse. Our logs never contain the article text or the model output — error paths emit only the error class and message, never the request body. The generated summary is cached server-side for up to 7 days, keyed by a content hash, so that a second user opening the same article doesn't trigger a fresh upstream call; the underlying article text is not stored alongside the cached summary. Local caching on your device, described above, is separate.
If you use bring-your-own-key
Depth currently supports OpenAI-compatible endpoints from the following vendors. When you select one, your requests are governed by that vendor's privacy and data-retention policies — including whether they log requests, train on them, or share them with sub-processors. Review them before sending sensitive content.
- OpenRouter — openrouter.ai/privacy
- OpenAI — openai.com/policies/privacy-policy
- Anthropic — anthropic.com/legal/privacy
- Google (Gemini API) — ai.google.dev/gemini-api/terms
- DeepSeek, Qwen, Groq, Mistral, xAI, and self-hosted Ollama — see each provider's website for current terms.
If you run a local provider such as Ollama, Depth will reach it at the host you've granted permission for and no data leaves your machine.
05What Depth itself collects
The Depth extension contains no analytics, crash reporters, telemetry pings, advertising identifiers, or third-party trackers. Whatever data we hold about you is captured server-side by Depth Hosted, only when you actively use it, and is limited to:
- Your account record — an anonymous user ID by default, optionally tied to an email address if you sign in with Google.
- Subscription state, if you upgrade to a paid tier (managed in Stripe).
- Per-request logs as described in section 04, retained for up to 90 days.
If you only ever use bring-your-own-key mode, we hold nothing about you on any server. The extension does not phone home in that mode.
The marketing site
The site at depth.microfalls.com is a static page hosted on Cloudflare Pages.
Cloudflare may keep standard request logs (IP address, user agent, request path, timestamp)
for operational and security purposes; see Cloudflare's privacy policy.
The site does not set cookies and does not run analytics scripts.
The verification page
A page at /captcha is used by the Depth Hosted signup flow to verify that
signups come from real browsers. It loads Cloudflare Turnstile, which performs a challenge
in your browser; Cloudflare receives the data described in
Cloudflare Turnstile's documentation.
We do not collect, transmit, or store anything additional from that page.
06Permissions the extension requests
Chrome surfaces every permission an extension uses at install time. Here's what each one is for in Depth:
activeTab— read the text of the page you're actively viewing when you open the panel.storage— keep your settings, cache, sessions, and deck on your device.scripting— inject the panel UI into the active tab.identity— used when you sign in to Depth Hosted with Google, so the extension can complete the OAuth redirect flow inside the browser.- Optional host permissions — granted to the Depth Hosted origin on first use, and to any BYO provider's API endpoint when you pick that provider in Settings.
07Data retention and deletion
On your device. Local caches expire automatically — generated content after 7 days, session state after 24 hours. Settings, API keys, saved deck entries, and hosted session tokens persist until you change or remove them. To erase everything Depth has stored on your device, remove the extension from Chrome (which deletes its storage) or use the Reset controls in Settings.
On Depth Hosted. Per-request logs are retained for up to 90 days for quota, billing, and abuse purposes, then deleted. If you only have an anonymous account, signing out and clearing extension storage effectively orphans the server-side record — we have no way to link it back to you. If you have a permanent (Google-linked) account, you can delete it by emailing support@microfalls.com; we will remove your account record, billing identifiers held by us, and any logs older than operational retention requires. Stripe retains its own copy of transaction records as required by law.
08Children's privacy
Depth is a general-audience reading tool. It is not directed at children under 13 and does not knowingly collect any data from them. Because the extension doesn't collect personal data at all, this is in part by construction.
09International users
Depth runs in your browser. Whatever cross-border transfers occur happen between you and the model provider you've chosen — Depth itself does not move your data across jurisdictions. If you're subject to GDPR, CCPA, or similar regimes, your rights of access, correction, and deletion apply primarily to the data those providers hold; for the local data Depth keeps on your device, you can exercise those rights directly through Chrome.
10Changes to this policy
If we change how Depth handles data — for example, by adding a new sub-processor or changing what we log — we'll publish an updated policy here, bump the "Effective" date at the top of this page, and surface the change in the extension before it takes effect. Material changes will require fresh consent before any new data flow begins.
11Contact
Privacy questions, complaints, or requests can go to support@microfalls.com. The Depth source code is open and you can also file an issue on the project's repository if your question is technical rather than personal.