Privacy Policy

This policy describes what data Dispel collects, how it is stored, and how it is used when you use the extension.
What Data We Collect

Dispel collects and processes the following data:

Website content: When you submit a prompt, Dispel reads the visible HTML structure of the current webpage. Before transmission, the HTML is sanitized: script, style, noscript, meta, link, iframe, canvas, SVG, and head elements are removed; invisible and off-viewport elements are excluded; all attributes are stripped except id, class, style, href, role, data-testid, data-qa, type, name, placeholder, src, alt, and title; comments are removed and whitespace is normalized. This cleaned HTML is sent to your chosen AI provider to generate CSS.
Page URL and title: Sent to the AI provider alongside your prompt so it can generate contextually accurate CSS. Also stored locally alongside your prompt history so you can organize styles by website.
Viewport dimensions and scroll position: The current window width, height, and scroll offset are sent to the AI provider so it can generate CSS appropriate for the visible area.
Picked elements: When you use the element picker, the outerHTML of the clicked element is sent to the AI provider so it can target that specific element with CSS.
User-uploaded files: If you attach .css, .txt, or .md files to a prompt, their text contents are sent to the AI provider.
API keys: The API keys you enter for AI providers are stored locally in your browser using chrome.storage.local. They are only transmitted to the respective AI provider's API endpoint (in the Authorization header) when you submit a prompt.
Prompt history and generated CSS: Your prompts and the resulting CSS are stored locally in chrome.storage.local. This data never leaves your device except when included as context in a subsequent AI request.
Local CSS cache: A small cache of the most recently applied CSS per hostname is stored in the visited website's localStorage (under the key dispel_styles_cache) so styles can reapply quickly on page reload before the extension's storage is available.


How Data Is Stored

Local storage only: Prompt history, generated CSS, active drafts, API keys, model configurations, and UI preferences are stored in chrome.storage.local — a browser-managed storage area scoped to this extension. This storage is sandboxed per extension and not accessible to other extensions or websites. Data persists on the user’s device until it is deleted.
AI provider transmission: When you submit a prompt, the extracted page HTML, prompt text, any attached files, previously generated CSS, viewport dimensions, and page URL/title are transmitted over HTTPS to the AI provider you have configured. Processing and retention of this data are governed by the AI provider’s own privacy policy.
No server-side storage: Dispel does not operate backend servers for storing user data. All data is stored locally on the user’s device or sent directly to the selected AI provider at request time.


How Data Is Used

Website content: Used exclusively to generate accurate CSS selectors and styles that match the current page's structure.
Page URL and title: Used to group and filter your saved styles by website, and to provide context to the AI provider.
Viewport dimensions and scroll position: Used by the AI provider to generate CSS appropriate for the visible portion of the page.
Picked elements: Used to target specific elements on the page with precise CSS.
User-uploaded files: Used to provide additional context to the AI provider for generating CSS.
API keys: Used to authenticate requests to your chosen AI provider.
Prompt history and CSS: Used to reapply previously generated styles when you revisit a website, and to provide context for iterative styling requests.
Local CSS cache: Used to reapply styles quickly on page reload before the extension's main storage is queried.


Third-Party Services

Dispel connects to AI providers that you configure. These may include:

OpenAI — Privacy Policy
Anthropic — Privacy Policy
Google — Privacy Policy
OpenRouter — Privacy Policy
Local models (Ollama) — No data leaves your device


You may also configure a custom base URL to connect to any OpenAI-compatible API endpoint. In that case, data is sent to the endpoint you specify.

Dispel does not use analytics, telemetry, crash reporting, or any tracking services.
Data Sharing

Dispel does not sell, rent, or share any data with third parties beyond the AI provider you explicitly configure. Your prompt history, CSS, and preferences never leave your device except as described above (transmission to your configured AI provider when you submit a prompt).
Data Retention and Deletion

All data is stored locally on your device and persists until you delete it.
You can delete individual prompts from the side panel's prompt store.
You can clear all extension data by removing the extension from your browser.
The local CSS cache (dispel_styles_cache) is stored in each visited website's localStorage and can be cleared through your browser's site data settings.
Data sent to AI providers is subject to each provider's own retention policies. Consult their privacy policies for details.


Changes to This Policy

If this privacy policy changes, the updated version will be published at this URL with a new "Last updated" date. Significant changes may be communicated through the extension's options page or store listing.
Contact

For privacy inquiries, contact: support@usedispel.dev