AI Toolbox for Grok Privacy Policy
Last updated: July 07, 2026
Notice of changes: We review this policy whenever our data-handling practices, features, or legal obligations change. The date above reflects the most recent revision. For material changes (such as new data categories, new third-party processors, or changes to your rights), we will make reasonable efforts to notify you through the extension or by email at least 14 days in advance.
At AI Toolbox ("we", "us", "our"), operated by Infi Developments, we are committed to protecting your privacy. This Privacy Policy comprehensively explains what data the Grok module collects, how we collect it, how we handle, store, and share it, and your rights, in plain language. The Grok module runs on both Grok surfaces: the X-embedded Grok at x.com/i/grok and the standalone grok.com.
1. Data Controller
Infi Developments is the data controller responsible for your personal data. For any privacy-related inquiries, contact us at [email protected].
2. What Data We Collect
We collect only the minimum data needed to provide our service. Below is a complete list of every category of data the Grok module handles:
2.1 Account identity
Grok has one identity across both surfaces: your X (Twitter) account, expressed as the numeric X user id. Because x.com is password-gated and exposes no email, we identify your Grok account by your X @handle, which you supply at checkout and which we resolve to your numeric X user id to recognize your subscription. On grok.com, which also exposes an email, that email may be used as a fallback identifier when no X link is present. We do not collect your name, password, physical address, or any other personal identifiers.
Handle matching: To recognize your subscription, the X handle you enter at checkout must be the handle of the X account you use for Grok. If it differs or was mistyped, contact us at [email protected] and we will reconcile your entitlement.
2.2 Data stored locally in your browser (never sent to our servers)
The following data is stored entirely on your device and is never transmitted to our servers:
- Your Grok conversation content and message text (from both x.com/i/grok and grok.com)
- Your X and grok.com browser session data (used to communicate with Grok on your behalf)
- Extension settings and preferences
- Local search history and recent searches within the extension
- Conversation cache (stored in your browser's IndexedDB for faster search and export)
- Smart Tags computed locally from your cached conversations
2.3 Data synced to our servers
When cloud sync is enabled, the following data is transmitted over HTTPS and stored on our servers, keyed to your X user id so it follows you across x.com/i/grok and grok.com. We do not store your conversation content on our servers:
- Folder names, folder structure, and folder color preferences
- Saved prompts, prompt definitions, and prompt chains
- Conversation IDs (for folder assignments)
- Labels, tags, and message bookmarks applied to conversations
2.4 Payment data
Payments for the AI Toolbox Grok module are processed by Polar (our payment provider). We do not store your credit card details. At checkout you provide your X @handle in a dedicated field so we can link your purchase to your Grok account; Polar provides us with your payment status and the details you entered so we can verify your subscription. Polar's privacy policy governs how they handle your payment information.
2.5 Install and uninstall information
When you install the extension, a welcome page is opened in your browser. When you uninstall the extension, a feedback page may be opened. No additional data is collected during install or uninstall beyond what is described in this policy.
2.6 Analytics
We use Google Analytics on our Chrome Web Store listing page only. We do not use third-party analytics within the extension itself or on our website.
2.7 Cookies
We do not use cookies on our website or within the extension.
3. How We Collect Your Data
We collect data through the following methods:
- Session authentication: The extension reads authentication information from your existing X and grok.com browser sessions (via the browser's standard storage and webRequest APIs) to communicate with Grok on your behalf and to derive your X user id. We do not intercept, read, or store the content of your Grok messages on our servers through this mechanism.
- Checkout: You provide your X @handle in the dedicated field at checkout so we can link your subscription to your Grok account.
- Your actions in the extension: When you create folders, save prompts or chains, bookmark or label messages, these are synced to our servers if cloud sync is enabled.
4. How We Use Your Data
We use the data we collect for the following purposes only:
- Provide our service: Enable folder sync, prompt and chain access, bookmarks, and labels across your devices and across both Grok surfaces.
- Authenticate your account: Identify your Grok account by your X user id (resolved from your handle) to provide personalized access to your synced data.
- Verify subscriptions: Check your payment status via Polar to unlock Premium features.
- Respond to support requests: If you contact us, we use your email or handle to respond.
- Improve the extension: Aggregated, non-personal usage patterns help us understand which features are most valuable so we can improve the experience.
5. How We Store Your Data
Local storage (your browser)
The majority of extension data, including your conversation content, search history, Smart Tags, and settings, is stored locally on your device using Chrome's built-in storage APIs (chrome.storage.local) and IndexedDB. This data never leaves your browser unless you enable cloud sync for supported features.
Server storage (our infrastructure)
Synced data (folders, prompts, chains, conversation IDs, labels, bookmarks) is stored on our secure servers hosted on industry-standard cloud infrastructure, keyed to your X user id. Data in transit is protected with HTTPS/TLS encryption. Your Grok conversation content is never stored on our servers.
6. Data Sharing and Third Parties
We do not sell, rent, or trade your personal data. We share data only with the following parties, and only as described:
- Our backend servers (api.infi-dev.com): Your X user id (for authentication and entitlement) and your synced data (folders, prompts, chains, conversation IDs, labels, bookmarks).
- Polar (payment processor): Payment processing and subscription management. They receive your payment details and the X handle you entered at checkout directly. We only receive your payment status and the details you entered from them.
- X / xAI (x.com/i/grok) and grok.com: The extension communicates with Grok's existing interfaces using your active browser session to provide its features (e.g., fetching conversations for search and export). This is the same data your Grok account already has access to, so we do not send any additional personal data to X or xAI. We also perform a lookup to resolve your X @handle to your numeric X user id.
- Google Analytics: Anonymous, aggregated usage data on our Chrome Web Store listing page only. No analytics are collected within the extension.
- Legal obligations: We may disclose data if required by law or in response to a valid legal request from a government authority.
We do not share your data with any other third parties, advertisers, data brokers, or AI model training services.
7. Legal Basis for Processing (GDPR)
We process your data based on the following legal grounds under GDPR Article 6:
- Contract performance: Processing necessary to provide the services you signed up for (e.g., syncing folders across devices, identifying your Grok account, verifying your subscription).
- Legitimate interest: Processing necessary for the operation and improvement of our services (e.g., aggregated usage analytics to improve features), provided it does not override your rights.
- Consent: Where applicable, we process data based on your explicit consent (e.g., enabling cloud sync). You may withdraw consent at any time by disabling the relevant feature or contacting us.
8. Data Security
We take the security of your data seriously and implement multiple layers of protection:
- Encryption in transit: All communication between the extension and our servers uses HTTPS/TLS encryption.
- Minimal data collection: We follow the principle of data minimization. We only collect what is necessary to provide our service.
- Local-first architecture: The majority of your data (including all conversation content) never leaves your browser, reducing exposure risk.
- Secure infrastructure: Our servers are hosted on industry-standard cloud infrastructure with regular security updates.
- No conversation content on our servers: We never store the content of your Grok conversations on our servers.
9. Your Rights
Under GDPR and applicable data protection laws, you have the following rights. To exercise any of these rights, contact us at [email protected]:
- Right of access: Request a copy of the personal data we hold about you.
- Right to rectification: Request correction of inaccurate data (for example, a mistyped X handle).
- Right to erasure: Request deletion of your personal data from our servers.
- Right to data portability: Request your data in a structured, machine-readable format.
- Right to restrict processing: Request that we limit how we use your data.
- Right to object: Object to processing based on legitimate interest.
- Right to withdraw consent: You can disable cloud sync at any time in extension settings to stop data transmission to our servers. For other consent-based processing, contact us.
- Right to lodge a complaint: You have the right to file a complaint with your local data protection authority.
We will respond to all data rights requests within 30 days.
10. Data Retention
We retain your synced data (folders, prompts, chains, conversation IDs, labels, bookmarks) for as long as your account is active and cloud sync is enabled.
- Local data: Data stored in your browser persists until you clear your browser data or uninstall the extension.
- Server data: Synced data is retained until you request deletion or your account is removed.
If you wish to have your server-side data deleted, contact us at [email protected] and we will remove all associated data from our servers within 30 days.
Uninstalling the extension removes all locally stored data from your browser immediately. Server-side data requires a separate deletion request.
11. International Data Transfers
Our services are available worldwide. Your data may be processed in countries outside your country of residence. Where we transfer data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place in compliance with GDPR requirements.
12. Children's Privacy
Our free extension does not have age restrictions. However, purchasing a paid plan requires a valid payment method (credit card, PayPal, or Apple Pay), which is limited to individuals of legal age in their jurisdiction. We do not knowingly collect personal data from children under 16. If you believe a child has provided us with personal data, contact us at [email protected] and we will promptly delete it.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. For significant changes, we will make reasonable efforts to notify you via the extension or email.
14. Contact Us
If you have any questions about this Privacy Policy, your data, or your rights, contact us at: [email protected]