• Product
  • Features
  • Resources
  • Pricing
logo_new_white-300
alt=""

AIndrew Privacy Policy

Effective date: June 3 2026
Last updated: June 3 2026

AIndrew (“the Extension”, “we”) is a browser extension for Chromium-based browsers (Google Chrome, Microsoft Edge) that acts as an AI copilot for users of Approval Studio (“AS”). This policy explains what data we collect, how we use it, and your rights.

Questions about this policy? Contact [email protected]

1. What we collect

The Extension processes the following categories of data:

1.1 Approval Studio authentication credentials

WhatWhere storedHow long
Your AS bearer token (JWT) chrome.storage.local on your device Until you sign out or uninstall the Extension
Your AS account email (decoded from the token's sub claim) chrome.storage.local on your device Until you sign out or uninstall the Extension

The token is provided by AS when you complete the in-Extension sign-in flow. The Extension uses it to call AS APIs on your behalf.

1.2 Approval Studio workflow data

To produce daily briefings and real-time suggestions, the Extension reads:

  • Project metadata (project names, UIDs, state, due dates)
  • Asset metadata (file names, versions, upload timestamps, approval state)
  • Task metadata (assignees, status, comments)
  • Timeline events (approvals, rejections, uploads, task creation/completion) you have permission to see in AS

The Extension reads only data that your AS account already has permission to see. It does not bypass AS access controls.

1.3 Web Push subscription data

When you enable real-time alerts:

  • Your browser's push endpoint (issued by Google's Firebase Cloud Messaging on Chrome/Edge)
  • Cryptographic keys generated by your browser, used to encrypt push payloads to you

These are stored on the AIndrew backend (reporter.approval.studio) in an encrypted key-value store, keyed by a random registration ID generated at subscription time.

1.4 Local action history

A capped FIFO list of the actions you applied through the Extension (mutation name, parameters, success/failure, timestamp). Stored in chrome.storage.local on your device only — never transmitted off-device unless you explicitly share a debug log.

1.5 Settings and preferences

Your timezone, daily briefing time, alert toggles, text size, and similar in-app preferences. Stored in chrome.storage.local on your device.

1.6 Operational logs (transient)

The AIndrew backend keeps a short-lived ring-buffer log of recent webhook deliveries, push send attempts, and API errors to support debugging. Logs are bounded in size, redact bearer tokens, and rotate out within hours. They are not used for analytics or marketing.

What we do NOT collect

  • We do not access content of pages you visit outside of *.approval.studio and our own backend
  • We do not read your browser history
  • We do not track your location
  • We do not show ads
  • We do not sell, rent, or share your data with advertisers or data brokers

2. How we use this data

PurposeData used
Authenticate you to AS APIsAS bearer token
Produce your daily AI briefingProject / asset / task / timeline data, sent to Anthropic via our backend
Deliver real-time alertsPush subscription endpoint + AS webhook events
Apply actions on your behalfAS bearer token + your explicit click
Remember your preferencesSettings/preferences
Show your action historyLocal action history
Debug issuesOperational logs (server-side, transient)

3. Where your data goes

The Extension communicates with the following third parties:

3.1 Approval Studio

  • Domain: graphql.approval.studio, api.approval.studio
  • What we send: your bearer token (in HTTP headers), GraphQL queries and mutations you initiate
  • Why: the Extension's whole purpose is reading from and acting on your AS workflows
  • Privacy: governed by Approval Studio's own privacy policy

3.2 AIndrew backend (hosted by Approval Studio)

  • Domain: reporter.approval.studio
  • What we send: your AS bearer token (encrypted at rest with AES-256-GCM), your push subscription endpoint, requests to generate briefings
  • Why: the backend brokers AI calls so we can use your AS token without exposing the AI provider API key in the browser
  • Storage: AS tokens are encrypted at rest. Idle registrations are auto-cleaned after 30 days.

3.3 Anthropic (AI provider)

  • What we send: briefing context (project names, asset names, task descriptions, your team's recent activity) sent server-to-server from our backend
  • Why: to generate your AI briefing and suggestions
  • Privacy: governed by Anthropic's commercial Terms of Service. Anthropic does not train on data submitted via the API.
  • Bearer tokens, passwords, and credentials are never sent to Anthropic.

3.4 Google / Microsoft (push delivery)

  • What's sent: an encrypted push payload, addressed to a Firebase Cloud Messaging endpoint your browser issued at subscription time
  • Why: to wake the Extension's background service worker for real-time alerts
  • Privacy: governed by Google's / Microsoft's standard browser-vendor terms

4. How long we keep your data

DataRetention
Local data in chrome.storage.localUntil you sign out, click “Reset everything,” or uninstall the Extension
Push subscription on backendUntil you sign out, uninstall the Extension (auto-cleanup hook), or 30 days of inactivity
AS webhook registrationMirrored to push subscription lifetime — removed when registration is removed
Operational logsBounded ring buffer; rotates out within hours
Anthropic-side dataPer Anthropic's standard retention; not retained for training

5. Your rights and controls

5.1 Sign out

Clears your AS token and email from local storage and unsubscribes you from push. Other preferences and local action history are preserved (so signing back in is fast).

5.2 Reset everything

A button in the Extension's settings that fully tears down all local state and unsubscribes from push delivery on the backend.

5.3 Uninstall

Removing the Extension triggers a backend cleanup webhook that removes your push subscription and AS webhook registration. If the cleanup fails (e.g. backend unreachable at uninstall time), the same record auto-cleans on the 30-day idle pass.

5.4 Selective alert opt-outs

The Extension's settings let you disable any combination of: assetUploaded, assetApproved, assetRejected, fileMoved, projectStalled, noActivity24h. Disabled alerts are dropped server-side and on-device.

5.5 Right to access, rectify, delete

For data we hold on the AIndrew backend, email [email protected] to request access or deletion. For data held inside AS, follow AS's standard data-subject request process.

6. Security

  • Your AS bearer token is encrypted at rest on the backend with AES-256-GCM (32-byte key, key never leaves the server)
  • All transit is HTTPS / WSS only
  • Web Push payloads are signed and encrypted with VAPID — only your browser can decrypt them
  • The Extension does not load any third-party JavaScript at runtime (Manifest V3 / CWS remote-code policy)

If your AS token is compromised (e.g. shared device lost, suspected exposure), revoke it from AS directly. Currently AS token revocation is performed by AS support; reach out to [email protected].

7. Children's privacy

The Extension is a business tool for Approval Studio account holders. It is not directed at children under 13 and we do not knowingly collect data from children.

8. Changes to this policy

We will update this page when the policy changes and note the new “Last updated” date at the top. For material changes (new data categories, new third parties), we will surface an in-Extension notice at next popup open.

9. Contact

Questions about this policy, data deletion requests, or other privacy concerns: [email protected]