Privacy policy.
BrowserMan lets you connect your own Chrome browser to AI agents and automation tools that you control. Page content and cookies stay inside your browser — the server is a thin relay that carries commands between your agent and your browser.
This policy explains what the extension and server do with your data and why. If you self-host the BrowserMan server, this policy covers the browserman.run service only; your own instance is governed by you.
What the extension accesses
To execute automation commands issued by you or by an AI agent you have authorized, the extension may, on demand:
- Read and interact with the content of the active tab (click, type, scroll, extract text or the accessibility tree).
- Attach the Chrome DevTools Protocol to tabs it controls, which is required for reliable clicks, navigation, screenshots, and file uploads.
- Open, group, and close tabs in a dedicated BrowserMan tab group.
- Download files that a command explicitly requests.
- Store a small amount of local state via
chrome.storage(server URL, extension key, session token, extension id, auto-connect preference).
The extension only acts on tabs when you have explicitly paired your browser with a BrowserMan account and a command is in flight. It does not silently observe your general browsing.
What is sent to the BrowserMan server
When the extension is connected, the following flows through https://browserman.run (or the server you configure):
- Authentication material — a session token or extension key used to identify your browser. Tokens are stored in the database only as SHA-256 hashes.
- Command metadata — the command type (e.g.
click,navigate,read_page) and its parameters. - Command results — the data your agent asked for, such as extracted text, a screenshot, or the resulting URL. Results are relayed to your agent and not retained on the server beyond the lifetime of the response.
- Connection telemetry — connect/disconnect timestamps and recent execution summaries so you can see activity in your dashboard.
The server does not receive or store your cookies, localStorage, site credentials, pages from tabs that are not the explicit target of a command, or your general browsing history.
What is stored, and for how long
| Data | Where it lives | Retention |
|---|---|---|
| Account email, hashed password | BrowserMan server database | Until you delete your account |
| Hashed session tokens, hashed API keys | BrowserMan server database | Until you revoke them |
| Extension keys (needed in plaintext for WebSocket lookup) | BrowserMan server database | Until you delete the extension record |
| Recent execution summaries (command type + timestamp) | BrowserMan server database | Rolling window shown on your dashboard |
| Extension local state (server URL, keys, session token) | chrome.storage.local in your browser | Until you reset or uninstall |
You can delete any extension, API key, or your entire account from the BrowserMan dashboard at any time. Deleting an extension immediately revokes its ability to connect.
Who your data is shared with
BrowserMan does not sell or share your data with third parties. The only network parties involved are:
- You and the AI agent you authorized — your commands and their results go to the agent that holds your API key.
- The BrowserMan server you are pointed at (
https://browserman.runby default, or a self-hosted instance). - The websites your commands target — same as if you visited them yourself.
Permissions the extension requests
| Permission | Why it is needed |
|---|---|
tabs, tabGroups | Open, group, and close tabs created by automation commands |
debugger | Attach Chrome DevTools Protocol to controlled tabs for reliable clicks, screenshots, and navigation |
scripting | Inject the accessibility-tree helper into target tabs |
storage | Remember your server URL and pairing credentials locally |
alarms | Keep the service worker alive during an active session |
sidePanel | Render the BrowserMan side panel UI |
<all_urls> host access | Let you automate any site you choose — the extension only reads or interacts with a tab when a command explicitly targets it |
Contact
Questions, deletion requests, or security reports: support@browserman.run. See also the support page for common fixes.