In short: AutoBoom collects only your email address for authentication.
We do not sell, share, or monetize your personal data. All generation data stays
within Google Flow — we never access or store your images or videos.
📋 1. Data We Collect, How It's Used, and Who It's Shared With
We collect the minimum data necessary to provide the service. The table below details every piece of data
AutoBoom handles:
| Data |
Purpose |
Stored Where |
Shared With |
| Email address |
Account authentication (OTP / magic link) |
Supabase (AWS, SOC 2) |
Supabase |
| Daily usage count |
Enforce free-tier limits (10/day) |
Supabase |
Not shared |
| Subscription status |
Determine Free vs Premium plan |
Supabase + Stripe |
Stripe |
| AI prompt text opt-in |
AI-powered prompt rewriting |
Not stored by AutoBoom |
User-selected AI provider |
| Telegram bot token opt-in |
Completion notifications |
chrome.storage.local |
Telegram API |
| Discord webhook URL opt-in |
Completion notifications |
chrome.storage.local |
Discord API |
| Project settings & prompts |
Local workflow state |
chrome.storage.local |
Not transmitted |
🚫 2. What We Do NOT Collect
- ✕We do not collect, store, or transmit your
prompts, images, or videos (except when you opt in to AI prompt rewriting).
- ✕We do not track browsing history or activity
outside of Google Flow.
- ✕We do not use cookies, analytics, or
third-party tracking.
- ✕We do not sell or monetize your personal
data.
🔗 3. How Data Is Shared With Third Parties
AutoBoom shares user data only with the following services, and only as described below:
- →Supabase (authentication provider) — Receives
your email address, daily usage counter, and subscription status for account management. Hosted
on AWS with SOC 2 compliance. Supabase
Privacy Policy.
- →Stripe (payment processor) — Receives your
email for payment processing when you subscribe to Premium. AutoBoom never sees or stores your
credit card details. Stripe Privacy
Policy.
- →Google Flow (labs.google) — AutoBoom automates
the Google Flow user interface. Your prompts, images, and videos remain within Google's
infrastructure. AutoBoom does not extract or transmit this content.
- →AI Providers (opt-in only) — If you enable AI
prompt rewriting in Settings, the text of your prompt is sent to your selected provider
(DeepSeek, OpenAI, Google Gemini, Anthropic, or OpenRouter) for processing. No other data is
sent. This feature is disabled by default.
- →Telegram (opt-in only) — If you configure
Telegram notifications in Settings, completion alerts are sent via the Telegram Bot API. No
other data is sent.
- →Discord (opt-in only) — If you configure
Discord notifications in Settings, completion alerts are sent via your webhook URL. No other
data is sent.
🔐 4. Data Transmission and Security
- ✓All data transmitted between AutoBoom and third-party
services uses HTTPS (TLS encryption). No data is sent in plaintext.
- ✓Authentication tokens and API keys are stored locally in
chrome.storage.local on your device and are never transmitted to AutoBoom's
servers.
- ✓AutoBoom does not operate any backend servers of its own.
All server-side functionality is handled by Supabase Edge Functions and Stripe.
🗄️ 5. How Data Is Stored
- →Authentication & usage data — Stored securely
in Supabase (hosted on AWS, SOC 2
compliant).
- →Payment data — Processed by Stripe. We never see or store your card
details.
- →Local extension data — Project settings, session
data, API keys, and notification tokens are stored in
chrome.storage.local on your
device only. This data is never transmitted to AutoBoom.
🔑 6. Permissions Explained
AutoBoom requests the following Chrome permissions:
- →activeTab, tabs — To interact with Google Flow
tabs and send automation commands.
- →scripting — To enter text into Google Flow's
editor (Slate-based rich text input).
- →storage — To save your project settings and
authentication session locally.
- →downloads — To download generated images and
videos to your computer.
- →alarms — To keep the background service worker
alive during long generation tasks.
- →sidePanel — To display the AutoBoom interface as
a Chrome side panel.
🌐 7. Host Permissions Explained
AutoBoom requests access to the following domains:
- →labs.google — Required to automate the Google
Flow interface.
- →*.supabase.co — Required for authentication and
usage tracking via Supabase.
- →AI API domains (api.deepseek.com,
api.openai.com, generativelanguage.googleapis.com, api.anthropic.com, openrouter.ai) — Required
only if you opt in to AI prompt rewriting.
- →api.telegram.org — Required only if you
configure Telegram notifications.
- →discord.com — Required only if you configure
Discord notifications.
🕐 8. Data Retention
- ✓Account data is retained while your account is
active.
- ✓Daily usage counters reset automatically every 24
hours.
- ✓You can request account deletion by contacting us at the
email below.
- ✓Uninstalling the extension removes all locally stored data
immediately.
⚖️ 9. Your Rights
You have the right to:
- ✓Request access to your stored data.
- ✓Request deletion of your account and all associated
data.
- ✓Opt out of optional data sharing (AI rewriting, Telegram,
Discord) at any time via Settings.
- ✓Uninstall the extension at any time, which removes all
local data.
📝 10. Changes to This Policy
We may update this policy from time to time. Changes will be posted on this page with an updated date.
Continued use of AutoBoom after changes constitutes acceptance.