FeaturesGuidePricingFAQSign in

Legal

Privacy Policy

Rexa is an AI sidebar that reads what you ask it to and nothing more. This page explains exactly what data is processed, where it goes, and the choices you have.

Last updated: June 2, 2026

The short version

  • We only process page content, selections, files, or audio when you trigger an action — Rexa does not read pages in the background.
  • Your prompts and the context you share are sent to AI providers solely to generate your response.
  • Knowledge Base files are stored privately and used only to answer your questions.
  • We don't sell your data, and we don't use your private content to train foundation models.

Information we process

Account information

You sign in with Google. We receive your name, email address, and profile photo via Google Sign-In to create and secure your account. Authentication is handled by Firebase Authentication.

Content you ask Rexa to act on

When you use a feature, the relevant content is sent to our backend and on to an AI provider to produce a result. Depending on the action, this may include:

  • Page context — text from the current tab, only when you ask a question about the page.
  • Selections & inputs — text you highlight, or the contents of a field when you use the writing assistant or instant replies.
  • Knowledge Base files — documents you upload (PDFs, slides, docs) to chat with.
  • Screenshots — a region you capture to ask a vision model about.
  • Audio & screen frames — streamed only during an active live voice call.
  • Video links — a public video URL you choose to summarize.

Usage & diagnostics

We process basic technical data needed to operate the service — such as request timing and error logs — to keep Rexa reliable and secure.

How your data is processed

Rexa is a thin client: the extension sends your request to our backend, which calls the appropriate AI provider, streams the answer back, and returns it to your sidebar. We use these sub-processors strictly to deliver the features you invoke:

  • Amazon Web Services (Bedrock) — generating chat, reply, summary, vision, and agent responses.
  • Amazon S3 & Textract — storing Knowledge Base files and extracting text from them.
  • Google (Firebase & Gemini Live) — authentication, secure data storage, and real-time voice calls.
  • Tavily — fetching live web results for grounded search answers.
  • Supadata — retrieving public video transcripts for video summaries.

We choose providers that do not use API content to train their models by default. We never sell your personal information.

Where your data is stored

  • Account & chats — stored in Firestore under your account.
  • Knowledge Base files — stored privately in Amazon S3, with searchable text indexed to your account only.
  • Live content — voice audio and screen frames are processed in real time and are not retained after the call ends.

Your choices & controls

  • Every in-page feature (instant replies, writing assistant, summaries, quick access, and more) can be turned on or off — globally or per site — in Settings.
  • You can delete Knowledge Base files and folders at any time; deletion removes the file and its indexed text.
  • You can clear your chat history and request deletion of your account and associated data.
  • The do-it-for-me agent always asks for confirmation before submitting forms, paying, or other sensitive actions.

Data retention

We keep account information and content you save (like chats and Knowledge Base files) until you delete them or close your account. Transient request data is kept only as long as needed to deliver the response and maintain service reliability.

Children's privacy

Rexa is not directed to children under 13, and we do not knowingly collect their data.

Changes to this policy

We may update this policy as the product evolves. Material changes will be reflected by the “last updated” date above and, where appropriate, an in-product notice.

Contact

Questions about privacy? Reach us at privacy@rexa.ai or via our contact page.