Privacy Policy

Last Updated: June 11, 2026

This Privacy Policy describes how Quixet LLC ("Quixet", "we", "us", "our") handles information when you use Aera Browser ("Aera", "the Browser", "the Software"). We are committed to protecting your privacy and being transparent about our data practices.

Contents

  1. Privacy Overview
  2. Data Stored Locally
  3. AI Agent & Third-Party Data
  4. MCP Server Data
  5. Extensions Data
  6. Skills Marketplace Data
  7. Security & Prompt Injection Risks
  8. What We Don't Collect
  9. Third-Party Services
  10. Data Security
  11. Your Rights & Controls
  12. Children's Privacy
  13. Changes to This Policy
  14. Contact Us

1. Privacy Overview

Aera Browser is designed with privacy as a core principle. Here's a quick summary:

  • Local-First Design: Your browsing data, history, bookmarks, and preferences are stored locally on your device
  • No Browsing Data Collection: While we operate servers for account authentication and updates, we do not collect or store your browsing data, history, or page content
  • Model Choice: Local model requests are sent to the endpoint you configure; Aera-hosted model requests are processed by third-party AI providers via OpenRouter
  • Direct AI Communication: When you use AI features, your prompts and page context are sent to the selected model provider for processing; we do not store that content on our servers for inference
  • You're In Control: You can clear all your local data at any time from Privacy settings

2. Data Stored Locally

Aera stores the following data locally on your device:

Data TypePurposeYour Control
Browsing HistoryDisplay recent pages, enable history searchClear in browser settings
BookmarksSave and organize your favorite pagesAdd, edit, or delete anytime
PreferencesRemember your settings (theme, search engine, etc.)Modify in settings
Chat/Conversation HistoryPersist your AI Agent conversationsClear conversations anytime
Extension DataStore extension configurations and stateRemove extensions in settings
Scheduled TasksStore your automated task configurationsDelete tasks anytime
Background ImagesCustom theme backgroundsRemove in appearance settings

All locally stored data remains on your device and is not transmitted to Aera servers for collection. You can clear all local data at once using the "Clear All Local Data" option in Privacy settings. We do not have access to any of this data.

3. AI Agent & Model Data

Important: Data sent to model providers is not controlled by Aera.

3.1 How AI Features Work

When you use Aera's AI Agent features, your requests are sent directly to the selected model endpoint. Local model requests go to the OpenAI-compatible endpoint you configure, and Aera-hosted model requests go to third-party AI services through OpenRouter. They never pass through Aera's servers. This process involves:

  • Your message/instruction is sent directly to the selected model provider
  • Page content the Agent needs to read is sent to the selected model provider
  • Screenshots or extracted page elements may be sent for analysis
  • Your conversation history may be included for context

3.2 Data Sent to Model Providers

The following data may be transmitted to the selected model provider when using Agent features:

  • Your Instructions: The prompts and messages you send to the Agent
  • Page Content: Text, HTML structure, and metadata from pages the Agent reads
  • Visual Data: Screenshots or images when visual analysis is needed
  • Context Information: Current URL, page title, and conversation history
  • Attachments: Files or images you explicitly attach to messages

3.3 Models & Zero Data Retention

When you use AI features, you may be able to choose among local models and Aera-hosted models. Aera-hosted subscriber models are routed through providers and configurations that support Zero Data Retention (ZDR): participating providers do not retain your prompts or outputs for training or logging beyond what is needed to complete the request.

Local model requests are sent to the endpoint you configure and are governed by that endpoint's behavior. Aera's ZDR routing applies to Aera-hosted subscriber models, not to local endpoints you run or configure yourself.

3.4 Model Provider Privacy

Data sent to model providers is subject to their privacy policies or to the configuration of the local endpoint you choose. We recommend reviewing:

  • OpenRouter Privacy Policy
  • The privacy policies of underlying AI models you select
  • The data handling of any local model server you configure

We have no control over how model providers or local endpoints handle, store, or use data sent through their services.

4. MCP Server Data

Aera's Model Context Protocol (MCP) server allows external AI tools to interact with the browser.

4.1 MCP Data Exposure

When the MCP server is enabled, connected external tools may access:

  • Page content and structure of open tabs
  • Screenshots of browser content
  • Ability to navigate, click, and type in the browser
  • List of open tabs and their URLs

4.2 Local Network Only

The MCP server operates on your local machine and is not exposed to the internet by default. However:

  • External tools on your machine can connect to the MCP server
  • Data exchanged with external tools is subject to those tools' privacy practices
  • You control when the MCP server is enabled or disabled

5. Extensions Data

Aera supports Chrome browser extensions, which may have their own data collection practices.

5.1 Extension Permissions

Extensions can request various permissions, including:

  • Access to your browsing history
  • Ability to read and modify page content
  • Access to cookies and other browser data
  • Network access to send data to external servers

5.2 Third-Party Extensions

Extensions are developed by third parties. We do not control and are not responsible for:

  • What data extensions collect
  • How extensions use or share your data
  • Extension privacy policies or practices

Review each extension's privacy policy before installation and only install extensions from trusted sources.

6. Skills Marketplace Data

Skills are reusable instruction snippets you can invoke in chat (e.g. /analyze-competitors). Skills you create are stored locally on your device like your other data, and are not transmitted to Aera unless you choose to publish them.

6.1 Publishing a Skill

If you choose to publish a skill to the Skills Marketplace, that skill's contents (its name, description, and instruction body) are uploaded to and stored on Aera servers. This is the one case where content you author in Aera is stored on our servers. Published skills are reviewed by the Aera team before they become visible to other users, and you are shown this notice before publishing.

  • Attribution is your choice: when publishing, you may credit the skill to your account name or publish anonymously.
  • Visibility: approved skills are publicly available to other Aera users through the in-browser Marketplace.
  • Don't include secrets: do not put passwords, personal data, or confidential information in a skill you publish; its full contents are shared publicly once approved.

6.2 Installing a Skill

When you add a skill from the Marketplace to your browser, we record an anonymous, aggregate install count for that skill so the Marketplace can rank popular skills. The installed skill is then stored locally on your device like any skill you create yourself.

6.3 Removal

To remove a published skill from the Marketplace, contact us at [email protected]. Deleting a skill from your local browser does not remove a copy you previously published.

7. Security & Prompt Injection Risks

Important: AI agents interacting with web content face inherent security risks.

7.1 Prompt Injection

Malicious websites may contain hidden content designed to manipulate AI agents. This could potentially cause:

  • The Agent to reveal information from other pages or your conversations
  • Unintended actions to be performed
  • Sensitive data to be included in AI requests

7.2 Data Leakage Risks

When the Agent reads page content, that content is sent to the selected model provider. If you visit a malicious site, any data visible on that page could be transmitted. This includes:

  • Content from other tabs if the Agent is instructed to access them
  • Information from pages containing your personal data
  • Details about your browsing session and context

7.3 Your Responsibility

You accept responsibility for the risks associated with using AI Agent features. We recommend:

  • Being cautious about what pages you allow the Agent to access
  • Not using the Agent on pages with sensitive personal, financial, or medical information
  • Reviewing Agent actions, especially on unfamiliar websites
  • Understanding that model provider policies or local endpoint behavior govern data once it leaves Aera

8. What We Don't Collect

Quixet LLC and Aera do not:

  • Track your browsing: We don't collect your browsing history, URLs, or page content
  • Store browsing data on servers: While we operate servers for authentication and updates, we do not collect or store your browsing data
  • Store AI prompts on our servers: Content you send for AI processing is not stored on our servers for inference (it is handled by AI providers as described above). The one exception is a skill you explicitly publish to the Skills Marketplace; see "Skills Marketplace Data" above
  • Sell your data: We don't sell or share personal data with third parties for marketing
  • Use tracking cookies: Aera doesn't set tracking cookies for analytics
  • Collect telemetry: We don't collect usage statistics or crash reports (unless you explicitly opt-in to future features)
  • Access your conversations: Your AI chat history remains on your device

9. Third-Party Services

Aera integrates with various third-party services. Each has its own privacy practices:

9.1 AI Services and Local Model Endpoints

When using Aera-hosted AI features, your data is processed by OpenRouter and underlying AI model providers. Aera-hosted subscriber models use Zero Data Retention routing where applicable. When using local models, your data is sent to the endpoint you configure and is governed by that endpoint's behavior.

9.2 Search Engines

Search queries entered in Aera are sent to your selected search engine (Google, Bing, or DuckDuckGo). Search engines have their own data collection practices.

9.3 Websites You Visit

Websites you visit through Aera may collect data about your visit (cookies, analytics, etc.). This is standard web browsing behavior and is subject to each website's privacy policy.

9.4 Discord (Optional)

If you enable Discord Rich Presence, a simple "Using Aera" status is sent to Discord. No URLs, page content, or other browsing data is shared with Discord.

10. Data Security

10.1 Local Storage Security

Your data is stored locally using standard Electron/Chromium storage mechanisms. The security of this data depends on:

  • Your device's security measures (encryption, access controls)
  • Your account passwords and security practices
  • Physical security of your device

10.2 Transmission Security

When data is sent to AI providers:

  • Connections use HTTPS encryption
  • Data in transit is encrypted

10.3 No Guarantees

No system is completely secure. While we design Aera with security in mind, we cannot guarantee absolute security of your data, especially data transmitted to third-party services.

11. Your Rights & Controls

You have control over your data in Aera:

11.1 Access & Deletion

  • History: View and clear browsing history in settings
  • Bookmarks: Add, edit, or delete bookmarks
  • Conversations: View and delete AI conversation history
  • Preferences: Modify or reset your preferences
  • Extensions: Remove extensions and their data
  • Clear All Data: Use "Clear All Local Data" in Privacy settings to erase all local data at once

11.2 Feature Controls

  • MCP Server: Enable or disable the MCP server
  • Discord Presence: Enable or disable Discord status
  • Extensions: Enable or disable individual extensions
  • Scheduled Tasks: Create, modify, or delete automated tasks
  • Skills: Create, edit, or delete skills in Settings → Skills; published Marketplace skills can be removed by contacting support

11.3 Third-Party Data

For data sent to third-party services (AI providers, search engines), you must contact those services directly to exercise any data rights they may offer.

12. Children's Privacy

Aera Browser is not intended for children under 13 years of age (or the applicable age in your jurisdiction). We do not knowingly collect personal information from children.

If you believe a child has used Aera and provided personal information to third-party services through the browser, please contact those services directly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes:

  • We will update the "Last Updated" date at the top of this policy
  • Material changes may be communicated through the Software or our website
  • Your continued use of Aera after changes constitutes acceptance of the updated policy

We encourage you to review this policy periodically.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your data, please contact us:

Email: [email protected]

By using Aera Browser, you acknowledge that you have read and understood this Privacy Policy.