Privacy Policy

Last updated: April 16, 2026

Kimi Comet ("we", "our", or "the extension") is a browser extension that enables AI agents to interact with web pages on the user's behalf, working in conjunction with the Kimi Comet desktop client. We are committed to protecting your privacy. This policy explains what data the extension accesses, how it is used, and how it is protected.

1. Data We Access

In order to perform browser actions on your behalf, the extension accesses the following types of data during operation:

• Web browsing activity: URLs and titles of tabs you direct the AI agent to interact with, used to identify and manage target tabs.
• Page content: DOM structure, text, images, and rendered page content (via screenshots and snapshots) of pages the AI agent is instructed to read or interact with.
• User actions: Click targets, form fill data, and navigation commands executed by the AI agent on your instruction.
• Network requests: Request and response metadata on pages where the AI agent needs to monitor loading state or intercept resources.

2. How Data Is Used

All accessed data is used solely to:

• Execute browser actions (navigate, click, fill, screenshot, etc.) as instructed by your local desktop client.
• Return action results (screenshots, page text, DOM snapshots) to your local desktop client.
• Maintain connection state and user preferences locally on your device.

3. Data Storage

• Local storage only: The extension uses chrome.storage.local to persist connection preferences (WebSocket URL, connection mode). This data stays on your device.
• No remote storage: We do not store any browsing data, page content, screenshots, or user activity on any server.
• No analytics: We do not collect usage analytics, telemetry, or crash reports.

4. Data Sharing

The extension communicates exclusively with the locally running Kimi Comet desktop client via WebSocket on 127.0.0.1 (localhost). No data leaves your device through the extension.

5. Permissions Explained

The extension requests the following browser permissions, each for a specific purpose:

• tabs: Query and manage browser tabs to target the correct page for AI agent operations.
• activeTab: Access the currently active tab when the user triggers the extension.
• debugger: Attach Chrome DevTools Protocol (CDP) to capture screenshots, DOM snapshots, and monitor network activity.
• storage: Save connection preferences locally on your device.
• alarms: Schedule WebSocket reconnection attempts when the desktop client connection is lost.
• tabGroups: Organize agent-controlled tabs into labeled, color-coded groups for visual clarity.
• clipboardWrite / clipboardRead: Copy and paste content as part of AI agent page interactions.
• Host permissions (<all_urls>): The AI agent must operate on any website the user directs it to; target URLs are determined at runtime.

6. Security

• All WebSocket communication between the extension and the desktop client uses the local loopback interface (127.0.0.1), which is not accessible from external networks.
• The extension does not inject content scripts into pages in the consumer edition.
• All browser actions are performed in visible tabs — no hidden or background page manipulation.

7. User Control

• You can disconnect the extension from the desktop client at any time via the popup interface.
• You can uninstall the extension at any time, which removes all locally stored preferences.
• The extension only performs actions when instructed by the desktop client — it does not operate autonomously.

8. Children's Privacy

Kimi Comet is not directed at children under 13. We do not knowingly collect any personal information from children.

9. Changes to This Policy

We may update this privacy policy from time to time. Changes will be reflected on this page with an updated "Last updated" date. Continued use of the extension after changes constitutes acceptance of the updated policy.

10. Contact

If you have questions about this privacy policy or the extension's data practices, please contact us at:

xpzouying@gmail.com