Swordfish

Introduction

Swordfish is committed to protecting your privacy. This Privacy Policy explains how information is accessed, used, and stored by the Swordfish extension and its optional companion desktop application.

Swordfish is a privacy-first open source Chrome extension that provides an AI-powered coding assistant in your browser. It combines browser automation with optional file system access to help you build, debug, and ship software more efficiently.

Information Accessed by the Extension

Information You Provide

API Keys: If you choose to use external LLM providers (Anthropic, OpenAI, Google Gemini, or others), you will need to provide your own API keys. These keys are stored locally in your browser using Chrome's storage API and are only used to make API calls to the respective services.

User Instructions: The natural language instructions and conversations you have with Swordfish are processed to perform the requested actions.

Project Directory (Optional): If you use the companion desktop application, you explicitly choose which project directory Swordfish can access for file operations.

Information Accessed During Operation

Browser Content: To perform the actions you request, Swordfish needs to access the content of the web pages you visit. This includes:

• DOM content (HTML structure)
• Text content
• Visual content (via screenshots)
• Form inputs
• Console logs and network requests
• Navigation history within the extension session

File System Content (Optional): If you use the companion desktop application, Swordfish can access:

• Files within your chosen project directory
• Directory structure and file listings
• File contents for reading and editing

Tool Usage Data: Swordfish locally tracks which tools are used during your sessions to improve functionality and provide better assistance.

Token Usage: When using LLM providers, Swordfish locally tracks token usage to display cost information to you.

How Information is Used

Swordfish uses the accessed information for the following purposes:

To Provide and Maintain the Service: The extension accesses information to perform the actions you request through natural language instructions, including:

• Browser automation and interaction
• Code reading and editing (when desktop app is running)
• Terminal command execution (when desktop app is running)
• Debugging and testing assistance

To Improve the Service: Tool usage data is used locally to improve the functionality of Swordfish and provide better assistance.

To Store Conversation History: Swordfish stores your conversation history locally in your browser using IndexedDB to maintain context across sessions.

To Communicate with LLM Providers: When you use external LLM providers, Swordfish sends your instructions and relevant context (browser content, file contents, command outputs) to these providers to generate appropriate responses and actions.

Data Storage and Security

Local Storage

Swordfish stores data locally in two places:

Browser Storage (Chrome extension):

• API keys for LLM providers
• Configuration settings
• Conversation history
• Token usage data
• Recorded browser interactions

This data is stored using Chrome's storage API and IndexedDB, and is not transmitted to any Swordfish servers.

Desktop Application Storage (Optional):

• CLI server configuration
• Server logs
• Working directory preferences

This data is stored locally on your machine and is not transmitted to any Swordfish servers.

Data Transmission

Swordfish transmits data to third-party services only in the following cases:

1. When making API calls to LLM providers (Anthropic, OpenAI, Google Gemini, or other configured providers)
2. When connecting to a locally running Ollama instance (if configured)

In these cases, the data transmitted may include:

• Your instructions and conversation history
• Relevant browser context (page content, screenshots, console logs, network requests)
• File contents from your project directory (if desktop app is running)
• Command outputs (if desktop app is running)

Important: Swordfish does not operate its own servers. All data transmission is directly between your browser/desktop app and your chosen LLM provider.

Companion Desktop Application

The optional Swordfish desktop application provides file system and terminal access:

What It Does:

• Runs a local CLI server on your machine (default: localhost:8765)
• Provides secure file system access within your chosen project directory
• Executes terminal commands you request through the extension
• Manages working directory and server configuration

Your Control:

• The desktop app only runs when you explicitly start it
• You choose which project directory it can access
• You can stop the server at any time
• All operations are logged and visible in the desktop app
• The extension cannot access your file system without the desktop app running

Security:

• The CLI server only accepts connections from localhost
• File operations are restricted to your chosen project directory
• You maintain full control over what commands are executed

Your Choices and Rights

API Keys

You have full control over which LLM providers you use and can remove your API keys at any time through the extension settings.

Local Data

You can clear all locally stored data by:

• Clearing conversation history through the extension interface
• Clearing your browser's storage for the Swordfish extension
• Uninstalling the extension

Desktop Application

You can:

• Choose whether to install and use the desktop application
• Start and stop the CLI server at any time
• Change the working directory
• Uninstall the desktop application without affecting the browser extension

Third-Party Services

Swordfish integrates with the following third-party LLM services (based on your configuration):

• Anthropic Claude: If configured, Swordfish sends data to Anthropic to process your instructions.
• OpenAI: If configured, Swordfish sends data to OpenAI to process your instructions.
• Google Gemini: If configured, Swordfish sends data to Google to process your instructions.
• Ollama: If configured, Swordfish sends data to your locally running Ollama instance.
• OpenAI Compatible Providers: If configured, Swordfish sends data to third-party OpenAI-compatible providers you've configured.

Each of these services has its own privacy policy that governs how they handle your data. We encourage you to review their privacy policies:

• Anthropic Privacy Policy
• OpenAI Privacy Policy
• Google AI Privacy Policy

Important Note: When you use Swordfish with these LLM providers, the context you share (including file contents, browser content, and command outputs) is sent to these providers. Please review their data handling practices and terms of service.

Chrome Permissions

Swordfish requires several Chrome permissions to function properly:

• debugger: Used to establish a connection with browser tabs through Chrome DevTools Protocol (CDP), enabling browser automation and interaction.
• tabs: Used to manage browser tabs (create, close, navigate, switch) and access tab information (URLs, titles).
• sidePanel: Used to provide the main user interface as a Chrome side panel.
• storage: Used to store configuration settings, conversation history, token usage data, and extension state.
• activeTab: Used to interact with the currently active tab to perform actions like clicking elements, typing text, and extracting information.
• host_permissions (<all_urls>): Used to interact with any website you visit, enabling automation across different domains.

These permissions are used solely for the purpose of providing the core functionality of Swordfish and are not used to collect or transmit data beyond what is necessary for the operation of the extension.

Data Retention

• Browser Extension Data: Stored locally until you clear it or uninstall the extension
• Desktop Application Data: Stored locally until you delete it or uninstall the application
• LLM Provider Data: Subject to the data retention policies of your chosen LLM provider

Children's Privacy

Swordfish is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13.

Changes to This Privacy Policy

This Privacy Policy may be updated from time to time. Any changes will be posted on our GitHub repository with an updated "Last Updated" date at the top of this policy. We encourage you to review this policy periodically.

Contact Us

If you have questions about this Privacy Policy, please:

• Open an issue on our GitHub repository
• Contact us through our website

Your Consent

By using Swordfish, you consent to this Privacy Policy and understand:

• The extension requires powerful permissions to function
• The optional desktop application can access your file system and execute commands
• Context shared with LLM providers may include sensitive information from your projects
• You are responsible for reviewing what information is shared with LLM providers

Open Source Transparency

Swordfish is open source software. You can review our code, verify our privacy practices, and contribute to the project on GitHub. We believe in transparency and welcome community oversight of our privacy and security practices.