Privacy Policy

Reduz ("we", "us", "our") is a browser extension and website that summarizes web pages, PDFs, YouTube videos, and selected text using AI providers. This Privacy Policy describes how data is handled across the Reduz extension, hosted summary features, optional encrypted cloud backup, and the reduz.app website, operated by Three Things Media.

Interpretation and Definitions

Definitions

• Extension — the Reduz Chrome browser extension.
• Website — the Reduz marketing site at reduz.app.
• Service — the Extension and Website collectively.
• Personal Data — any information that relates to an identified or identifiable individual.
• You — the individual using the Service.
• AI Provider — a third-party API service or hosted model provider used to generate summaries.
• Local / Own Key mode — the Extension mode where you use your own AI provider key and requests go directly from your browser to that provider.
• Hosted mode — the mode where Reduz processes summaries through its hosted relay and hosted AI providers.

Data Controller

Three Things Media
Postfach 101015
DE-85010 Ingolstadt, Deutschland
Email: support@reduz.app

What Stays on Your Device by Default

By default, the Reduz extension stores summaries and generated outputs on your device. It does not save original webpage HTML, original PDFs, or uploaded files by default. Local extension data includes:

• Own Key provider keys — stored in browser extension local storage; not transmitted to Reduz servers.
• Summary history and generated outputs — stored in a local SQLite database (OPFS), including summary text, source URL, title, provider used, model, token usage, timestamps, and, when available, extracted reader text or transcripts used for history, export, and source cleanup features.
• Settings and preferences — active provider, selected models, output language, custom prompt sets.
• Session data — temporary summary run snapshots, automatically cleared after 5 minutes of inactivity.

The current extension PDF path uses extracted PDF text to generate the summary but does not save that PDF text in local history by default. Optional encrypted cloud backup is available if you want a backup copy of your Reduz outputs and settings.

Local / Own Key Data Flow

When you summarize in Local / Own Key mode, the Extension:

1. Extracts text content from the active tab (webpage, YouTube transcript, or PDF).
2. Sends the extracted text, page title, URL, and your chosen prompt directly to your selected AI provider.
3. Receives the summary response via streaming.

In Local / Own Key mode, this data goes directly to the AI provider you selected and does not pass through Reduz servers. Your API key authenticates the request. We do not see, log, or store content summarized through Local / Own Key mode.

Hosted Summary Data Flow

When you use Hosted Free or a paid hosted plan, extracted source text, source metadata, and your selected prompt are sent to the Reduz hosted relay and then to a hosted AI provider so the summary can be generated. Reduz uses account, installation, usage, and request metadata to enforce credits, entitlements, rate limits, abuse controls, billing, reliability, and support.

The hosted relay is designed not to log raw source text or generated summary content by default. Hosted usage records may include status, timestamps, credit cost, token counts, approximate cost, content type, prompt ID, installation ID, account ID when signed in, and error metadata.

Web App Source Inputs

When you paste text or upload a document in the Reduz web app, Reduz processes that source through Reduz infrastructure and hosted AI providers for the action you choose. By default, Reduz does not save pasted text, uploaded files, or extracted document text after the action completes or the temporary processing window expires.

Reduz may save generated outputs, minimal source metadata such as title, URL, file type, and size, plus usage, billing, abuse-prevention, reliability, and support metadata.

Encrypted Cloud Backup

If you enable encrypted cloud backup, Reduz stores encrypted backup chunks so you can recover your local Reduz history, outputs, and settings. Backup is optional. Reduz is designed so we cannot read the encrypted backup contents. Backup does not mean Reduz stores original webpage HTML, original PDFs, uploaded files, or web app source inputs by default.

AI Provider Data Flows

Depending on which provider or hosted route is used, content may be sent to providers such as:

• OpenAI — api.openai.com (subject to OpenAI's Privacy Policy)
• Anthropic — api.anthropic.com (subject to Anthropic's Privacy Policy)
• Google Gemini — generativelanguage.googleapis.com (subject to Google's Privacy Policy)
• DeepSeek — api.deepseek.com (subject to DeepSeek's Privacy Policy)
• Other hosted providers — used by Reduz for hosted summaries when configured for the selected hosted route.

We strongly recommend reviewing the privacy policy of your chosen AI provider. We have no control over how they process the data you send via their APIs.

YouTube Data

When summarizing YouTube videos, the Extension fetches transcripts and captions directly from YouTube. If you provide an optional YouTube Data API key, it is used to fetch video metadata (title, channel, duration). This key is stored locally and sent only to YouTube's API servers.

Website, Account, and Billing Data

The reduz.app website may process:

• Vercel Analytics — anonymous, aggregate page view counts only. No personal identifiers, no IP tracking, no cookies for analytics.
• Cookies — see our Cookies Policy for details. We use only essential cookies (consent preferences, color mode).
• Account data — email, profile information from your auth provider, session state, and account identifiers.
• Billing data — shared accounts service customer and subscription identifiers, plan, status, renewal period, and entitlement metadata. Payment card details are handled by Stripe and are not stored by Reduz.
• Hosted usage data — credits, usage period, request counts, token counts, approximate cost, status, and abuse-prevention metadata.

Legal Basis for Processing (GDPR)

Where we process Personal Data, we rely on the following legal bases:

• Legitimate interest — to operate and improve the Service.
• Consent — for optional analytics cookies on the website (opt-in via cookie consent banner).
• Legal obligation — to comply with applicable laws.

Your Data Protection Rights (GDPR)

If you are in the European Economic Area, you have the right to:

• Access — request copies of your personal data.
• Rectification — request correction of inaccurate data.
• Erasure — request deletion of your data.
• Restrict processing — request that we limit how we use your data.
• Data portability — request transfer of your data in a structured format.
• Object — object to our processing of your data.
• Withdraw consent — withdraw consent at any time where processing is based on consent.

For local extension data, you can export your history as a ZIP file, clear all data from settings, or uninstall the Extension. For account, billing, hosted usage, or backup data, contact us using the details below.

California Privacy Rights (CCPA)

California residents have additional rights under the CCPA:

• Right to know what personal information is collected and how it is used.
• Right to delete personal information.
• Right to opt out of the sale of personal information — we do not sell personal data.
• Right to non-discrimination for exercising your privacy rights.

International Data Transfers

In Local / Own Key mode, your content is sent directly from your browser to your chosen AI provider's servers. In hosted mode, content is processed by Reduz infrastructure and hosted AI providers. These servers may be located outside your country of residence. Please review your AI provider's privacy policy for information on where they process data.

Data Retention

• Local extension data — retained on your device until you delete it or uninstall the Extension.
• Encrypted backup data — retained until you delete backup data, disable backup where deletion is available, or request deletion.
• Web app source inputs — pasted text, uploaded files, and extracted document text are temporary by default and deleted after processing or expiration; generated outputs are retained until deleted or account retention rules apply.
• Account, billing, and hosted usage metadata — retained as needed for account operation, billing, legal compliance, abuse prevention, reliability, and support.
• Website analytics — Vercel Analytics retains aggregate data; no personal data is stored.
• Cookie consent — preferences stored for 6 months.

Security

We take reasonable measures to protect the Service:

• Own Key provider keys are stored in browser extension local storage, isolated from web pages.
• Encrypted cloud backup is designed so Reduz cannot read backup contents.
• The Extension uses a strict Content Security Policy.
• Output is sanitized with DOMPurify to prevent injection attacks.
• No external scripts or tracking pixels are loaded by the Extension.

However, no method of electronic storage is 100% secure. We cannot guarantee absolute security.

Children's Privacy

Our Service is not directed to anyone under the age of 16. We do not knowingly collect Personal Data from children. If you are a parent or guardian and believe your child has provided us with data, please contact us.

Links to Other Websites

Our Service may contain links to third-party websites. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this page periodically.

Contact Us

If you have questions about this Privacy Policy, contact us at:

• Email: support@reduz.app
• Mail: Three Things Media, Postfach 101015, DE-85010 Ingolstadt, Deutschland