Privacy

Privacy Policy

Hyperion runs entirely in your browser. There is no Hyperion server, and the developer does not collect, receive, or store any of your data.

Last updated: 20 June 2026

What Hyperion stores (locally, on your device)

All of the following are kept in your browser only (chrome.storage.local and IndexedDB) and never sent to the developer:

Provider credentials — API keys and OAuth tokens for the AI provider you configure (encrypted at rest).
Chats & artifacts — your conversations and any generated documents or code.
Agent tasks & history — goals, steps, results, and screenshots captured during agent runs.
Memory & knowledge — facts you save and documents you add as “Sources”.
Preferences — theme, execution mode, and other settings.

You can export or permanently delete this data at any time from Settings → Data (Export memory / Export tasks / Clear all data).

What is sent to third parties (only when you use a feature)

Hyperion makes network requests directly from your browser to the services you choose to use:

Your selected AI provider (Anthropic, OpenAI, GitHub Copilot, or GitHub Models) receives your prompts, attached files/images, and — during agent tasks — the content and screenshots of pages you direct the agent to, so it can generate responses.
Optional feature endpoints, used only when you invoke them: /wiki (Wikipedia), /news (Google News), /stock (Yahoo Finance), /github (GitHub REST API, with your token), /mcp (the MCP server URL you enter), /image and audio transcription (OpenAI, with your key), and /youtube (transcript fetch).
Runtime assets for in-browser code — Python packages (integrity-checked wheels from the Pyodide repo), npm packages for React artifacts (integrity-checked from the npm registry), and the local semantic-search model weights (from the Hugging Face hub) download on first use, then run on your device.

Your data is handled by those services under their own privacy policies.

What Hyperion does NOT do

No analytics, telemetry, tracking, or advertising.
No selling or sharing of your data.
No transmission of your data to any server operated by the developer.

The autonomous agent

When you give the agent a goal, it reads and interacts with the web pages you direct it to. Page text and (optionally) screenshots may be sent to your AI provider for reasoning. The agent will not type into password fields and pauses for your approval before sensitive or destructive actions, per your chosen execution mode.

Permissions

The extension requests broad host access (<all_urls>) and tab/scripting permissions because the agent must read and act on the websites you choose. These are used solely to perform the tasks you request.

Contact

Questions or concerns? Reach out via deb0.com.