Permissions & Your Data

What permissions does Ask Steve ask for and how does it use your data?

Your Privacy

We take your privacy very seriously.

  • We don't track what websites you visit
  • We don't track what you're asking Steve for
  • We don't track the Skills that you create
  • We don't store your API Keys on our servers
  • You can read our full privacy policy here.

Our Philosophy

  • Respect the user's privacy (see above)
  • Try to keep Ask Steve servers out of the loop as much as possible
  • Store as much data on the user's machine as possible
  • Connect directly to the LLM provider whenever possible
  • Be as transparent as possible about your data, how we use it, and where we send it (see below)
  • Ask Steve was created by Rajat Paharia who formerly worked at Google and IDEO. He created it because he wanted to put control of AI into your hands instead of the hands of big companies. See more here.

Extension Permissions

  • When you install Ask Steve it will ask for permission to "Read and change all your data on all websites". It needs this permission in order to be helpful on any web page. If you are uncomfortable with this then you should press Cancel and not install the extension.
  • If you want to limit what sites Ask Steve can work on, you can go into chrome://extensions, press the Details button on the Ask Steve tile, and then under Site access control what sites you want to give Steve access to.
  • At any time you can disable Ask Steve via the toggle on the Manage Extensions page and enable it manually on sites you want to use it on.
  • In an enterprise deployment, your administrator can configure certain sites to be allowed/disallowed via the runtime_allowed_hosts and runtime_blocked_hosts keys in ExtensionSettings. You can use this to prevent Ask Steve from having access to sensitive internal pages.
  • The Ask Steve extension id on Chrome is: gldebcpkoojijledacjeboaehblhfbjg
  • The Ask Steve extension id on Edge is: hiefenciocpoafbgoocochpolfjfmjfg

Saved Data

Your API Keys

  • Ask Steve asks you to enter your LLM provider API keys so that it can connect to those providers.

These keys are stored in the extension's Local Storage on your computer and are not sent to Ask Steve's servers.

  • The API keys are only sent to the service provider in order to authenticate your requests.
  • The API Keys are not encrypted and are sent with every request to the service provider, so someone else with access to your computer could discover them.

Other Data

All other configuration data is stored in Local Storage on your computer. It is never stored anywhere else. This includes:

  • Skills
  • Skill buttons
  • Model configuration
  • Chat history

If you'd like to see what is being stored in Local Storage, do the following:

  • Go into chrome://extensions
  • Enable Developer mode via the toggle in the upper right
  • Press the service worker link in the Ask Steve tile. This will open Chrome DevTools
  • On the Console tab, paste await chrome.storage.local.get() and then press ENTER
  • The contents of Local Storage will be printed out and you can inspect them

Network Requests

Your LLM Requests

  • We send your request directly to the LLM service provider.
  • When you are on the QuickStart plan, your LLM requests are sent to to quickstart.asksteve.to which proxies them to Google's Gemini or another provider. The QuickStart proxy doesn't look at or store your request, it just passes it through.

Google Analytics

We log views of the extension pages (e.g. Settings, Models, Sidepanel, etc.), as well as the following information for every LLM request:

  • Whether the call was successful or returned an error.
  • The hostname for the service (e.g. generativelanguage.googleapis.com or api.openai.com)
  • A transient session identifier
  • This can be disabled for enterprise deployments
  • Here is what that looks like for a call to the Google Gemini LLM:
{
  "name": "llm_success",
  "params": {
    "hostname": "generativelanguage.googleapis.com",
    "session_id": "1721321767437",
    "engagement_time_msec": 100
  }
}

Login and Authentication

  • Ask Steve uses Firebase (from Google) for login and authentication. Requests are made to Google's servers whenever you login or create a new account.
  • We don't ask for or store any PII beyond what is provided at login.
  • This can be disabled for enterprise deployments.

The Skill Library

  • Ask Steve uses Firebase for its backend database. Requests are made to Firebase to retrieve the list of Library Skills and to (in the future) upload a Skill to the Library.
  • This can be disabled or pointed to an internal database for enterprise deployments.

Configuration Files

Ask Steve loads the following configuration files from quickstart.asksteve.to

  • models.json - contains all the model templates
  • skills.json - contains the out-of-the-box Skills
  • buttons.json - contains the out-of-the-box Skill Buttons
  • This can be disabled for enterprise deployments.

If you'd like to monitor all the network requests that Ask Steve is making, do the following:

  • Go into chrome://extensions
  • Enable Developer mode via the toggle in the upper right
  • Press the service worker link in the Ask Steve tile. This will open Chrome DevTools
  • Switch to the Network tab. From here you can see all the network requests that Ask Steve makes

Other

The LLM service may use your data for training or to make their products better. If you are on the QuickStart plan or are using the Google Gemini or Mistral La Plateforme free tier, they reserve the right to use your data. If this concerns you, you should sign up for Ask Steve's Premium Plan and connect to a paid service or internal corporate service that explicitly states that they will not use your data. You can also connect to a Local Model running on your own machine.