Reddit Reply Drafter

Privacy Policy

Effective date: May 14, 2025  ·  Last updated: May 14, 2025

Short version: We collect only what we need to run the service (your email address, usage counts, and optionally your Reddit username for voice generation). We do not sell your data. We do not post anything to Reddit on your behalf. Your API keys and voice profiles never leave your device.

This Privacy Policy describes how Reddit Reply Drafter (“we,” “our,” or “us”) collects, uses, and protects information when you use the Reddit Reply Drafter Chrome extension and its associated backend service at reddit.nerdsnipe.cc (collectively, the “Service”).

By installing the extension or using the Service, you agree to the practices described below. If you do not agree, please uninstall the extension and discontinue use.

1. What we collect and why

1a. Account information

To create an account, you provide your email address. We use it exclusively to send you a magic-link sign-in email (via Resend) and to identify your account. We do not require a password. We do not collect your name, phone number, or payment details beyond what Stripe handles directly (see Section 4).

1b. Reddit username (optional, user-initiated only)

If you choose to generate a voice profile from your Reddit comment history, you enter your Reddit username in the extension settings. We use that username solely to fetch your public comment history from the Reddit API on your behalf and build a voice profile text string. The username is stored in your account record so the profile can be regenerated. We never access or store your Reddit credentials, password, or tokens.

1c. Draft and usage metrics

We record a draft count per account (how many AI drafts you have generated in the current billing period). This is used solely to enforce plan limits. We do not store the content of your drafts, the text of Reddit threads you viewed, or your drafting history.

1d. Authentication tokens

When you sign in, we issue a bearer token that is stored as a hashed valuein our server-side database (Neon Postgres). The plaintext token lives only in your browser’s chrome.storage.local. Tokens expire after 30 days.

1e. What we do NOT collect

  • Browsing history. The extension reads the DOM only on Reddit thread pages you explicitly open while the extension is active. No other browsing activity is captured or reported to our servers.
  • Reddit post/comment content at rest. Thread content is sent to the AI provider (Anthropic or your own API key) in real time to generate a draft and is not stored by us afterward.
  • Keystrokes or clipboard data. We do not read what you type on Reddit or anywhere else.
  • Precise location or device identifiers.

2. How and where data is stored

DataWhere it livesWho can see it
Email address, Reddit username, draft countNeon Postgres (cloud database, US region)Service operators only; never sold or shared
Hashed authentication tokenNeon PostgresStored as a one-way hash; plaintext never persisted
Voice profile text, BYOK API keyschrome.storage.local on your device onlyYou only; never sent to our servers
Plaintext bearer tokenchrome.storage.local on your device onlyYou only; transmitted over HTTPS when making API calls
Reddit thread content (for AI generation)Sent directly to AI provider; not stored by usSubject to AI provider’s privacy policy
Payment dataStripe (we never see raw card data)Stripe only; subject to Stripe’s privacy policy

chrome.storage.local is local to your Chrome profile and is never synced across devices via Chrome Sync. API keys and voice profiles remain on your machine at all times.

3. How we use your information

  • To provide the Service: authenticate you, enforce plan limits, and route draft-generation requests to the appropriate AI provider.
  • To send transactional email: magic-link sign-in emails and payment receipts. We do not send marketing email unless you explicitly opt in.
  • To generate your voice profile when you request it, using the Reddit username you provide.
  • To improve the Service: aggregate, anonymous usage counts (e.g., total drafts generated per day) may be used to improve infrastructure capacity. These are never linked back to individual users.

We do not use your data to train AI models. Thread content you process through our managed backend is passed directly to Anthropic’s API; Anthropic’s standard API terms apply (they do not train on API inputs by default).

4. Third-party services

We use the following third-party services to operate the product. Each is used only for the stated purpose.

ServicePurposeData shared
AnthropicAI draft generation (managed backend)Reddit thread content + your voice profile text, in real time; not stored by us
OpenAI / LM StudioAI draft generation (BYOK mode only)Thread content sent directly from your browser using your own API key; we never see it
StripePayment processingEmail address and billing details; we never see raw card data
ResendTransactional email (magic-link sign-in)Your email address and the magic-link token
NeonDatabase hosting (Postgres)All server-side account data listed in Section 2
VercelBackend hosting and CDNStandard request logs (IP address, path, timestamp); not linked to your account
Reddit (public API)Fetching public comment history for voice generationReddit username (public); subject to Reddit’s privacy policy

We do not embed advertising networks, analytics SDKs (e.g., Google Analytics), or social tracking pixels in the extension or the backend.

5. Chrome extension — specific disclosures

Host permissions

The extension requests access to reddit.com (including www.reddit.com and old.reddit.com). This permission is used solely to read the DOM of Reddit thread pages you open in order to extract post title, body, top comments, and subreddit name for draft generation. The extension does not read Reddit pages in the background; it only runs when you click the extension icon on a Reddit thread page.

What the extension reads and when

  • On demand only:DOM content is extracted only when you click “Draft reply” inside the extension popup.
  • No background page scanning: The extension does not run content scripts continuously or scan pages you have not actively triggered.
  • No other sites: The extension does not request or read content from any site other than Reddit.

What is stored locally

The following items are stored in chrome.storage.local and never leave your device:

  • Your voice profile text (generated from Reddit history or written manually)
  • Your Bring Your Own Key (BYOK) API keys, if you enter them
  • Your authentication bearer token (used to call our backend API)
  • UI preferences (selected persona, provider choice)

None of this data is synced via chrome.storage.sync. It exists only on the device where you installed the extension.

No automated Reddit actions

The extension cannot post, vote, subscribe, send messages, or take any action on Reddit. Draft text is displayed in the extension popup only. You copy it manually and paste it into Reddit’s own comment box. The extension does not interact with Reddit’s API at all.

6. Data retention

  • Account data (email, Reddit username, usage counts) is retained as long as your account is active.
  • Authentication tokens expire and are deleted after 30 days of inactivity or on sign-out.
  • Local extension data (voice profiles, API keys) persists until you clear it via extension settings or uninstall the extension.
  • Deleted accounts: all server-side personal data is permanently deleted within 30 days of an account deletion request.

7. Your rights and data deletion

You have the right to access, correct, or delete personal information we hold about you. To exercise any of these rights:

Email nerdsnipe.inc@gmail.com with the subject line “Privacy Request” and include the email address associated with your account. We will respond within 10 business days.

You may also delete your local extension data at any time by opening extension settings and clicking “Clear voice profile” or by uninstalling the extension from Chrome.

8. Children’s privacy

This Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us at nerdsnipe.inc@gmail.com and we will delete it promptly.

9. Security

All data in transit between the extension and our backend uses HTTPS/TLS. Bearer tokens are stored server-side as bcrypt hashes. API keys you provide for BYOK mode are stored only in chrome.storage.local on your device and are never transmitted to our servers. We do not have access to them.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top of this page. If we make material changes, we will notify you by email (at the address on your account) or by displaying a notice in the extension. Continued use of the Service after changes are posted constitutes acceptance of the updated policy.

11. Contact

For privacy questions, data requests, or concerns about this policy, contact us at:

nerdsnipe.inc@gmail.com
Reddit Reply Drafter — reddit.nerdsnipe.cc