Grok Automate

Privacy Policy — Grok Automate

Last updated: May 15, 2026 Hosted version: https://www.grokautomate.com/privacy

Grok Automate ("we", "us", "the extension", "the Service") is an unofficial, third-party browser extension that helps you queue prompts and download generated assets on grok.com. We are not affiliated with, endorsed by, or sponsored by xAI Corp. or any of its products.

Grok Automate is offered in two tiers:

  • Free — works entirely on-device, no account required.
  • Pro ($3 / month) — sign-in with an account hosted on Google Firebase, subscription billing handled by PayPal. Pro unlocks higher daily limits and additional features.

This document explains what data each tier collects, where it goes, and how to delete it. Section 1–4 cover everything that's always true. Section 5 onwards only applies if you sign up for Pro.

1. TL;DR

If you are using Free:

  • We do not collect, transmit, sell, share, rent, lease, or log any of your personal information.
  • All data the extension produces (prompts, queue state, downloaded images and videos, settings) stays in your own browser and your own downloads folder.

If you are using Pro:

  • We store a small account record on Google Firebase (your email, the fact you have an active Pro plan, today's prompt counter) so the daily limit can be enforced fairly across the devices you sign in on.
  • Payment processing is handled entirely by PayPal. We never receive, store or have access to your card number, bank details, or PayPal password.
  • We do not sell or share any of that data with advertising or analytics third parties.

You can verify every claim above by reading the open source code linked from the Chrome Web Store listing.

2. Data the extension stores locally (Free AND Pro)

The following data is stored only in your browser using the standard Chrome storage APIs. None of it ever leaves your machine.

DataWhere it livesWhy
Your prompts and prompt historychrome.storage.localSo your queue survives a browser restart.
Uploaded reference images for image-to-videoIndexedDB (grok-auto database)Re-uses the image across queue items; deleted after the item succeeds.
Queue state (pending / running / failed items)chrome.storage.localLets the queue resume after the browser was closed.
Generation parameters (resolution, duration, aspect ratio, picker action)chrome.storage.sessionPer-session preferences.
Daily prompt counter (dailyStats.used)chrome.storage.localDrives the "X / 25" progress bar in the popup.
Your settings (download folder, retry config)chrome.storage.localHonored on every run.
A cached copy of your account (email, plan) — Pro onlychrome.storage.local under userProfileSo the popup can render the "Pro" badge before the Firebase auth round-trip completes.
Diagnostic logs (Logs tab)RAM, in-page onlyCleared on browser restart.

You can clear all of it at any time from chrome://extensions/ → Grok Automate → Site settingsClear data, or by uninstalling the extension.

3. Network traffic the extension causes (Free AND Pro)

The extension watches a single domain — grok.com — and, when you generate something, fetches the resulting asset from imagine-public.x.ai (xAI's own CDN). It does not ship any analytics, telemetry, crash reporter, error tracker, ad SDK, A/B-test framework, fingerprinting code, or remote configuration endpoint.

The two grok.com / xAI requests are:

  1. Requests Grok.com makes itself. The extension does not initiate these. It only watches outgoing /rest/app-chat/conversations/new requests and, when Grok's own UI loses the prompt you typed, rewrites the in-flight request body to re-insert that prompt. The destination, headers, cookies, and authentication of the request are entirely controlled by Grok.com — we never add, remove, or forward anything to a third party.
  2. Asset downloads. When generation finishes, the extension downloads the resulting image/video directly from xAI's public CDN (https://imagine-public.x.ai/...) using Chrome's built-in chrome.downloads API. The file goes straight to your local Downloads folder.

If you are on Pro, the extension additionally talks to two third-party services we have selected for account hosting and billing. See section 5.

4. Permissions and why we ask for them

Chrome will prompt you to approve these on install. We ask for the minimum needed for the features you see in the UI.

PermissionWhy it's needed
storageTo remember your queue, settings, daily counter and reference images across browser restarts. Stored locally.
downloadsTo save the generated images and videos to your Downloads folder when each generation completes.
tabsTo find the grok.com tab the queue is running in, refresh it between items, and post each prompt to the right tab.
scriptingTo clear stale Grok client-side state (localStorage, IndexedDB, cache) between queue items so prompt N doesn't get contaminated by prompt N-1.
alarmsTo wake up the service worker briefly while a queue is running, and to reset the local daily counter at UTC midnight.
debuggerThe reason for the yellow "Grok Automate started debugging this browser" bar at the top of grok.com while the extension is running. Grok's TipTap/ProseMirror editor and React form-state only accept trusted keyboard input — synthetic events fired by a normal content script are ignored, which leaves the queue stuck. The Chrome DevTools Protocol is the only way to type prompts and press Enter in a way Grok's React state actually sees. We attach the debugger only to grok.com tabs, only while a queue item is processing, and detach automatically (35 s timeout) after each item. We never use it on any other site.
Host permission for https://grok.com/*Required so the content scripts can run on grok.com. The extension does not have access to any other website.

The extension has no other host permissions. It cannot read, write, modify, or inject anything on any site other than grok.com.

5. Pro tier: account and billing data

This section applies only to users who choose to sign up for Pro. Free-tier users skip it entirely — they never trigger any of the behaviour described below.

5.1 Authentication (Google Firebase Authentication)

When you click "Sign in" and create or log into a Pro account, we use Google Firebase Authentication to identify you. Firebase is a Google service governed by Google's Privacy Policy (https://policies.google.com/privacy).

We support these sign-in methods:

  • Email + password
  • Sign in with Google (OAuth)

The data Firebase Auth receives and stores about you:

FieldSourcePurpose
Email addressYou typed it / your Google account provided itAccount identifier, recovery
Hashed passwordYou typed it (Firebase hashes it before storage; we never see plaintext)Authentication
Firebase UIDGenerated by FirebaseInternal account key
created_at / last_login_atGenerated by FirebaseSecurity and abuse prevention
IP address of the sign-in requestFirebase serverAbuse prevention (rate limit, geo block)

Firebase Auth data is stored on Google infrastructure. We have access to it via the Firebase Admin SDK for support purposes only; we never bulk- export it, sell it, or share it with marketers.

5.2 Account record (Cloud Firestore)

Once signed in, we create one document per user at users/{uid} in Cloud Firestore. It contains only what's strictly needed to run the Pro tier:

{
  "email":             "you@example.com",
  "plan":              "free" | "pro",
  "dailyUsage":        0,                    // resets at UTC midnight
  "lastReset":         1715731200000,
  "createdAt":         1715731200000,
  // ── populated only if you have an active subscription ──
  "paypalSubscriptionId": "I-XXXXXXXXX",
  "subscriptionStatus":   "active" | "cancelled" | "expired" | "pending",
  "renewalDate":          1718323200000
}

We do NOT store: full name, address, phone number, profile picture, country, currency, IP, browser fingerprint, the contents of your prompts, the contents of your generated images, or anything you didn't explicitly enter in the popup.

A small subset (email, plan) is also cached in chrome.storage.local.userProfile so the popup can paint the Pro badge without an async round-trip on first open.

5.3 Subscription billing (PayPal)

Subscription billing is handled by PayPal Inc., governed by PayPal's Privacy Statement (https://www.paypal.com/us/legalhub/privacy-full).

When you click "Upgrade to Pro":

  1. The extension calls our INITIATE_SUBSCRIPTION handler in the service worker.
  2. The service worker creates a PayPal Subscription via PayPal's REST API and receives an approval URL.
  3. The approval URL opens on paypal.com in a new tab. You complete payment on PayPal's site, not in our extension.
  4. PayPal calls our backend webhook with a BILLING.SUBSCRIPTION.ACTIVATED event. Our backend writes plan: "pro" and paypalSubscriptionId: "I-XXX" to your Firestore record.

We never see your card number, bank account, billing address, or PayPal password. The only payment-related fact we ever store is your paypalSubscriptionId and the latest status PayPal told us about (active / cancelled / expired). That ID lets us call the PayPal API to cancel the subscription when you click "Cancel" — it is not usable to charge you again.

5.4 Server-side logs (operational)

Our Cloud Function backend (Firebase Functions) writes operational logs for at most 30 days. These logs may contain:

  • Your Firebase UID (no email).
  • The PayPal webhook event type and subscription ID.
  • HTTP status codes and error messages.

We never log the contents of your prompts, the contents of your generated images, your IP, or your password. After 30 days, Firebase automatically rotates the logs and they are deleted.

5.5 What we DO NOT do with Pro data

We do not, and never will:

  • Sell your email or your prompt history to anyone, ever.
  • Use your data to train an AI model.
  • Send you marketing email unless you separately opt in.
  • Share your data with advertising or analytics third parties.
  • Use your data for credit scoring or lending decisions.

6. Sensitive data we explicitly do NOT touch (Free AND Pro)

  • Passwords for any service other than your Grok Automate account (handled exclusively by Firebase Auth), payment cards, banking info, ID documents, health data, location, contacts, calendars — the extension never reads or writes any of these.
  • Your Grok / xAI / X account credentials and cookies. We never read, copy, export, or transmit them. We rely on whatever authenticated session is already in your browser exactly like a normal visit to grok.com would.
  • Browsing history outside of grok.com. The extension cannot see it because it has no host permission for any other domain.

7. Children

The extension is intended for adults using Grok's commercial services under xAI's own age requirements. We do not knowingly collect any information from anyone under 13 (or 16 in jurisdictions where that is the GDPR-K threshold). If you believe a minor has signed up for Pro, email us and we will delete the account.

8. Your rights

On the Free tier

There is no server data to access, correct, or delete — everything is in your own browser. Clearing the extension's storage or uninstalling it deletes everything.

On the Pro tier

You can, at any time:

  • Access the data we hold about you via the in-extension Account view (when shipped) or by emailing privacy@grokautomate.com; we will send a plain-language summary of your Firestore document within 30 days.
  • Correct your email through Firebase account settings linked from the Account view (when shipped), or by contacting privacy@grokautomate.com.
  • Export your account record as JSON by emailing privacy@grokautomate.com (we respond within 30 days).
  • Delete your account from the Account view when available, or email privacy@grokautomate.com with subject line "Delete my Pro account". Account deletion:
    1. Cancels any active PayPal subscription.
    2. Deletes your Firestore users/{uid} document immediately.
    3. Deletes the Firebase Auth record (email, hashed password) immediately.
    4. Marks any 30-day operational logs containing your UID for scrubbing at the next rotation cycle.

We comply with GDPR data-subject requests, CCPA right-to-know / right-to-delete requests, and the equivalent rights in other jurisdictions.

Contact

privacy@grokautomate.com

We respond to privacy enquiries within 30 days.

9. Compliance with Chrome Web Store policies

We declare, for the Chrome Web Store review:

  • The extension's single purpose is: queueing prompts on grok.com/imagine and saving the resulting images/videos to disk.
  • The extension does not sell user data to third parties.
  • The extension does not use or transfer user data for purposes unrelated to its single purpose. (Pro tier account data is used only to enforce the Pro tier — daily limit, subscription status. It is never re-purposed for marketing, advertising or analytics.)
  • The extension does not use or transfer user data to determine creditworthiness or for lending purposes.
  • All data handling is consistent with this Privacy Policy, posted at https://www.grokautomate.com/privacy.

10. Changes to this policy

If we ever change the data-handling behavior (for example, if we add a new optional integration), we will update this document, raise the version number of the extension, and the Chrome Web Store update prompt will surface the change before you upgrade.

You can always see the diff at the project's source repository linked from the Chrome Web Store listing.