Privacy Policy | Grok Automation

Summary

Grok Automation is a browser extension that drives the grok.com user interface from inside your own Chrome session. We built it so that you can keep working at scale without handing your prompts, generated images, or generated videos to a third-party server.

In plain language:

The extension does not send your prompts to our servers.
The extension does not upload your generated images or videos to our servers.
The extension does not read pages outside grok.com.
Your queue history, project folders, and generation outputs live on your own device.
This website (grok-automation.com) collects minimal, privacy-respecting analytics so we can understand which pages are useful.

The rest of this policy explains the details, the few cases where data does leave your machine, and your rights.

Who this policy covers

This policy applies to:

The Grok Automation browser extension, distributed through the Chrome Web Store and compatible Chromium browsers.
The Grok Automation website at grok-automation.com and its subdomains.

We refer to the team that publishes Grok Automation as “we”, “us”, or “Grok Automation” below. Grok Automation is an independent product. It is not affiliated with, endorsed by, or sponsored by xAI Corp.

What the extension does with your data

Prompt text and generated media

When you queue prompts in the extension, the text is read from the popup or import file and sent to the grok.com tab in your own browser — the same way it would travel if you typed it into grok.com yourself. The extension does not copy that text to any Grok Automation server.

Generated images and videos are downloaded by your browser directly from grok.com or its content delivery network. The extension renames the files and writes them to your Downloads directory (or a project subfolder you configure). Those files are never uploaded anywhere by the extension.

Local storage on your device

The extension uses Chrome’s chrome.storage.local and IndexedDB to remember things between sessions:

Your queue, including pending, succeeded, and failed prompts.
Project names and folder layouts.
Per-mode preferences (aspect ratio, delay setting, Concat on or off, Upscale on or off).
Counts and timestamps for the current rate-limit window.

This data is stored on your computer, inside your Chrome profile. It is not synced to a Grok Automation server. If you uninstall the extension or clear extension data in Chrome, this storage is removed.

Permissions the extension requests

The extension declares the minimum permissions needed to drive grok.com:

Host permission for https://grok.com/* and https://*.grok.com/* — so the content script can read the page state and trigger the prompt submission UI on your behalf.
storage — to keep your queue and preferences between sessions.
downloads — to save generated images and videos into the project folder you choose, with deterministic file names.
scripting / activeTab (where applicable) — to inject the automation logic into the grok.com tab when you start a batch.

The extension does not request permission to read pages on other sites. It does not request access to your browsing history, bookmarks, cookies for other sites, identity, or any other broad-scope permission.

What the extension never does

It does not send your prompt text, generated media, file names, or queue contents to a Grok Automation server.
It does not log your grok.com session cookies, password, or any other credential.
It does not read any tab other than the grok.com tab you are running a batch in.
It does not run when you are not on grok.com.
It does not include third-party trackers, advertising SDKs, or analytics inside the extension itself.

Diagnostic data the extension may send

When something goes wrong — a crash inside the extension, an unhandled error, a failed install — a minimal diagnostic event may be reported so we can fix the bug. This event includes:

A short error message and a stack trace pointing at the extension’s own code.
The extension version and your browser’s user-agent string.
An anonymous, randomly generated installation ID that lets us deduplicate the same crash reported twice.

It does not include your prompts, generated media, file names, project names, or grok.com account information. You can disable diagnostic reporting from the extension’s settings page; it is on by default so we can react to regressions quickly.

Optional paid features and accounts

The core batch workflow is free and works without an account on grok-automation.com. If you opt into a paid plan or in-app upgrade in the future, you will be asked to provide:

An email address, used for receipts, security notices, and license recovery.
Billing details, collected and stored by our payment processor (Stripe or an equivalent regulated provider). We receive only the last four digits of the card, the card brand, and the country — never the full card number.

Paid licenses are tied to that email address; canceling stops further charges. We do not sell or rent your email address to anyone.

What the website collects

The website at grok-automation.com is a static marketing site. Visiting a page sends only what every website sees: your IP address, browser user-agent, requested URL, and referring page.

Server logs

Our hosting provider keeps short-lived request logs for security and abuse prevention. These logs include IP address, timestamp, requested URL, and response code. They are retained for no longer than 30 days and are not joined with any other data set.

Analytics

If we run analytics, we use a privacy-respecting product (such as Plausible, Fathom, or Vercel’s first-party analytics) that:

Does not set persistent identifying cookies.
Does not fingerprint visitors.
Does not export data to advertising networks.

What we look at is aggregate: which pages get traffic, which referrers send it, and which countries the traffic comes from. We do not look up an individual visitor.

Cookies

The marketing site does not need cookies for its core function and does not set any advertising or cross-site tracking cookies. If we add a feature that requires a cookie (for example, remembering that you dismissed a banner), we will use a first-party cookie and disclose it here.

Waitlist and contact forms

If you submit your email through a waitlist or a contact form, we store that email so we can write back. It is used only for the conversation you started or the launch notification you signed up for. You can ask us to delete it at any time.

Third-party services we rely on

We try to keep the list short. As of the last updated date, the third parties that may receive data on our behalf are:

The Chrome Web Store (Google). Distributes the extension and runs the install funnel. Subject to Google’s privacy policy.
Our website host and CDN. Serves the marketing site; sees standard request metadata (IP, user-agent).
A payment processor (e.g., Stripe). Handles billing for paid features when available. Subject to the processor’s own privacy policy.
A transactional email provider. Sends receipts and security notices to addresses you give us.
An optional analytics tool. As described above, configured in a privacy-respecting mode.

We do not share, sell, rent, or trade your personal information with advertisers, data brokers, or AI training data buyers.

Your rights

Depending on where you live, you may have specific rights over the personal information we hold about you:

Access — ask us what data we hold about you.
Correction — ask us to fix data that is wrong.
Deletion — ask us to delete data we hold (subject to legal record-keeping duties).
Portability — ask us to export your data in a portable form.
Objection / restriction — ask us to stop processing your data for a given purpose.

Because the extension keeps almost everything locally, the simplest way to delete extension data is to uninstall the extension or clear its storage in Chrome at chrome://extensions. For data we hold on our side (for example, your account email if you have a paid plan), write to [email protected] and we will respond within 30 days.

California residents have additional rights under the CCPA / CPRA, including the right not to be discriminated against for exercising those rights. We do not “sell” personal information under that statute’s definition.

Users in the European Economic Area and the United Kingdom can lodge a complaint with their local data protection authority if they believe we have mishandled their data.

Children

Grok Automation is not directed at children under 13 (or under 16 in jurisdictions where that is the applicable digital-consent age). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact [email protected] and we will delete it.

Security

We use industry-standard practices to protect the data we do hold:

HTTPS everywhere, both for the marketing site and for any API the extension might call.
Encryption at rest for any account data we store.
Principle-of-least-privilege access for our own team.
Third-party processors (payment, email) chosen for their security posture.

No system is perfectly secure. If we discover a breach that affects you, we will notify you in line with the laws that apply where you live.

International data transfers

We are a small team and may operate from outside your country. If you contact us or sign up for a paid plan, your information may be processed in the country we work from or in countries where our service providers are located. Where required, we rely on Standard Contractual Clauses or equivalent safeguards for international transfers.

Changes to this policy

We will update this page when the way we handle data changes. The “Last updated” date at the top of this page reflects the most recent change. For material changes (for example, a new category of data collection), we will give clear notice in the extension and on the website before the change takes effect.

Contact

Questions, requests, or anything else: email [email protected]. We reply within one business day on weekdays.