Security & Privacy

At Selfotix, we believe that powerful automation should not come at the expense of your privacy. Because our tool operates directly inside your browser to perform tasks, it requires access to the websites you visit. We take this responsibility seriously.

This document explains how we handle your data, why we require certain browser permissions, how we build our software securely, and what you can do to keep your automated tasks safe.

1. Where Your Data Lives (Zero Server Storage)

Many automation tools send your data to their own company servers to process it. We do exactly the opposite. Selfotix is designed so that your data never leaves your computer.

  • Zero Cloud Storage: Your scraped data, the workflows you build, and the websites you target exist only on your personal device. We do not have a central database collecting your information, and our team cannot see or access your automated tasks.
  • Your Workflows: All saved workflows and configurations are saved directly to your browser’s secure, built-in storage.
  • Your API Keys: If you connect a third-party AI provider (like OpenRouter) using an API key, that key is saved only on your device. We never see your API keys, and we never read your AI prompts.

2. Our Security & Development Standards

To ensure the safety of our users, we follow strict software development protocols:

  • Chrome Web Store Approved: Our extension is peer-reviewed, verified, and officially approved by the Google Chrome Web Store review team to ensure it meets strict security, privacy, and performance guidelines.
  • Internal Peer Review: Every single update or new feature added to this extension undergoes rigorous internal review by our development team before being released to the public.
  • Tracked Changes: All updates to the software are strictly tracked and documented so we maintain a complete, transparent history of how the tool operates.

3. A Transparent Guide to Our Browser Permissions

To automate web tasks exactly like a human would (clicking, typing, and reading), our extension needs permission to interact with your browser. Here is exactly what those permissions are and our strict boundaries for using them:

  • “Read and change all your data on the websites you visit”
    • Why we need it: This is the engine of the automation. It allows the tool to read text on the page and interact with the website (like clicking buttons or typing into search bars).
    • Our Boundary: The extension only interacts with a webpage when you explicitly click the “Run” button on a workflow. It does not passively monitor or record your browsing history in the background.
  • “Read and modify your clipboard”
    • Why we need it: We offer “Copy” and “Paste” actions. To simulate pasting data into a tricky form field, the tool must temporarily place data into your clipboard and paste it.
    • Our Boundary: The tool will never read your clipboard unless a workflow specifically reaches a “Paste” step that you designed.
  • “Access your tabs and browsing activity”
    • Why we need it: This allows the tool to run complex tasks—like opening new tabs, navigating to links, switching between tabs during a deep crawl, and taking screenshots.
    • Our Boundary: We only manage the specific tabs involved in your active automation run. We do not track what other tabs you have open.
  • “Storage” & “Notifications”
    • Why we need it: To save your workflow setups directly to your browser and to alert you with a pop-up notification when a long task finishes or encounters an error.

4. The Golden Rule: Be Careful with Imported Workflows

One of the best features of Selfotix is the ability to download and share workflow templates with others. However, you should treat downloaded workflows like any other software you install.

If you download a workflow from an untrusted source on the internet, please review its steps before clicking “Run”:

  • Check the Destinations: A malicious workflow could include a hidden step designed to send the data you scrape to a stranger’s server. Always check the “Webhook URL” field in the settings before running an imported bot to ensure your data is only going where you want it to go.

5. Best Practices for Safe Automation

Because our tool relies entirely on your local browser, the overall security of your device matters. To automate safely, we strongly recommend the following:

  • Beware of Unverified Extensions: Do not run our extension if you have unverified, sideloaded, or untrusted extensions or applications installed on your device. Malicious apps on your computer could attempt to steal data from your browser. Only use software you trust.
  • Protect Your Wallet: Always set a strict spending or usage limit on your AI provider’s dashboard. Never plug an unlimited billing API key into any browser extension.
  • Avoid Sensitive Tabs: Do not run web scrapers in the same browser window where you are logged into highly sensitive accounts (like your online bank, cryptocurrency wallet, or workplace cloud consoles).
  • Test Before You Crawl: Before running a massive automated loop across hundreds of pages, run a quick 1-page test to ensure the bot is clicking the right buttons, extracting the correct data, and sending it to the right destination.