MAIBAAM Privacy Policy

Effective date: May 1, 2026 Last updated: May 1, 2026

MAIBAAM (“Multi-Agent Integrated Browser AI Assistance Manager”) is a browser extension that provides an AI-powered assistant overlay. This policy explains what data MAIBAAM handles and how.

Summary

MAIBAAM is local-first. All user data stays on your device.
No analytics, no telemetry, no tracking. We do not collect, transmit, or sell any user data.
API keys you provide are stored encrypted and sent only to the AI provider you chose.
The optional local backend runs entirely on localhost.

Data Storage

All data is stored locally on your device using Chrome’s chrome.storage.local API and IndexedDB:

Chat history — stored in IndexedDB, never transmitted to any MAIBAAM-controlled server
Settings and preferences — stored in chrome.storage.local
Slot contents (code snippets, notes) — stored in IndexedDB
Session snapshots — stored in IndexedDB for session restore
RAG cards — stored in chrome.storage.local

No data is synced to any cloud service operated by MAIBAAM.

Encrypted Vault

MAIBAAM includes an optional encrypted vault for sensitive documents:

Encryption: AES-256-GCM via the Web Crypto API
Key derivation: PBKDF2 with 250,000 iterations
Salting: unique random salt per document
Storage: encrypted ciphertext stored in IndexedDB
Decryption: only possible with the user’s password, which is never stored

Vault contents are never transmitted — not to MAIBAAM servers, not to AI providers, not to the local backend.

API Keys and AI Providers

MAIBAAM supports multiple AI providers. When you enter an API key:

The key is stored in chrome.storage.local, encrypted at rest
The key is sent only to the respective provider’s API endpoint:
- Anthropic (Claude): api.anthropic.com
- OpenAI (GPT): api.openai.com
- xAI (Grok): api.x.ai
- DeepSeek: api.deepseek.com
- OpenRouter: openrouter.ai
- Brave Search: api.search.brave.com
Chat messages are sent to the selected provider when you initiate a conversation
MAIBAAM does not proxy, log, or intercept API traffic beyond what the provider requires

If you use the optional local backend with Ollama, all inference runs on your own hardware at localhost. No data leaves your machine.

Cookies

MAIBAAM requests the cookies permission solely to read the claude.ai session cookie for the opt-in Claude Code Bridge feature (disabled by default). This enables users with an active Claude subscription to hand off prompts to their own claude.ai session. The cookie is:

Read-only — MAIBAAM never creates, modifies, or deletes cookies
Used only to authenticate requests to claude.ai on your behalf, via the user’s own claude.ai tab
Never transmitted to any third party

Content Scripts

MAIBAAM injects a content script on web pages to render the assistant overlay. The overlay:

Runs inside an isolated Shadow DOM — it does not read or modify page content
Does not scrape, collect, or transmit any information from the pages you visit
Does not track your browsing history or activity

The https://*/* permission in the manifest is required to display the floating overlay on any page.

Native Messaging (Optional)

If you install the optional MAIBAAM native host:

It communicates with the extension via Chrome’s Native Messaging API
It is used solely to start, stop, and monitor the local backend services
It runs on localhost only — no network communication
It does not collect or transmit any data

Local Backend (Optional)

The MAIBAAM local backend is an optional component that runs entirely on your device:

All services bind to 127.0.0.1 (localhost) by default
Optional LAN access can be enabled by the user for cross-device use
Data stored in the backend’s SQLite database and file system stays on your device
The backend does not phone home, send telemetry, or communicate with external servers

Third-Party Services

MAIBAAM itself does not operate any cloud services. When you use a cloud AI provider, your data is subject to that provider’s privacy policy:

Children’s Privacy

MAIBAAM is not directed at children under 13 and does not knowingly collect data from children.

Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted to this document with an updated “Last updated” date.

Contact

For questions about this privacy policy, contact: phimonic@gmx.net

Project homepage: maibaam.com