Privacy Policy

Last updated: May 2026

Skim is a Chrome extension that lets you ask questions about PDFs using AI. This policy explains what data we collect, how we use it, and your rights.

Data we collect

• Google account information — your email address and unique Google user ID, obtained when you sign in with Google. We use this solely to identify your session.
• PDF text content — when you open a PDF, the extension extracts the text and sends it to our server to process your question. We do not store PDF content after your session ends (sessions expire after 2 hours of inactivity).
• Your questions — the questions you type are sent to our server and forwarded to Google's Gemini AI to generate answers. We do not store your questions after the response is returned.

Data we do not collect

• We do not collect browsing history or the URLs of pages you visit.
• We do not store PDF files — only the extracted text, temporarily, for the duration of your session.
• We do not sell or share your data with advertisers or data brokers.
• We do not use your data to train AI models.

Third-party services

Skim relies on the following third-party services to operate:

• Supabase — handles authentication (sign-in with Google). Your Google account ID and email are stored in Supabase to maintain your session. Supabase Privacy Policy.
• Google Gemini API — processes your questions against the PDF text to generate answers. Your question and the relevant PDF passages are sent to Google's API. Google Privacy Policy.
• Railway — hosts our backend server. Requests are processed on Railway's infrastructure. Railway Privacy Policy.

Data storage and retention

• Authentication tokens are stored locally in your browser using Chrome's chrome.storage.local API. They are removed when you sign out.
• PDF session data is held in server memory only for the duration of your active session (maximum 2 hours) and is never written to disk or a database.
• Account data (email, user ID) is stored in Supabase and retained until you request deletion.

Permissions

Skim requests the following Chrome permissions:

• storage — to save your authentication token locally so you stay signed in.
• identity — to facilitate Google sign-in via Chrome's identity API.
• activeTab — to detect when you are viewing a PDF in the current tab.
• webRequest — to detect PDFs served from websites by inspecting Content-Type response headers. No request contents are read or stored.
• Access to all URLs — required to fetch and read PDFs hosted on any domain, including those behind institutional logins such as university libraries and paywalled journals.

Your rights

You can sign out of Skim at any time via the extension's settings page, which removes your locally stored authentication tokens. To request deletion of your account data held in Supabase, contact us at the email below.

Changes to this policy

We may update this policy as the extension evolves. The "last updated" date at the top will reflect any changes. Continued use of the extension after changes constitutes acceptance of the updated policy.

Contact

Questions about this privacy policy? Email us at pdf.chat.extension@gmail.com or visit our support page.