Caret does not collect, transmit, or share any personal data.
All data is stored locally in your browser using chrome.storage.local. Two keys are written:
prompts: the prompt library you create and managesettings: per-site trigger symbol config and optional GitHub sync credentialsNo data leaves your device except as described below.
If you configure GitHub sync, Caret sends requests to the GitHub API to fetch prompt files from the repository you specify. Your GitHub Personal Access Token is stored in chrome.storage.local and is sent only to api.github.com. It is not encrypted at rest. Treat it like any other browser credential.
GitHub sync is read-only. Caret never writes to your repository. If a prompt from GitHub has the same name as one of your local prompts, the local version is preserved and the GitHub version is not imported.
Caret requests the following permissions:
storage: read and write prompt library and settings data locallysidePanel: open the side panel when the extension icon is clickedNo permission collects browsing history, tracks activity, or accesses data unrelated to prompt management.
If you have questions about this policy, open an issue at the project repository.