AI Transparency & Privacy Center
Transparency Philosophy
Modern developers require absolute clarity when running browser extensions that interact with LLM providers. Because tools like Claude and ChatGPT contain private project repositories, system logs, API credentials, and product strategies, extensions must operate inside sandboxed limits. This Transparency Center lists what Meter AI tracks, what it never touches, its architectural threat model, and the technical standards it obeys.
What Meter AI Collects
- Interaction Metrics: The count of messages submitted in the active session thread.
- Context Character Volumes: Character counts inside input prompts and replies to estimate token windows.
- Reset Timer State: Start times of conversational lockout sequences to predict reset triggers.
- Local Settings: User preferences, threshold alert configurations, and local sync indicators.
- License Verification: Subscription level checks processed via secure authentication tokens.
What We Never Collect
- Prompt Text Content: The raw text strings of your files, codebase imports, or replies.
- Personal Profiles: Usernames, real names, billing info, or local directory paths.
- Browser History: Webpages visited outside the explicitly supported LLM interfaces.
- Remote Telemetries: We do not deploy remote tracking scripts (e.g. Mixpanel, GA) inside the extension.
- External Auth Tokens: Your provider API keys or session cookies.
Architecture & Data Pipeline
Meter AI is designed as a local-first application. The flow diagram below traces how user input events are captured, processed, and stored entirely in your local browser sandbox, showing that no raw chat transcripts or credentials escape to the cloud.
Independent Standards We Obey
Meter AI's architecture aligns strictly with official browser specifications and global compliance frameworks. We build using the following objective standards to guarantee security:
- Chrome Manifest V3: We utilize the latest browser extension standard (MV3). This removes remote script execution capabilities, requiring all code to be packaged inside the signed `.crx` file.
- WebExtensions API: Built on cross-browser standards (supported by Google, Mozilla, and Apple), restricting extensions to standardized system permissions and runtime scopes.
- Content Security Policy (CSP): We enforce a strict CSP that blocks the loading of unverified remote code and halts cross-site scripting (XSS) vectors.
- Local Storage Boundaries (`chrome.storage.local`): Telemetry and character estimations are stored in isolated local browser storage, protected from script access by other tabs.
- Same-Origin Policy (SOP) & HTTPS: All communication, including optional subscription licensing checks, is restricted to secure HTTPS transport layers and isolated domains to prevent spoofing or interception.
Permissions Explained
When installing Meter AI, your browser asks for specific permissions. Below is a line-by-line justification for every permission declared in our manifest:
| Declared Permission | Required Scope | Technical Purpose & Safety Scope |
|---|---|---|
host_permissions: ["*://*.claude.ai/*"] |
Restricted | Enables content scripts to run observers on Claude's tab. This is restricted exclusively to the target interface. |
activeTab |
Temporary | Allows the extension to read layout geometry and inject DOM styling on demand, avoiding deep background monitoring. |
storage |
Local Only | Required to write countdown limits and session history in chrome.storage.local. |
declarativeContent |
Declarative | Activates the popup icon automatically when visiting target domains, reducing active background scripts. |
Known Limitations & Roadmap
As part of our commitment to transparency, we publish technical constraints and our product roadmap:
Known Limitations
- Estimate Error Margin (±6.5%): Character-to-token translations are heuristics. Specialized inputs (e.g. heavily formatted JSON arrays) may exhibit tokenization discrepancies compared to the official tokenizer.
- Server-Side Rate Tuning: Anthropic routinely adjusts web rate thresholds during peak compute congestion. Meter AI adjusts limits dynamically based on active telemetry averages.
Technical Roadmap
- Offline CSV Export: Ability to download all session limit structures directly to disk (planned for Q3 2026).
- Local Database Sync: Secure sync support across local devices via sandboxed developer profiles.