EnglishFlow Privacy Policy
For EnglishFlow: Read, Write & Reply in English, a Chrome extension by
Wisteria Software Ltd.
Last updated: July 6, 2026
Privacy Summary:
- Single purpose: EnglishFlow helps users read, translate, rewrite, and reply in different languages on supported websites.
- User-triggered processing: Text is sent for AI processing only when you request translation, rewriting, or reply assistance.
- Local settings: Language preferences, model settings, API endpoint, and API key are stored in browser extension storage.
- API providers: Requests may be sent to the AI API endpoint you configure, including DeepSeek or a Wisteria Software API endpoint.
- No advertising use: We do not sell user data, use it for targeted ads, or build advertising profiles.
1. Scope
This policy applies only to the EnglishFlow Chrome extension. Other Wisteria Software products have separate product behavior and may be described in the general Wisteria Software Privacy Policy.
EnglishFlow is designed around a narrow purpose: helping users translate selected text, rewrite marked input, and draft replies on supported websites without switching tabs.
2. Chrome Web Store Limited Use Statement
EnglishFlow uses user data only to provide and improve its disclosed single purpose: multilingual reading, translation, writing, and reply assistance.
EnglishFlow does not use user data for targeted advertising, credit decisions, unrelated analytics, user profiling, resale, or any purpose unrelated to its translation and writing features. We do not sell, rent, or trade user data.
3. Data Handled by EnglishFlow
| Data type | What it includes | Where it is stored or sent | Why it is needed |
|---|---|---|---|
| User settings | Native language, target language, translation mode, tone, and interface preferences | Browser extension storage | To remember your translation and writing preferences |
| API configuration | API endpoint, model name, and API key | Browser extension storage; sent to the configured API provider when needed for authentication | To call the AI API service you configure or use |
| Selected text | Text you select on a supported webpage and ask EnglishFlow to translate | Sent to the configured AI API endpoint only after your action | To generate the requested translation |
| Typed or marked input | Text you enter into a supported input field, such as text between ;;; markers |
Sent to the configured AI API endpoint only after your action | To rewrite or translate the text you asked EnglishFlow to process |
| Limited page context | Relevant nearby text or selected context when needed for reply assistance | Sent only when needed for the requested writing or reply action | To make the generated reply more relevant |
| Website surface | Whether the current supported website is X/Twitter, Reddit, Gmail, Google, YouTube, Telegram, Product Hunt, LinkedIn, GitHub, Discord, Facebook, WhatsApp, or WeChat Web | Used locally by the extension | To adapt input handling and writing behavior for the current website |
4. API Requests and Wisteria Software API
EnglishFlow declares access to https://api.deepseek.com/* and
https://api.wisteriasoftware.uk/* so it can send user-requested AI processing requests to the
configured API service.
By default, the extension is configured for DeepSeek. If you configure or use a Wisteria Software API endpoint, the selected text, typed text, limited context, model settings, and any required authentication credential may be sent to Wisteria Software's API to return the requested translation, rewrite, or reply.
Wisteria Software does not use EnglishFlow request content for advertising, user profiling, resale, or unrelated analytics. Wisteria Software may process limited technical data, such as request time, endpoint, status code, error information, and security logs, where reasonably necessary to operate, secure, debug, and prevent abuse of the API service.
If the configured endpoint uses an upstream AI provider to generate the response, that provider may process the submitted text under its own privacy policy and terms. You should only configure API providers you trust.
5. API Key Handling
- Your API key is stored in browser extension storage on your device.
- Your API key is sent to the configured API endpoint only when needed to authenticate a request.
- If you configure DeepSeek, the API key is sent to DeepSeek for authentication.
- If you configure a Wisteria Software API endpoint that requires authentication, the credential may be sent to Wisteria Software for authentication.
- You can change or remove your API key in EnglishFlow settings.
6. Website Access and Permissions
EnglishFlow requests access to supported websites so it can provide visible user-facing features: detecting selected text, showing a floating translation button, adding a right-click translation command, detecting supported input fields, and replacing marked text after a requested rewrite.
Supported websites may include X/Twitter, Reddit, Gmail, Google, YouTube, Telegram Web, Product Hunt, LinkedIn, GitHub, Discord, Facebook, WhatsApp Web, and WeChat Web.
| Permission | Why EnglishFlow uses it |
|---|---|
storage |
Saves user settings, API configuration, and API key in browser extension storage. |
contextMenus |
Adds a user-triggered right-click menu item for translating selected text. |
activeTab |
Temporarily accesses the current tab after you click the extension button or use a user-triggered action. |
scripting |
Activates EnglishFlow on the current page so translation controls and input-field writing features can work. |
permissions |
Requests optional permissions, such as local integration access, only when you enable the related feature. |
7. Optional Local Integrations
EnglishFlow declares optional access to localhost and 127.0.0.1 addresses. These
optional permissions can support local services on your own device, such as a local inbox app, Obsidian-related
integrations, or local development tools.
Local access is not enabled by default. EnglishFlow requests it only after you enable a local integration and approve the browser permission prompt.
8. What EnglishFlow Does Not Do
- EnglishFlow does not continuously collect all page text.
- EnglishFlow does not collect browsing history for advertising or analytics.
- EnglishFlow does not sell, rent, trade, or share user data with advertisers or data brokers.
- EnglishFlow does not use user data for targeted advertising or user profiling.
- EnglishFlow does not collect payment information, contacts, location data, health information, financial information, or passwords.
9. Human Access
Human access to EnglishFlow user data is not allowed except where necessary for security, abuse prevention, legal compliance, or support requested by the user. Support access, if any, is limited to the information you choose to provide when contacting us.
10. Data Retention and Controls
User settings and API configuration remain in browser extension storage until you change them, clear extension data, or uninstall the extension.
Translation, rewriting, and reply requests are sent to the configured API endpoint only when needed for the action you requested. Retention by third-party API providers is governed by their own policies.
You can change or remove your API key, adjust language settings, revoke optional permissions through Chrome extension settings, clear extension storage, or uninstall EnglishFlow.
11. Security
EnglishFlow uses browser-managed extension storage for local settings and API configuration. API requests are sent over HTTPS when using the declared DeepSeek or Wisteria Software API endpoints.
You should keep your API key private and rotate it through your API provider if you believe it has been exposed.
12. Children's Privacy
EnglishFlow is not designed for children and does not knowingly collect personal information from children.
13. Contact
For privacy questions or requests, contact: [email protected]