Privacy Policy — GPT Codex Burn

Last updated: May 2026

GPT Codex Burn does not collect, transmit, or share any personal data with any third party, with the sole exception of optional license key verification handled by Gumroad (see below). All core data processing occurs locally on the user's device.

Data Handling

Data	Where it stays	Sent externally?
Usage metrics (session %, weekly %, reset times)	Device only (`chrome.storage.local`)	No
User settings (thresholds, notification preferences)	Chrome sync storage (`chrome.storage.sync`)	Synced across the user's browsers via their Google account; not transmitted to any external servers by the extension
chatgpt.com session cookies	Not accessed, read, or stored by the extension	No — attached automatically by the browser on fetch requests
Bearer token (access token)	Device only (`chrome.storage.local`, cached 25 min)	No
Supporter license key	Device only (`chrome.storage.local`)	Sent to Gumroad API for one-time verification only
Supporter tier	Device only (`chrome.storage.local`)	No

What the Extension Does

Fetches a session token from chatgpt.com/api/auth/session using your existing browser login session.
Fetches usage data from chatgpt.com/backend-api/wham/usage using that token.
Displays usage metrics locally in the browser toolbar badge and popup.
Sends optional browser notifications (toast or system notifications) based on user preferences.
All processing happens on the user's device. The extension does not operate any backend server.

Optional: Supporter License Verification

If you choose to activate a Supporter license key, the extension sends that key to the Gumroad license verification API (api.gumroad.com/v2/licenses/verify) for a one-time validation. No other personal data is included in this request.

Gumroad's privacy policy governs this interaction: https://gumroad.com/privacy

What the Extension Does Not Do

Does not access, read, store, or transmit authentication credentials or cookies.
Does not track browsing history or website content.
Does not use analytics, crash reporting, or any third-party SDK.
Does not execute remotely hosted code.

Permissions Used

Permission	Reason
`storage`	Stores usage metrics and user preferences locally and via Chrome sync
`notifications`	Displays optional usage alerts based on user-defined thresholds
`alarms`	Periodically updates usage metrics and triggers scheduled alerts
`scripting`	Injects in-page toast notifications into the active browser tab
`tabs`	Identifies the currently focused tab for toast delivery
`<all_urls>`	Allows toast notifications to appear on any website tab

Changes to This Policy

If this policy is updated, the "Last updated" date above will be revised. Continued use of the extension after any changes constitutes acceptance of the updated policy.

Contact

If you have any questions about this Privacy Policy, please contact:

Email: niztodream@gmail.com