← grip.

grip duck — Privacy Policy

Last updated: 2026-05-07

grip duck is a Chrome extension that overlays a Socratic AI coach on leetcode.com. It is built and maintained by Chirag Jhawar.

What we collect

Nothing. grip duck does not run any backend service and does not collect, store, or transmit any user data to its developer.

What stays on your device

  • Your API key(s) for Anthropic, OpenAI, and/or Google Gemini — stored in chrome.storage.local, accessible only to this extension on this browser profile.
  • Your active provider preference and default model name(s) — same storage.

You can clear all of this at any time from the extension's Options page (Clear all stored data).

What is sent to third parties

When you use the duck on a LeetCode problem, the extension makes direct HTTPS calls to the LLM provider you configured. Specifically:

  • The current LeetCode problem's title and description (read from the page)
  • The approach text you type into the duck panel
  • Any follow-up chat messages you send to the duck
  • Your submitted code (read from the LeetCode editor)
  • LeetCode's submission verdict + test results (read from the page after you click Submit)
  • Your runtime / memory stats if LeetCode shows them

These are sent to the provider you selected (Anthropic, OpenAI, or Google), authenticated with your API key. They are subject to that provider's privacy policy:

The extension does not send any of this data anywhere else — including to gripit.dev or any analytics provider.

Permissions explained

  • storage — to save your API keys locally on your device.
  • host_permissions: leetcode.com/* — to inject the overlay on LeetCode problem pages.
  • api.anthropic.com/*, api.openai.com/*, generativelanguage.googleapis.com/* — to call your chosen LLM provider directly.

The extension does not request tabs, webRequest, <all_urls>, or any broader permissions.

Network requests

During normal use the extension communicates with exactly two domains:

  1. leetcode.com — the page the user is already on.
  2. The LLM provider domain corresponding to the user's active configuration.

That's it. No telemetry. No analytics. No third-party servers.

Contact

Questions or concerns: hello@gripit.dev

← Back to grip.grip. webapp privacy →