DualTran Privacy Policy
Last updated:
About DualTran
DualTran is a browser extension that helps you translate full pages or selected text between languages, and view original and translated content side by side. It supports Google Translate and Text-to-Speech (TTS), as well as AI providers you configure.
Built-in AI Providers
The extension includes built-in definitions for these AI providers (you must supply your own API key to use any of them):
- Global: OpenAI, Anthropic (Claude), Google Gemini, Mistral AI, Cohere, Together AI, Groq, Perplexity, xAI (Grok), Deep Infra, Cerebras, Vercel AI Gateway
- Aggregator: OpenRouter (300+ models across providers)
- Enterprise: Azure OpenAI
- China: DeepSeek, Zhipu/GLM, Moonshot/Kimi, Qwen/DashScope, Baidu/ERNIE, ByteDance/Doubao, iFlytek Spark
You can also add custom providers through the extension options. Providers are dynamically updated from models.dev when available, with built-in definitions as fallback.
Note: The manifest includes host permissions for Yandex Translate, Bing Translator, DeepL, and Microsoft Translator for potential future use; these services are not actively enabled in the current version.
Data Safety Summary
- No collection or sale of personal data: We do not run servers to collect your personal information; no ads or third-party trackers are embedded.
- Only on-demand transmission: Text is sent to translation/TTS/AI services only when you explicitly request translation or speech.
- API keys stored locally: If you opt to use AI providers, your keys are stored in your browser's
storage.local, not uploaded to the developer. - Local cache is removable: Translations are cached in IndexedDB for performance; you can clear it in the extension options or by uninstalling the extension.
- No ad/marketing sharing: We do not share your data with third parties for advertising or marketing.
Chrome Web Store Disclosure Summary
- Collection: The developer does not collect user data.
- Processing: When you request translation/TTS/AI, necessary text is sent to your chosen provider; preferences and keys are stored locally.
- Sharing: No sharing for ads/marketing; text is transmitted only to complete translation/TTS/AI features.
- Purpose: Core functionality (translation, TTS, AI-enhanced translation).
- Retention: Local storage/cache persists until you clear it or uninstall; incognito tabs do not write persistent cache.
Content We Process
To provide translation and related features, the extension processes locally:
- Text content from pages you view, text you select, and text you input to translate.
- Runtime context to improve experience (e.g., detected language, target language, AI enhancement preferences).
- For TTS, the text to be spoken is sent to the TTS endpoint to generate audio.
Such information is processed on your device and only transmitted when you initiate translation, TTS, or AI translation.
How We Use Data
- When you translate, necessary text snippets are sent to the currently selected provider (e.g., Google Translate or a configured AI provider).
- To reduce duplicate requests and improve speed, results are cached in local IndexedDB.
- When using TTS, the text is sent to a TTS endpoint to return audio.
- When using AI providers, text blocks are sent wrapped in translation markup to the chosen provider's API endpoint along with your locally stored API key.
- No use for advertising, analytics, profiling, or data sales.
Third-party Services & Transfers
Your browser sends necessary text to the chosen service only when you request translation or speech.
Translation & TTS Service
- Google Translate & TTS (translate.googleapis.com, translate.google.com, TTS endpoints) — Privacy: Google Privacy Policy
AI Providers (only if you configure and use them)
Global Providers
- OpenAI (api.openai.com): Privacy Policy
- Anthropic (api.anthropic.com): Privacy Policy
- Google Gemini (generativelanguage.googleapis.com): Google Privacy Policy
- Mistral AI (api.mistral.ai): Privacy Policy
- Cohere (api.cohere.com): Privacy Policy
- Together AI (api.together.xyz): Privacy Policy
- Groq (api.groq.com): Privacy Policy
- Perplexity (api.perplexity.ai): Privacy Policy
- xAI / Grok (api.x.ai): Privacy Policy
- Deep Infra (api.deepinfra.com): Privacy Policy
- Cerebras (api.cerebras.ai): Privacy Policy
- Vercel AI Gateway (api.vercel.ai): Privacy Policy
Aggregator
- OpenRouter (openrouter.ai): Privacy Policy
Enterprise
- Azure OpenAI ({your-resource}.openai.azure.com): Microsoft Privacy Statement
China-based Providers
- DeepSeek (api.deepseek.com): Privacy Policy
- Zhipu GLM (open.bigmodel.cn): Privacy Policy
- Moonshot Kimi (api.moonshot.cn): Privacy Policy
- Qwen DashScope (dashscope.aliyuncs.com): Privacy Policy
- Baidu ERNIE (qianfan.baidubce.com): Privacy Policy
- ByteDance Doubao (ark.cn-beijing.volces.com): Privacy Policy
- iFlytek Spark (spark-api-open.xf-yun.com): Privacy Policy
Custom / Dynamic Providers
You may add custom AI providers through the extension options. Provider definitions are also updated from models.dev (a community-maintained provider directory). Data sent to custom or dynamically discovered providers is transmitted over HTTPS to the API base URL you configure, and is governed by that provider's privacy policy.
Note: Data is transmitted to complete translation/TTS/AI features and governed by the respective provider's privacy policy. Providers may process data on servers located in various countries/regions.
API Keys & Accounts
- If you use AI providers, you may enter API keys in the extension settings for any supported or custom provider.
- Keys are stored locally in
chrome.storage.localand are not uploaded to the developer. - When you make an AI request, we send only necessary text and the authorization header (e.g.,
Authorization: Bearer <key>,x-api-key, or query-parameter-based auth) to the selected API endpoint, depending on the provider's authentication scheme. - For OpenRouter,
HTTP-RefererandX-Titleheaders may be sent as required for source attribution (customizable in settings). - For providers using query-parameter authentication (e.g., Google Gemini), the API key is sent as a URL query parameter.
- Protect your keys. You can delete or rotate them at any time, or uninstall the extension to remove all local data.
Local Storage, Cache & Retention
- Preferences & keys: Saved in
chrome.storage.local(not synced across accounts). Includes provider configurations, API keys, selected models, and custom provider definitions. - Translation cache: Stored in IndexedDB (per service/language), used to reduce duplicate requests.
- Provider/model cache: Provider definitions and model lists fetched from models.dev are cached locally with a 24-hour TTL in
chrome.storage.local. - Deletion: Clear cache from the options page, or uninstall the extension to remove all local data (including preferences, cache, keys).
- Incognito: When a request originates from an incognito tab, results are not written to persistent cache.
- Retention: Data persists locally until you clear it or uninstall.
Browser Permissions
To provide core features (Manifest V3):
- storage: Save preferences, API keys, provider configurations, and cached provider/model data locally.
- activeTab: Inject scripts into the current tab when you interact with the extension.
- contextMenus: Provide context menu entries (translate page/selection).
- webRequest: Read document MIME type via onHeadersReceived to improve handling; not used to intercept for data collection.
- alarms: Delay auto-translate after DOMContentLoaded for compatibility.
- offscreen: Play TTS audio from the service worker via an offscreen document.
- declarativeNetRequest: Modify the User-Agent request header for specific Microsoft Translator endpoints (edge.microsoft.com/translate/auth and api-edge.cognitive.microsofttranslator.com) to facilitate authentication. This does not collect or redirect data.
- optional_permissions → webNavigation: Optional for auto-translate on same-domain navigation.
- host_permissions: Declared for hosts where Chrome extension APIs (webRequest, declarativeNetRequest) may need access:
https://translate.googleapis.com/*,https://translate.google.com/*— Google Translate & TTShttps://api.openai.com/*— OpenAIhttps://api.anthropic.com/*— Anthropichttps://generativelanguage.googleapis.com/*— Google Geminihttps://openrouter.ai/*— OpenRouterhttps://api.deepseek.com/*— DeepSeekhttps://api.x.ai/*— xAI / Grokhttps://*.openai.azure.com/*— Azure OpenAIhttps://edge.microsoft.com/*,https://api-edge.cognitive.microsofttranslator.com/*— Microsoft Translator (reserved; also used by declarativeNetRequest)https://translate.yandex.net/*,https://www.bing.com/*,https://www.deepl.com/*— reserved for potential future translation serviceshttp://127.0.0.1/*,http://localhost/*— local AI services (e.g., Ollama, LM Studio)
Note: Other AI providers (Mistral, Cohere, Together, Groq, Perplexity, DeepInfra, Cerebras, Vercel AI Gateway, Zhipu, Moonshot, Qwen, Baidu, ByteDance, iFlytek) are accessed via
fetch()from the extension's service worker, which does not require explicit host permissions. All requests are sent only when you initiate translation.
Note: Content scripts match <all_urls> to operate on arbitrary pages. Text is only used locally and with providers you choose.
Your Choices & Controls
- Switch providers and target languages in the popup or options page.
- Add, edit, or remove custom AI providers.
- Enter, edit, or delete API keys at any time.
- Clear local translation cache in the options page.
- Provider/model data from models.dev is refreshed automatically (24-hour cache); you can manually refresh from the options page.
- Disable or uninstall the extension at any time (uninstall removes all local data).
Children
DualTran is not directed to children under 13 and does not knowingly collect information from children.
Security
- No developer-operated backend minimizes centralized storage risk.
- API keys are stored locally in
storage.local. Note: browser local storage is not a dedicated secrets vault; avoid using shared devices or remove keys after use. - All requests are sent over HTTPS to the selected providers. Localhost endpoints (
http://127.0.0.1,http://localhost) are the exception, intended for local-only AI services.
Cross-border Transfers
When using third-party translation/AI/TTS services, text and necessary metadata are sent to servers that may be located in other countries/regions, subject to each provider's policy. In particular, China-based providers (DeepSeek, Zhipu, Moonshot, Qwen, Baidu, ByteDance, iFlytek) process data on servers located in China.
Changes to this Policy
We may update this policy due to feature or policy changes. Updates will be posted on this page with a new "Last updated" date. Material changes may be announced in release notes or the store listing.
Contact
If you have questions about this policy or our data practices, please contact us via the "Contact the developer / Support" entry on the Chrome Web Store listing.