Overview
Collectivus Browser Bridge ("the extension") is a companion Chrome extension for the Collectivus AI agent platform. It lets an AI agent you control perform limited browser actions (navigate, click, type, read page text, capture viewport screenshots) in tabs you already have open, using your existing website logins.
The extension does not sell your data. It connects only to the Collectivus API instance you configure during pairing (for example https://api.collectivus.ai/v1).
What data the extension accesses
- Page content — When your agent requests an action, the extension may read visible text and interactive elements from the active tab on sites where you have granted host permission.
- Screenshots — When your agent requests a screenshot, the extension captures the visible viewport of the active tab (PNG, base64-encoded) and sends it to your Collectivus backend for analysis.
- Session token — After pairing, an opaque session token is stored locally in
chrome.storage.local so the extension can reconnect to your Collectivus instance. - API base URL — The Collectivus API URL you enter in the extension popup is stored locally for reconnect.
What the extension does not do
- It does not run in the background scraping pages without an agent command.
- It does not request blanket access to all websites at install time. Host permissions are optional and requested per-site when needed.
- It does not execute remote code from the server — only structured JSON commands.
- It does not collect passwords you type into websites (agents act through your session).
How data flows
- You enable Browser Extension tools on an agent and generate a pairing code.
- You enter the code and API URL in the extension popup.
- The extension pairs with your Collectivus tenant via HTTPS.
- When you chat with an agent and it invokes a browser tool, commands travel over a WebSocket to the extension; results return to your Collectivus instance.
Data processed during agent sessions is subject to your Collectivus tenant's policies and your organization's Collectivus deployment terms.
Permissions explained
- activeTab / scripting — Inject the content script to read or interact with the page when your agent requests it.
- tabs — Navigate tabs, read tab URL/title, capture visible-tab screenshots.
- storage — Persist pairing token and API URL locally.
- alarms — Reconnect scheduling if the WebSocket drops.
- optional host permissions (https://*/*) — Requested at runtime per origin when you or your agent navigate to a new site.
Data retention and deletion
Local extension storage is cleared when you click Disconnect in the popup or when you remove the extension. Disconnecting in the Collectivus admin UI (Agent → Tools) revokes the server-side binding.
Children
The extension is intended for business use and is not directed at children under 13.
Changes
We may update this policy. The "Last updated" date at the top will change when we do.