Security Overview

Last updated: April 2026

Extension security

  • Manifest V3 — Chisel is built on Chrome's most secure extension architecture. MV3 removes access to powerful APIs that prior versions allowed and enforces stricter code execution rules
  • Content Security Policy — a strict CSP is declared in the manifest. No inline scripts are evaluated and no external scripts are loaded at runtime
  • Message validation — every message passed between extension components (popup, content scripts, service worker) is validated: sender extension ID is checked, message type is required, and all payloads are sanitized before use
  • Input sanitization — every string that reaches our backend passes through a sanitization layer that strips control characters, limits length, and checks for injection patterns before any API call is made
  • No URL parameters — user data is never passed in URL query strings or hash fragments
  • Error boundaries — all Chrome API calls are wrapped in try/catch. Failures are handled silently or with graceful degradation — no unhandled exceptions reach the user

Data in transit

  • All communication between the extension and our backend uses HTTPS — no plain HTTP requests are ever made
  • Supabase JWTs are verified on every API request before any business logic executes. Expired or malformed tokens are rejected with a 401
  • Every API route rejects requests that do not carry a valid authenticated token. There are no public API endpoints that accept user data
  • CORS is locked to the specific Chrome extension ID — requests from any other origin are rejected at the edge with a 403 before reaching any handler
  • Rate limiting is enforced per-user on every endpoint to prevent abuse and protect API key budgets

Payment security

  • All payments are handled entirely by Stripe — PCI DSS Level 1 compliant, the highest certification available
  • We never see, store, or transmit card numbers, CVV codes, expiry dates, or billing addresses. That data flows directly between your browser and Stripe's servers
  • Our backend receives only a Stripe subscription status and customer ID — nothing financial
  • Stripe's infrastructure undergoes regular independent security audits. Details at stripe.com/docs/security

Data at rest

  • Free tier — all data lives in Chrome local storage on your device. It is never transmitted to any server and is automatically removed if you uninstall the extension
  • Chiseled tier — prompt library and account data are stored in Supabase, encrypted at rest using AES-256. Supabase infrastructure runs on AWS with SOC 2 compliance
  • API keys and secrets — Anthropic API keys, Supabase service keys, and Stripe secret keys are stored as environment variables in Vercel. They are never committed to source code or exposed in any client-facing file
  • Prompt content — the text of your prompts is never written to a database or log on our servers. It passes through memory only during the API call to Anthropic, then is discarded

What we never do

  • Auto-submit prompts to Claude or ChatGPT — the user always clicks Send
  • Read page content beyond the AI input field you are actively typing in
  • Log prompt content on our servers at any point in the pipeline
  • Store credentials, tokens, or sensitive values in localStorage or sessionStorage
  • Use localStorage or sessionStorage — only chrome.storage is used for persistence
  • Load third-party scripts into AI sites — the content script is self-contained
  • Make requests to any domain other than our own Vercel backend and Supabase

Responsible disclosure

If you discover a security vulnerability in Chisel — in the extension, the website, or our backend — please email hello@usechisel.co before any public disclosure. Include a description of the issue and steps to reproduce. We will acknowledge your report within 48 hours and work with you on a resolution timeline. We ask that you give us reasonable time to investigate and patch before going public. We do not currently offer a bug bounty program, but we will credit researchers who report valid vulnerabilities if they wish to be acknowledged.