Why Clico Is Safe
Clico is built to help you write, not to monitor your browsing. Here is exactly what Clico accesses, what it ignores, and how your data is handled.
How Clico reads page content
When you press ⌘+O (or your configured shortcut), Clico reads the visible text on the current page to understand the context of what you are working on. This is how it generates relevant responses tailored to the page you are viewing.
Clico only reads the page at the moment you activate it. It does not continuously monitor, scan, or index your browsing activity. When you close the Clico dialog, it stops reading entirely.
For text fields (Gmail compose, Notion pages, Slack messages), Clico reads the contents of the specific field your cursor is in. This allows it to understand your draft and generate contextual suggestions.
In short:
- Clico reads page content only when you activate it via shortcut.
- It reads the visible page text and the active text field.
- It stops reading when you close the dialog.
- No background scanning, no history, no indexing.
What Clico never accesses
Clico is designed with explicit exclusions. The following data types are never read, stored, or transmitted:
Passwords
Password fields are detected and skipped automatically. Clico never reads password inputs.
Payment information
Credit card numbers, CVVs, billing addresses, and payment form fields are excluded.
Browsing history
Clico does not access your browser history, bookmarks, or previously visited pages.
Cookies and sessions
Clico does not read cookies, authentication tokens, or session data from any website.
Other tabs
Clico only reads tabs you explicitly select using the @ feature. It never automatically accesses other open tabs. You can delete your Clico history at any time from the extension settings.
Files and downloads
Clico cannot access your local file system, downloads folder, or any files on your device.
How Clerk handles user data
Clico uses Clerk for user authentication and account management. Clerk is an enterprise-grade identity platform that powers authentication for companies like Linear, Loom, and Perplexity.
When you create a Clico account, Clerk handles your email, password hash, and session management. Clico never stores your password directly. All authentication happens through Clerk's secure infrastructure.
Clerk is SOC 2 Type II compliant, meaning their security controls are independently audited. They follow industry best practices for data encryption at rest and in transit.
What Clerk manages for Clico:
- Account creation and email verification
- Password hashing and secure storage
- Session tokens and login state
- OAuth connections (Google, GitHub sign-in)
You can optionally use your own API keys for AI model providers (OpenAI, Anthropic, Google). When you do, your prompts go directly to the model provider without passing through Clico servers.
Chrome Web Store compliance
Clico is published on the Chrome Web Store and undergoes Google's review process for every update. This includes automated and manual checks for security, privacy, and compliance.
Clico follows the Chrome Web Store Developer Program Policies, which include requirements for:
- Minimum permissions: Clico only requests the permissions it needs to function.
- Transparent data use: A clear privacy policy explaining what data is collected and why.
- No remote code execution: All code is bundled in the extension and reviewed by Google.
- User consent: Clico does not activate without explicit user input (keyboard shortcut).
Our privacy policy is available at tryclico.com/privacy-policy and our terms of service at tryclico.com/terms-of-service.
Try Clico with confidence
Free to install. No API key needed. Your data stays yours.