Skip to main content

Auto-Coursera — AI-powered Coursera quiz assistant

Privacy Policy

Effective date: March 14, 2026

No analytics, no tracking, no accounts. Everything the extension knows stays on your device.

Important

What stays on your device

The following data never leaves your browser:

  • Settings and preferences — stored in Chrome's local storage
  • API keys — encrypted at rest with AES-256-GCM before being stored in Chrome's local storage
  • Quiz processing logic — all detection and DOM manipulation runs locally
  • UI state — popup state, widget state, and user choices

The extension makes three types of outbound connections — all documented below. Everything else stays on your device.

Important

What leaves your device

Auto-Coursera makes exactly three types of network requests. Nothing else.

Quiz data → AI provider

When you solve a quiz, the extension sends the question text (and images, if present) to the AI provider you configured. This is the core function of the extension — it happens only when you trigger it. Your API key authenticates the request.

What the extension reads from Coursera pages

  • Question text — the quiz question itself, extracted from the page
  • Answer options — the text of each multiple-choice or checkbox option
  • Question type metadata — single-choice, multiple-choice, or numeric, to determine how to process the response
  • Image URLs — if questions or options contain images, fetched and sent to vision-capable AI models
  • LaTeX / math expressions — rendered math blocks are converted back to LaTeX source text for the AI
  • Code blocks — read-only code from embedded editors, included as context for the AI prompt

What the extension does NOT read

  • Your Coursera account credentials
  • Your course enrollment data
  • Your grades or submission history
  • Your browsing activity outside of quiz pages
  • Your personal profile information
  • Other students' data

What gets sent to the AI provider

  • The question text and answer options, formatted as a prompt
  • Image data, if image-based questions are detected and the provider supports vision
  • Code blocks, if present in the question container
  • Nothing else — no Coursera session tokens, no cookies, no personal identifiers

All requests go directly from your browser to the provider's API, authenticated with your own API key. Our server is never involved.

Version check → autocr.nicx.me/version.json

Every 6 hours, the extension fetches a small JSON file to check if a new version is available. This request contains no user data — no identifiers, no cookies, no analytics parameters. It's a plain HTTP GET.

Browser auto-update → autocr.nicx.me/updates.xml

Chromium's built-in extension update system periodically checks for new versions. This is a browser-level feature, not something our code controls. It sends a standard Chromium update request with your extension ID and current version.

Permissions explained

Every permission Auto-Coursera requests, with a plain-language explanation of why.

activeTab
Grants temporary access to the tab you're currently viewing — only when you click the extension icon. This is how the extension reads quiz questions from the Coursera page. It cannot access any other tab, and access expires when you navigate away.
alarms
Allows the extension to schedule a repeating timer for update checks. The alarm fires every 6 hours, triggering a version-check request to our server. No user data is sent with this request.
storage
Gives the extension access to Chrome's local storage API. This is where your settings and encrypted API keys are saved. Data in storage stays on your device and is never synced to Google's servers (we use chrome.storage.local, not chrome.storage.sync).
tabs
Lets the extension open new tabs — specifically, the settings page on first install and the Coursera tab when you complete setup. The extension does not read your tab list, browsing history, or URLs of other tabs.
Host: *.coursera.org
Allows the extension to inject its content script on Coursera pages. The content script detects quiz questions, creates the floating widget, and highlights answers. It runs only on Coursera — never on any other website.
Host: autocr.nicx.me
Our distribution server. Used for two things: checking for extension updates and downloading new versions. No user data, analytics, or identifiers are sent.
Host: AI provider APIs
Connects to the AI provider you configured (e.g., openrouter.ai, generativelanguage.googleapis.com, api.groq.com, api.cerebras.ai, or integrate.api.nvidia.com). Quiz questions are sent to these endpoints when you trigger a solve. Your API key authenticates each request.
Host: image CDNs
Some Coursera quiz questions include images hosted on CDN domains. The extension needs access to these hosts to download question images and include them in the AI prompt for image-based questions.

Important

API key storage

Your API keys are the most sensitive data the extension handles. Here's what the extension does — and what it doesn't protect against:

  • Encrypted at rest with AES-256-GCM — keys are encrypted before being written to chrome.storage.local. They are never stored in plain text. This adds a layer of protection against casual inspection of stored browser data.
  • PBKDF2 key derivation with 100,000 iterations — the encryption key is derived from a device-bound value before encrypting your API keys.
  • Keys are never logged — not to the console, not to error reports, not to any external service. If an error occurs during an API call, the key is redacted from all log output.

What this doesn't cover: encryption at rest protects against someone reading raw storage data directly. It does not protect against malicious extensions with storage access, browser-level compromises, or a determined attacker with full access to your browser profile. Data in transit to AI providers is protected separately by HTTPS.

Important

What we don't do

  • No analytics or telemetry. We don't use Google Analytics, Plausible, PostHog, or any other tracking service.
  • No tracking pixels or fingerprinting. No invisible images, no canvas fingerprinting, no device identification.
  • No user accounts or registration. There is nothing to sign up for. The extension works without any identity.
  • No data collection or selling. We don't collect data, so there's nothing to sell. Our business model is: there isn't one.
  • No third-party scripts on this website. This website is static HTML, CSS, and minimal JavaScript. No trackers, no ads, no embedded content from third parties.

Third-party AI providers

When you use Auto-Coursera to solve a quiz, the question text is sent to whichever AI provider you configured. This is the only way the extension functions — the AI provider processes the question and returns an answer.

We don't control what AI providers do with your data. Each provider has its own privacy policy and data retention practices. We encourage you to review them:

You choose the provider. You provide the API key. The data goes directly from your browser to the provider's API — our server is never in the middle.

Data retention

Zero retention on our end. We don't operate a backend service. There is no database. There is no server processing your quiz data.

The extension processes everything locally in your browser. Quiz results are displayed in the page and stored temporarily in browser memory. When you close the tab or navigate away, that data is gone.

The only persistent storage is your settings and encrypted API keys in Chrome's local storage, which you control entirely.

Your rights

Since we don't collect any data, there's nothing to request, export, or delete on our side. But you're always in control:

  • Disable the extension to stop all processing and network requests instantly.
  • Uninstall the extension to remove all stored data, settings, and encrypted keys from your browser.
  • There is no account to delete — because there is no account. Nothing persists beyond your browser.

Contact

If you have questions about this privacy policy or how the extension handles your data:

Support Install Documentation