← Pinta

Privacy Policy

Effective 2026-04-29 · Pinta v0.2.0

1. What Pinta does

Pinta lets you annotate your running web app — drawings, element selections, comments — and hand the annotations to an AI coding agent that edits your project's source files. There are two pieces:

• The Chrome extension (this listing) — runs in your browser.
• The companion server (pinta-companion on npm) — runs on your machine on localhost, started by you.

2. What data Pinta handles

Locally, in your browser

• Annotations — selectors, sanitized outerHTML snippets (max 2 KB), nearby text, computed styles, your free-form comments, and full-page screenshots.
• Theme preference — light or dark, in chrome.storage.local.
• Standalone-mode sessions — when no companion is running, annotations are saved to IndexedDB (pinta-standalone database), keyed by the URL's origin.

Sent to the companion (localhost only)

When you click Submit, the extension sends the session payload over a WebSocket to 127.0.0.1 on the port the companion is listening on. The companion writes submitted sessions to .pinta/sessions/ inside your project root. Both ends are on your machine.

Sent to the agent

The companion exposes the session over an HTTP API and an MCP server, both on localhost. Your AI coding agent (running locally) reads the session and decides what to edit. Pinta has no connection to the AI provider — the agent's own privacy policy governs how it handles the prompt.

3. What Pinta does NOT do

• No analytics, no telemetry, no usage tracking.
• No remote servers. Pinta operates no cloud infrastructure.
• No third-party SDKs, ad networks, or trackers in the extension.
• No automatic capture of any kind. Annotations are user-initiated.
• No background screenshot capture. Screenshots happen only when you click Submit (and the screenshot toggle is on).

4. Sensitive-data handling

Captured outerHTML is sanitized client-side before it leaves the page: inline event handlers (onclick etc.), integrity, nonce, CSRF / token / auth / JWT / bearer attributes, and password input values are all stripped from the captured HTML. The capture is also truncated to 2 KB to bound exposure.

If you annotate inside a tab that has authenticated session state (cookies, tokens), the screenshot will of course render whatever's on the page — Pinta is showing the agent what you see. Treat your agent the same way you'd treat anyone you screen-share with.

5. Permissions used

• <all_urls> host permission — Pinta is a developer tool you invoke on your own running app at any URL. No site is targeted automatically.
• tabs — to read the active tab URL for routing the session to the matching project companion.
• activeTab + scripting — to inject the annotation overlay and to capture screenshots of the user-activated tab.
• sidePanel — to host the side-panel UI.
• storage — for theme preference; standalone sessions use IndexedDB.

6. Third-party resources

The extension bundles its fonts (Poppins) — no runtime fetch from Google Fonts. The landing page at kevzlou7979.github.io/pinta does load Google Fonts; that's a static site, not the extension. The extension itself makes no network calls beyond localhost.

7. How to delete your data

• Standalone sessions — open the side panel, hit the ✕ next to Copy. Or in Chrome DevTools → Application → IndexedDB → delete pinta-standalone.
• Companion sessions — delete .pinta/sessions/ from inside your project root.
• Theme preference — Chrome → Settings → Site settings → clear extension storage.
• Uninstall — removing the extension removes everything except files the companion wrote to your project (which are yours to manage).

8. Children

Pinta is a developer tool. It is not directed at children under 13.

9. Changes to this policy

Material changes will be reflected by bumping the effective date at the top of this page and noted in the CHANGELOG.

10. Contact

Open an issue at github.com/kevzlou7979/pinta/issues or email kevzlou7979@gmail.com.