← grip.

grip duck — Privacy Policy

Last updated: 2026-05-19

grip duck is a Chrome extension that overlays a Socratic AI coach on leetcode.com. It is built and maintained by Chirag Jhawar (gripit.dev).

What we collect

Nothing. grip duck does not run any backend service and does not collect, store, or transmit any user data to its developer.

What stays on your device

  • Your API key(s) for Anthropic, OpenAI, and/or Google Gemini — stored in chrome.storage.local, accessible only to this extension on this browser profile.
  • Your active provider preference and default model name(s) — same storage.

You can clear all of this at any time from the extension's Options page (Clear all stored data).

What is sent to third parties

When you use the duck on a LeetCode problem, the extension makes direct HTTPS calls to the LLM provider you configured. Specifically:

  • The current LeetCode problem's title and description (read from the page)
  • The approach text you type into the duck panel
  • Any follow-up chat messages you send to the duck
  • Your submitted code (read from the LeetCode editor)
  • LeetCode's submission verdict + test results (read from the page after you click Submit)
  • Your runtime / memory stats if LeetCode shows them

These are sent to the provider you selected (Anthropic, OpenAI, or Google), authenticated with your API key. They are subject to that provider's privacy policy:

The extension does not transmit any of this data anywhere else. It does not send your code, problem text, keys, or activity to gripit.dev or to any analytics provider.

Links to gripit.dev

The extension contains links to the grip website (gripit.dev) — for example, in the popup and in the post-submission debrief. These links include campaign (UTM) query parameters so the website can measure how many visitors arrive from the extension.

  • The extension itself sends no analytics and runs no tracking. It does not record that you clicked, and it transmits nothing in the background.
  • If you choose to click such a link, you navigate to gripit.dev, which uses Google Analytics. What that website collects is described in the gripit.dev privacy policy — it is governed by that policy, not this one.
  • You are never required to click these links to use the extension.

Permissions explained

  • storage — to save your API keys locally on your device.
  • host_permissions: leetcode.com/* — to inject the overlay on LeetCode problem pages.
  • api.anthropic.com/*, api.openai.com/*, generativelanguage.googleapis.com/* — to call your chosen LLM provider directly.

The extension does not request tabs, webRequest, <all_urls>, or any broader permissions.

Network requests

During normal use the extension communicates with exactly two domains:

  1. leetcode.com — the page the user is already on.
  2. The LLM provider domain corresponding to the user's active configuration.

That's it. The extension performs no telemetry, embeds no trackers, and runs no analytics of its own. (Outbound links to gripit.dev carry campaign parameters, as described in “Links to gripit.dev” above; that data is collected by the website if you click through, not by the extension.)

Contact

Questions or concerns: hello@gripit.dev

← Back to grip.grip. webapp privacy →