ego lite is a Chromium browser built for you and your AI agent to work together, making browser automation faster and cheaper, every run. Existing tools like browser-use and agent-browser are browser automation frameworks. They need a separate browser to drive, logins never carry cleanly, and you and the agent end up fighting for the same tabs. ego lite is one browser designed from the start for the two of you to share — no extra setup, and the agent can always reach your real logins and tabs through ego-browser.

How is ego lite different from Playwright or Puppeteer?

Playwright and Puppeteer are browser automation libraries you embed in code. They drive pages through CSS selectors, which break whenever a site reshuffles its DOM. ego lite is a real browser plus ego-browser. ego-browser is the connection layer between any agent CLI (Claude Code, Codex, Cursor, or your own) and ego lite — it exposes the browser as a set of in-page JavaScript tools: snapshot, fill, click, wait, navigate, capture. The agent writes a JavaScript snippet that composes several steps using those tools, and ego-browser runs it on the page in one pass, instead of the one-tool-at-a-time round trips Playwright and Puppeteer require. The snapshots cost fewer tokens than HTML, and the @N refs stay stable when class names rotate. There's no SDK to integrate, and nothing to install from the Playwright or Puppeteer ecosystem.

How is ego lite different from browser-use or Vercel's agent-browser?

ego lite is a real browser plus ego-browser. Whichever agent you use, whether that's ego, Claude Code, Codex, Cursor, or something else, drives the same browser you use daily. Space keeps the agent's work isolated from yours. Browser-Use is an autonomous agent framework. It bundles its own LLM loop and drives a separate browser instance. You can point it at a real Chrome, but only after you fully close it. Extensions don't load by default. And it has its own pricing tier on top of whatever you already pay for. Vercel's agent-browser is a CLI that lets your agent control a browser through shell commands, but it ships no browser of its own. The agent doesn't share your daily browser session, so your real logins aren't available to the running task.

Does ego lite work with Claude Code, Codex, and Cursor?

Yes. Any agent that can run a shell command can drive ego lite through ego-browser: • ego, Claude Code, OpenAI Codex, Cursor, Continue, Gemini CLI • Hermes Agent, OpenClaw, Opencode • Any custom in-house agent you've built ego-browser installs as a skill into your agent's skill directory during onboarding. The agent then calls browser automation commands the same way it runs any other shell tool. There's no SDK to integrate, and you're not locked into a specific model.

Can ego lite replace Chrome as my main browser?

Yes. ego lite is built on Chromium, so the address bar, tab groups, bookmarks, profiles, extensions, downloads, and incognito mode behave the way they do in Chrome. The difference is Space: an isolated workspace where your AI agent runs web automation alongside you, and doesn't touch your tabs unless you let it.

Can I bring my Chrome bookmarks, passwords, and extensions into ego lite?

Yes. ego lite's onboarding migrates the following from Chrome in one click: • Tabs and tab groups you're using • Bookmarks and saved passwords • Browser extensions • Cookies and login sessions • Browser profiles Every site you've already signed into stays signed in, and the agent inherits the same logged-in state. It doesn't need to re-authenticate to Gmail, Notion, LinkedIn, or your internal tools every time it runs a task.

Can I keep using my browser while the agent runs tasks?

Yes. The agent runs inside Space, an isolated workspace in ego lite. It works in its own area, so your tabs stay untouched unless you explicitly hand one over. It doesn't take over your mouse or steal focus from whatever you're doing. Switch into Space anytime to watch the agent work, or ignore it and keep working in your own window.

How does ego lite reduce token usage for browser automation?

What gets cheaper is the whole task, not any single step. The savings come from several features stacking together. The agent can run several actions in the page with a few lines of JavaScript, instead of calling one tool at a time and waiting for each result before deciding the next, the way Playwright, Puppeteer, and most browser automation frameworks work. Combined, complex browser automation tasks complete faster and on fewer tokens overall.

Is my data safe when an AI agent uses ego lite?

Yes. ego lite doesn't upload your browsing data. Your history, cookies, login sessions, and anything the agent reads stay on your own computer. The one thing ego lite records during setup is whether you opted into Chrome data migration.

Privacy Policy | ego lite

CITRO LABS PTE. LIMITED ("Citro," "we," "us," "our") is dedicated to safeguarding your privacy and personal data. This Privacy Policy ("Privacy Policy") outlines how we collect and process your personal data. This Privacy Policy applies to the EGOBOT AI browser application (desktop and mobile), the EGOBOT browser extension, our website (https://www.ego.app/), our cloud-based AI agent service, and any integrations we offer with third-party messaging or communication platforms, and any associated subdomains or services, and its associated subdomains (collectively, our "Services").

If you are under 14 years old, do not meet the age requirements for using or accessing the Services in your jurisdiction, or if there are other legal restrictions applicable to your user status, please comply with local laws by either refraining from using the Services or reviewing this Privacy Policy under the supervision of your legal guardian ("Guardian"). You should only access or use the Services after obtaining your Guardian's consent as required by applicable law. If you are a parent or Guardian and become aware that your child has provided us with personal data, please contact us immediately. Should we learn that personal data has been collected from anyone under 14 years old (or the applicable legal age) without verified Guardian consent, we will promptly take measures to delete such data from our servers.

Please read this Privacy Policy carefully and in its entirety before using or continuing to use our Services. If necessary, make appropriate decisions based on the guidelines outlined herein. Failure to provide certain personal data may result in our inability to offer you the Services, restrictions on your use of the Services, or the Services not functioning as intended.

If you are located in the European Economic Area (EEA), the United Kingdom or Switzerland (collectively, the "EEA+" areas), the United States, please also read carefully and fully and consent to the EEA+ Addendum, the US Addendum to this Privacy Policy respectively.

1. How We Collect and Use Your Personal Data

We collect data that you actively provide when using the Services, as well as data automatically generated during your use or interaction with the Services, through the following methods:

Account Registration. When you register an account with us, we will collect information associated with your account, including your username, email address, phone number, and account credentials. We may also collect verification codes to confirm your identity.

Citro Services.We offer interactive services powered by generative AI model technology combining a browser or desktop client running on your device with a cloud-based AI agent that operates on an all-day basis. You may provide input ("Content") to the Services, including prompts, uploaded materials such as files and images, or direct operational instructions by interacting with the buttons available in the operation interface. We will collect and process such Content for task execution. When you use the browser extension, we may also collect webpage structure and metadata.

Browser Activity Data. When you use the EGOBOT AI browser, we collect data necessary to deliver browsing and AI-assisted features. This includes but without limitation: (i) URLs and page titles of websites you visit; (ii) page content (text, structure, and metadata) of websites you access, to the extent necessary to deliver AI-powered assistance; (iii) your interactions with webpages, including clicks, scrolls, and form interactions (excluding passwords, payment information, and other sensitive credentials); (iv) search queries entered through the browser; (v) download history; and (vi) browser configuration and extension settings. Such data could include sensitive personal data. For your security, please do not input sensitive personal data into our Services.

AI Agent and Task Execution Data. When you instruct the cloud-based AI agent to perform tasks on your behalf (e.g., browsing webpages, filling forms you have authorized, sending messages through connected accounts, etc.), we collect and process: (i) the natural-language instructions you give the agent; (ii) the intermediate steps, tool calls, and webpage interactions the AI agent performs to complete the task; (iii) the contents of webpages or applications the agent accesses on your authorization; (iv) the result of each task. Task execution logs are retained on our cloud servers so that the AI agent can resume tasks across sessions.

Browser Session and Authentication Data. When you instruct the AI agent to perform tasks or applications where you are already logged in, the AI agent operates by accessing browser session associated with your authenticated state on those sites. This AI agent may utilize session identifiers (such as session cookies) that your browser established with third-party websites, solely to carry out the specific tasks you have authorized. We do not collect, store, or transmit your login credentials (such as usernames or passwords) in connection with this feature. The AI agent accesses only the active session already present in your browser at the time of task execution. Such session access may enable the AI agent to view, interact with, or retrieve content from websites and applications as if you were operating them directly, including content that is only accessible because you are logged in. You expressly authorize this session-based access each time you initiate a task that requires the AI agent to interact with an authenticated website or application. The data accessed through your existing browser session is processed solely for the purpose of completing the task you have instructed and is subject to the retention practices described in Section 4. You may revoke this access at any time.

Multi-Platform Integration Data: If you choose to connect third-party messaging or communication tools to the Services, we will, to the extent technically required and only with your explicit authorization, access contact identifiers, the messages or files involved in the specific tasks you have asked the AI agent to perform on the connected third party platforms. We do not export your message history beyond what is required to complete the authorized task and you may revoke any platform integration at any time.

Voice Input Data. The Services include a voice-input feature. When you invoke voice input, we collect the audio you provide and transcribe it to convert it into text instructions for the Services. You may disable voice input at any time, and you may request deletion of your voice recordings as described in Section 5.

Screenshots and Screen-Capture Data: When you activate the AI agent, the Services may automatically capture a screenshot of your current screen or active window to provide the AI agent with the visual context it needs to understand and complete your request. Screen recordings may also be captured when you explicitly invoke a screen-recording feature. Screenshots are processed solely for the purpose of fulfilling the immediate request, are not used for advertising, and are deleted or de-identified once the task is complete unless you have separately opted in to longer retention for product-improvement purposes. You may disable automatic screenshot capture at any time.

Sensitive Information Protection: We implement technical measures designed to exclude clearly sensitive locations from the Service's data-collection scope. Sensitive information including passwords, payment-card primary account numbers, and other credentials autofilled by your browser or operating system are not transmitted to the AI agent and are not stored by us in association with your AI inputs . Despite these measures, you should not deliberately place sensitive personal data into the working folder or paste credentials into AI prompts.

Our Services are powered by one or more third-party generative AI models. When you interact with AI features, your inputs (prompts, uploaded files, and browsing context shared with the AI) may be transmitted to these third-party AI providers for the purpose of generating responses. We take steps to contractually restrict those providers from using your data for their independent model training. Please refer to Section 3 for further details on our third-party service providers.

When you use our Services, according to the functional needs, we will request you authorize the camera, photo album (storage), microphone, screenshot and screen record, accessibility, file management, command line or other operating system-related permissions based on the type of information you input. If you refuse to authorize, you will not be able to use certain functions such as taking photos or inputting image and voice information, but this will not affect your use of other functions of the Services.

When you use the Services in health, financial, legal or other specialty-related scenarios, we may collect your health-related information, financial information or other information you voluntarily input to our Services. Based on the content you input, we will generate responses, answers and consultation summaries or reports (which do not constitute medical, financial, legal or other professional advice) for your reference.

When you issue a search request during a conversation with AI, we will automatically receive the information you actively input to provide you with real-time search results. For example, when you ask us about nearby locations, in order to answer your question, we may collect your precise geographical location. This geographical location may include precise location information obtained through GPS sensors, WLAN access points, Bluetooth, and base station sensors. We only collect your precise geographical location when you have a clear need to find nearby locations or provide other location based services. Precise geographical location information is sensitive personal data. If you refuse to provide it, we will not recommend the nearby location-related information or provide other location based services based on the geographical location obtained through GPS sensors, but this will not affect the normal use of other functions we provide. We will only display content or services that may be relevant to you based on the district-level geographical location obtained through network location information (such as base stations, IP addresses, and WLAN).

Profiling and Automated Processing. We may use automated means to analyze your browsing behavior, task history, AI agent execution logs, content preferences, and usage patterns to create a profile that enables personalized features such as AI recommendations, tailored search results, and relevant content suggestions. This profiling does not produce legal or similarly significant effects on you. Where such profiling is used in connection with targeted advertising, you have the right to opt out as described in Section 5 and the applicable regional Addenda.

If the Content you input or submit includes personal data relating to any other individual, you are responsible for ensuring that you have obtained all necessary legal authorizations or consents before providing such data. This is to prevent the unauthorized or inappropriate disclosure of others' personal information.

In order to maintain and enhance the performance and quality of the Services, we may utilize the Content you submit and the corresponding output to optimize our Services. Such use will be conducted only after the information has been securely encrypted, thoroughly de-identified, and rendered incapable of being re-associated with any specific individual. If you do not wish for your personal data to be processed in this manner, you may opt out by contacting us through the channels specified in Section 5 of this Privacy Policy.

We will not collect sensitive information such as identification documents and numbers, data concerning health, bank accounts, passwords, etc. However, due to technical limitations and the way you use our Services, we may unwittingly collect other personal data that you voluntarily input into the Services, which may include the said sensitive information. We will immediately delete or anonymize such information once noticed by us. For your security, please do not input sensitive information into our Services.

Feedback. When you submit feedback to us, we will collect information such as your description of the issue, any attached supporting materials, your email address, and the name of the contact person, to understand the nature of your feedback and your specific needs. This information is necessary to provide the feedback-related services. We may use your email address or other contact details to verify your identity, clarify your concerns, provide relevant support, and help resolve any issues you encounter. To assist with feedback related to your use of the Services, we may access your usage data, including conversation history, content you have liked, and past feedback submissions. If you contact us directly using the methods outlined in Section 5 of this Privacy Policy to submit feedback, complaints, appeals, or inquiries, you will be required to provide your account information for user identity verification. This verification is necessary to process your request. During the course of feedback, complaint, or consultation, you may be asked to provide additional supporting materials, and the system may log communications between you and our team. These records help us address your concerns effectively and enhance the quality of our services.

Notification. You acknowledge and agree that we may use the contact information you provide (such as your email address) to send you various notifications related to the operation of the Services. These may include messages for identity or security verification, user updates, experience research, and dispute resolution. We may also send you promotional information about our services, features, or events via the contact details you've provided. If you prefer not to receive such promotional messages, you may unsubscribe using the method included in the message or contact us directly to opt out.

Payment Information. If you subscribe to paid features of our Services, we collect payment-related information necessary to process transactions, which may include your billing name, billing address, and payment method details. Full payment card details are processed directly by our third-party payment processors and are not stored on our servers.

Safeguarding. To protect your account security and improve our service quality, we will automatically collect certain information generated during your use of the Services:

To ensure the secure operation of the software and related services, as well as to maintain operational quality and efficiency, we may collect information including your device model, operating system version, device identifiers (such as AndroidID or OAID on Android devices, IDFV on iOS devices—note that these identifiers may differ in duration, reset capability, and access methods), IP address, software version, network access methods, types and statuses, network quality metrics, user operations and behavior data, service logs, and sensor data from your device (such as accelerometer and gyroscope readings).

To prevent malicious software and ensure stable, efficient operations, we may collect data related to running processes, overall system operations, page usage and frequency, crash reports, and performance metrics. For the purposes of verifying account and transaction security, performing identity authentication, detecting unlawful or non-compliant behavior, preventing and responding to security incidents, and taking necessary measures such as logging, analysis, and handling in accordance with applicable laws, we may process your account information, device data, and service log information.

To analyze key metrics such as user acquisition, activation, retention, and service performance, we collect data related to your use of the Services. This includes the types of content you view or interact with, the features you use, the actions you perform, as well as information such as your time zone, country or region, access dates and times, user agent and version, device type (e.g., computer or mobile), and connection details.

We may utilize log information to analyze Service usage, troubleshoot issues, and perform operational analytics to enhance and optimize user interaction with our products. Such log data includes your IP address, browser type and settings, request date and time, and details of your interactions with the Services.

Besides collecting personal data directly from you, we may also acquire your personal information from other sources, including business partners or publicly accessible information on the Internet.

We may aggregate or anonymize your personal data so that it cannot be linked back to you. This anonymized data is used for purposes such as analyzing service usage, enhancing features, and conducting research. We will keep and utilize this data only in its anonymized form and will not attempt to re-identify it, except where required by law.

Please find below the legal basis for our processing of your personal data:

Purpose	Type of Data	Legal Basis
To provide, maintain and facilitate any products and services offered to you with respect to your EGOBOT account, which are governed by our Terms of Service	Identity and Contact Data Payment Information Feedback Inputs and Outputs Technical Information	Contract
To provide, maintain and facilitate optional services and features that enhance platform functionality and user experience	Identity and Contact Data Feedback Inputs and Outputs Technical Information	Consent (for example for precise device location or for health app integrations) Legitimate interests It is in our and our users' legitimate interests to expand our product features and deliver additional services that enhance platform functionality and user experience.
To communicate with you and to promote our Services	Identity and Contact Data Communication Information Technical Information	Where necessary to perform a contract with you, such as processing your contact information to send you a technical announcement about the Services. Your consent when we ask for it to process your personal data for a specific purpose that we communicate to you, such as processing your contact information to send you certain forms of marketing communications. Legitimate Interests It is in our legitimate interests to promote our Services and to send direct marketing.
To create and administer your EGOBOT account	Identity and Contact Data Payment Information Feedback	Contract
To facilitate payments for products and services provided by EGOBOT	Identity and Contact Data Payment Information	Contract
To prevent and investigate fraud, abuse, and violations of our Terms of Service, unlawful or criminal activity, unauthorized access to or use of personal data or EGOBOT systems and networks, to protect our rights and the rights of others, and to meet legal, governmental and institutional policy obligations	Identity and Contact Data Payment Information Inputs and Outputs Technical Information	Legitimate interests Legal obligation It is in our legitimate interests to protect our business, employees and users from illegal activities, inappropriate behavior or violations of terms that would be detrimental. We also have a duty to cooperate with authorities.
To investigate and resolve disputes	Identity and Contact Data Inputs and Outputs Feedback	Legitimate interests Legal obligation It is in our legitimate interests to fully understand and make reasonable efforts to resolve customer complaints in order to improve user satisfaction. We also have a legal obligation in some cases.
To investigate and resolve security issues	Identity and Contact Data Feedback Technical Information Inputs and Outputs	Legal obligation Legitimate interests It is in our legitimate interests to protect user data and our systems from intrusion or compromise through monitoring and swift response. We also have a legal obligation to provide adequate security safeguards.
To debug and to identify and repair errors that impair existing functionality	Identity and Contact Data Feedback Technical Information	Legitimate interests It is in our legitimate interests to maintain continuous functioning of our services and rapid correction of problems to ensure a positive user experience that encourages engagement.
To improve the Services and conduct research (excluding model training)	Identity and Contact Data Feedback Technical Information Inputs and Outputs	Legitimate interests It is in our legitimate interests and in the interest of EGOBOT users to evaluate the use of the Services and adoption of new features to inform the development of future features and improve direction and development of the Services. Our research also benefits the AI industry and society: it investigates the safety, inner workings, and societal impact of AI models so that artificial intelligence has a positive impact on society as it becomes increasingly advanced and capable.
To improve the Services and conduct research (including model training)	Feedback Inputs and Outputs	Consent (when users submit Feedback) Legitimate interests It is in our legitimate interests and in the interest of EGOBOT users to evaluate the use of the Services and adoption of new features to inform the development of future features and improve direction and development of the Services. Our research also benefits the AI industry and society: it investigates the safety, inner workings, and societal impact of AI models so that artificial intelligence has a positive impact on society as it becomes increasingly advanced and capable.
To enforce our Terms of Service and similar terms and agreements	Identity and Contact Data Inputs and Outputs Technical Information	Contract Legitimate interests In certain circumstances outside of the performance of our contract with you, we may rely on legitimate interests. It is in our legitimate interests to enforce the rules and policies governing use of our services, to maintain intended functionality and value for users. We aim to provide a safe, useful platform.

2. How We Use Cookies and Other Similar Technologies

We use cookies to monitor which parts of our website you visit. Cookies are small data files stored by your browser on your device. While not essential for basic website use, cookies help improve performance and functionality. Without them, some features like videos might not work properly, and you may need to log in each time because your previous login won't be remembered. Most browsers let you disable cookies, but this may restrict or block certain website functions. Importantly, we never store personal data within cookies.

We categorize cookies as follows: (i) Strictly Necessary Cookies: required for the operation of our Services (no consent required); (ii) Functional Cookies: remember your preferences and settings; (iii) Analytics Cookies: help us understand how you use our Services; (iv) Advertising/Targeting Cookies: used to deliver relevant advertisements and to enable targeted advertising. For cookies other than strictly necessary cookies, we will request your consent through a cookie preference center presented when you first access our Services. You may withdraw or adjust your consent at any time through the cookie settings.

You may choose to configure your browser to block cookies and similar tracking technologies regardless of your location. However, doing so may disrupt the normal operation of our website by preventing essential cookies from being stored, which could limit or disable certain features and services. Furthermore, blocking cookies might lead to the loss of saved data such as login credentials and site preferences. Browser settings for managing cookies vary, and disabling cookies or specific categories of cookies does not automatically remove them from your device—you will need to delete them manually. For detailed instructions on managing cookies, please consult your browser's help resources. To learn more about cookies, the following online resources may be helpful: http://www.allaboutcookies.org.

3. How We Share, Transfer, or Disclose Your Personal Data

AI Model Providers: Third-party providers of generative AI model APIs that process your inputs and browsing context on our behalf to generate AI-powered responses and features. We contractually restrict these providers from using your data for their independent model training and from retaining your data beyond what is necessary to deliver the response or comply with applicable law.

Connected Platform Providers:Where you have connected a third-party messaging or communication platform, the contents of the specific messages or files needed to complete your authorized task will pass through that platform's infrastructure under that platform's own terms.

Business Partners: In order to facilitate our business operations and deliver specific services, we may share personal data with our business partners. These partners include providers of hosting, customer support, cloud infrastructure, content delivery networks, security monitoring, email communication platforms, web analytics, payment processing, transaction services, and other IT-related functions. Such partners are authorized to access, process, or store personal data solely to the extent necessary for performing their responsibilities on our behalf and strictly under our instructions.

Business Transactions:In the event of a strategic transaction, restructuring, bankruptcy, acquisition, or transfer of services to another provider (collectively referred to as a "Transaction"), your personal data may be disclosed to the counterparty and other parties involved in the Transaction for due diligence purposes. Furthermore, your personal data may be transferred to a successor or affiliate along with other assets as part of the Transaction.

Government Agencies or Other Third Parties: We may disclose your personal data, including details of your interactions with our Services, to government authorities, industry partners, or other third parties under certain circumstances: (i) to comply with applicable laws or when we have a good faith belief that such disclosure is necessary to fulfill legal obligations; (ii) to protect and enforce our rights or property; (iii) if we reasonably determine that you have breached our terms, policies, or legal requirements; (iv) to identify, prevent, or address fraud or unlawful activities; (v) to safeguard the safety, security, and integrity of our products, employees, users, or the public; or (vi) to mitigate legal risks or liabilities.

Affiliates: We may share personal data with our affiliates, who are permitted to use such data in accordance with the terms of this Privacy Policy.

Other Users and Third Parties with Whom You Interact or Share Information: Certain features allow you to engage with other users or third parties and share information. For example, you may share outputs from the Services with others via shared links, send data to third-party applications through EGOBOT's custom actions, or perform web searches to obtain supplementary information. Please note that any information you provide to third parties is subject to their respective terms of service and privacy policies. We advise you to carefully review those terms and policies prior to sharing your data.

4. How We Store and Protect Your Personal Data

We will retain your personal data solely for the duration necessary to deliver our Services to you or to fulfill other legitimate business purposes, including dispute resolution, ensuring safety and security, or meeting legal requirements. The retention period for personal data will be determined based on various factors, including:

The purpose for which we process the data, such as whether retention is necessary to continue providing our Services;
The amount, nature, and sensitivity of the data;
The potential risk of harm from unauthorized use or disclosure; and
Any legal requirements that we are subject to.

We prioritize the protection of your personal data and employ commercially reasonable technical, administrative, and organizational safeguards to prevent loss, misuse, unauthorized access, disclosure, alteration, or destruction. Nevertheless, it is important to recognize that no internet or email transmission can be guaranteed to be completely secure or error-free. Therefore, we advise you to be cautious about the information you share through our Services. Additionally, we disclaim any responsibility for breaches of privacy settings or security measures on the Service or on third-party websites.

5. How You Can Exercise Your Personal Data Rights

You have the following legal rights concerning your personal data:

Access your personal data and information relating to how it is processed;
Delete your personal data from our records;
Rectify or update your personal data;
Transfer your personal data to a third party (right to data portability);
Restrict how we process your personal data;
Withdraw your consent—where we rely on consent as the legal basis for processing at any time; and
Lodge a complaint with your local data protection authority (see below).

You have the following rights to object:

Object to our processing of your personal data for direct marketing at any time;
Object to how we process your personal data when our processing is based on legitimate interests; and
Object to use your personal data to train our models.

You can exercise these rights by submitting your request to privacy@citrolabs.ai.

Services such as EGOBOT generate responses using generative artificial intelligence models; however, the output may not always be factually accurate. Therefore, you should not rely solely on the factual correctness of the output provided by our models. If you believe that EGOBOT has generated factually incorrect information about you and wish to request a correction or removal, you may submit your request to privacy@citrolabs.ai. We will evaluate your request in accordance with applicable laws and the technical limitations of our models.

6. How We Update the Privacy Policy

To continually improve our Services, updates and changes may be made from time to time. We will update this Privacy Policy accordingly, and any such updates will become an integral part of this Privacy Policy.

Once this Privacy Policy is updated, we will publish the revised version on our website and notify you through announcements about the new edition, ensuring you stay informed of the latest changes in a timely manner. If you do not agree with the updated policy or have objections to any modifications, please discontinue your use of the Services. Please note that any activities or actions you performed before deactivating your account or stopping use of the Services will still be governed by this Privacy Policy.

For any significant changes that materially reduce your rights under this Privacy Policy, we will provide you with more prominent notifications. These may include, but are not limited to, emails or special alerts displayed on browsing pages, clearly indicating the specific sections of the Privacy Policy that have been updated.

7. How to Contact Us

If you have any complaints, suggestions, or inquiries regarding personal data protection, or if you have questions about this Privacy Policy, please contact us at: privacy@citrolabs.ai. We will promptly review the matters raised and respond within fifteen business days after verifying your user identity.

8. EEA+ Addendum

If you are located in the European Economic Area (EEA), the United Kingdom or Switzerland (collectively, the "EEA+" areas), please refer to our EEA+ Addendum in this Section. This addendum is specifically designed for individuals in the EEA+ regions. It complements our Privacy Policy and provides detailed information on how we handle your personal data when you use or interact with our services. In the event of any discrepancies between the Privacy Policy and this EEA+ Addendum, the provisions of this Addendum shall prevail.

If you are located in the EEA, the EU General Data Protection Regulation applies to our processing of your personal data, as well as local data protection laws, as the case may be. If you are located in the UK, the UK General Data Protection Regulation applies to our processing of your personal data. References to the "GDPR" are references to the General Data Protection Regulation as it applies in the country where you are located. If you are located in Switzerland, the Swiss Federal Data Protection Act (the "FDPA") applies to our processing of your personal data, and references to the GDPR below shall be interpreted analogously for the purposes of applying the FDPA.

A. Who is the data controller?

The data controller is CITRO LABS PTE. LIMITED, registered address at 67 AYER RAJAH CRESCENT, #02-10, SINGAPORE 139950, and its affiliates. To contact our GDPR representatives, please contact privacy@citrolabs.ai.

B. What types of personal data do we collect and how do we collect it?

Please see Section 1 above.

C. For what purposes do we process personal data?

Please see Section 1 above.

D. What lawful bases of processing and legitimate interests do we rely on?

Please see Section 1 above.

Where you voluntarily input health-related, biometric, or other special category personal data (as defined under Article 9 GDPR) into our Services, we process such data solely on the basis of your explicit consent (Art. 9(2)(a) GDPR) given at the time of input. You may withdraw this consent at any time. We do not actively seek to collect special category data and will delete or anonymize such data promptly if inadvertently collected without explicit consent.

E. What categories of recipients receive personal data from us?

Please see Section 3 above.

F. Where is your personal data processed and on what basis do we transfer personal data across borders?

We may transfer and disclose personal data to third parties in jurisdictions including California. To ensure an adequate level of data protection, we implement appropriate safeguards and data transfer mechanisms with our processors as required. If you have any questions or need further information, please contact us at privacy@citrolabs.ai.

G. How long do we process personal data?

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected or to comply with legal obligations. The retention period varies depending on the specific purposes of data collection and applicable laws, including legal, regulatory, tax, accounting, or reporting requirements. When personal data is retained solely to meet legal obligations, we implement safeguards to restrict further processing. Once the personal data is no longer needed for its original purpose, we will securely delete it.

H. What data protection rights do you have?

In the EEA, Switzerland and the UK you have the following rights, subject to the conditions under the GDPR and/or local data protection law:

You have the right to object, based on your specific situation, to our processing of your personal data. This includes the right to object to the use of your personal data for direct marketing purposes (also referred to as mass marketing under Swiss law), as well as the right to object when we process your data in the public interest or pursue our legitimate interests or those of a third party. If our processing is based on legitimate interests or the public interest, you may object, and we will stop processing your personal data unless we can demonstrate compelling legitimate reasons or legal obligations that require continued processing. For direct marketing related to our own services, you may always opt out of future marketing communications by using the unsubscribe link provided or through other available methods.
To request from us confirmation on whether your personal data is being processed, and if so, to access information regarding how we handle your data along with copies of the personal data itself.
To request correction of any inaccurate personal data we hold about you.
To ask for the deletion of your personal data when it is no longer necessary for legal compliance or for security and integrity purposes.
To request that we restrict the processing of your personal data, in which case the data will be marked and processed only for specified purposes.
To receive your personal data in a structured, commonly used, and machine-readable format, and to transfer that data to another party without obstruction from us.
To withdraw your consent to data processing at any time; this withdrawal will not affect the legality of any processing conducted prior to the withdrawal.
To file a complaint with a relevant supervisory authority.
In certain jurisdictions, such as France and Portugal, you may also have the right to provide instructions regarding the processing of your personal data after your death.

You may view a list of supervisory authorities in the EEA, UK and Switzerland and their respective contact information here:

EEA: https://edpb.europa.eu/about-edpb/about-edpb/members_en
United Kingdom: https://ico.org.uk/global/contact-us/
Switzerland: https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html

To submit a request to exercise your privacy rights, you can contact us by emailing privacy@citrolabs.ai. When submitting your request, please specify which rights you wish to exercise and how we can assist you. To verify your identity and confirm your authorization to make the request, we may ask you to provide certain information. These security measures help prevent unauthorized disclosure or improper processing of personal data. Additionally, we may reach out to you for further details to clarify your request and expedite our response. We will handle all requests to exercise your privacy rights in accordance with applicable laws.

I. Are you required to provide us with your personal data?

Providing personal data to us is voluntary; however, without certain personal data, we may be unable to deliver our Services to you.

J. Automated decision-making

We use automated processing to provide AI-powered features, including personalized recommendations and content suggestions. These processes do not produce decisions that have legal or similarly significant effects on you. To the extent any such processing constitutes profiling under Art. 4(4) GDPR, you have the right to object as described in Section 5. If we introduce automated decision-making with legal or similarly significant effects in the future, we will update this Policy and provide appropriate safeguards including the right to human review.

9. US Addendum

If you reside in Virginia, Colorado, Connecticut, Utah, Oregon, Texas, Montana, Delaware, Iowa, Nebraska, New Hampshire, New Jersey, Minnesota, Maryland, Tennessee, Indiana, Kentucky, Rhode Island or California, please refer to the US Addendum in this Section.

We address this US Addendum to U.S. residents only. This Addendum does not reflect our collection and process of U.S. residents' personal information where an exception under U.S. privacy laws applies.

Virginia, Colorado, Connecticut, Utah, Oregon, Texas, Montana, Delaware, Iowa, Nebraska, New Hampshire, New Jersey, Minnesota, Maryland, Tennessee, Indiana, Kentucky, Rhode Island

The following is only addressed to residents of Virginia, Colorado, Connecticut, Utah, Oregon, Texas, Montana, Delaware, Iowa, Nebraska, New Hampshire, New Jersey, Minnesota, Maryland, Tennessee, Indiana, Kentucky and Rhode Island.

Subject to the conditions under applicable laws, you have the right to request that a controller of your personal data:

Confirm whether your personal data is being processed and provide you with copies of that data;
Correct inaccuracies in your personal data, considering the nature of the data and the purposes for which it is processed; please note this right is not available in Iowa and Utah;
Delete personal data provided by you or collected about you;
Opt out of the processing of your personal data for: (i) targeted advertising, (ii) the sale of personal data, or (iii) profiling used to make decisions that have legal or similarly significant effects on you.

When you use our Services, we may collect, use, and disclose your personal data for targeted advertising purposes as outlined above. Certain laws classify this collection, use, and disclosure of personal data for targeted advertising as the "sale" of personal data. You have the right to opt out of targeted advertising and such sales by contacting us at privacy@citrolabs.ai.

California

The following is only addressed to residents of California.

Notice of Collection:Please see Section 1 above for information about the types of personal information we collect. The categories of personal information correspond with the following categories of personal information enumerated under the California Consumer Protection Act (CCPA) definition of "personal information" and their respective letter grouping:

(A)—Identifiers including name, phone number, unique personal identifier, IP address, email address and account name.
(B)—Information that identifies or is capable of being associated with you.
(F)—Internet or other electronic network activity information.
(H)—Audio, electronic, visual or similar information.
(K)—Inferences drawn from any of the information identified above reflecting your preferences and characteristics.

If California residents upload images or videos to our Services, they may also disclose any type of personal information to us and others in the images or videos.

Please refer to Section 1 above for details on the purposes for which we collect and use personal information. In accordance with the CCPA, we may collect, use, and disclose personal data of California residents for cross-context behavioral advertising, which the CCPA defines as "selling" and "sharing" personal information. Below, you will find a copy of our CCPA Privacy Policy, including our Notice of Right to Opt-Out of the Selling or Sharing of Personal Information.

We retain personal information solely for as long as necessary to fulfill the purposes for which it was collected or to comply with legal obligations. The retention period depends on the specific purposes of collection and use, as well as the duration required to meet applicable laws, including legal, regulatory, tax, accounting, or reporting obligations. Once the personal information is no longer needed for these purposes, it will be securely deleted.

We honor Global Privacy Control (GPC) signals. If your browser or device transmits a GPC signal indicating that you wish to opt out of the sale or sharing of your personal information, we will treat that signal as a valid opt-out request for the browser or device from which it is sent. Note that a GPC signal will only apply to the specific browser or device and will not affect your account-level preferences.

CCPA Privacy Policy

A. Right to Know About Personal Information Collected, Disclosed, or Sold

We collect, use, and disclose personal information about California residents, who have the right to request details regarding the personal information we have collected, used, disclosed, or sold about them ("right to know"). To exercise this right, please email privacy@citrolabs.aiwith the subject line "California Request to Know," specifying the information you wish to access.

To verify your identity, we may require certain information from you; if you have a password-protected account, verification may be conducted through our existing authentication processes. The information requested for verification depends on your previous interactions with us and the sensitivity of the data involved. We will respond to your request in compliance with the California Consumer Privacy Act (CCPA), and if we deny your request, we will provide an explanation.

B. Our Personal Information Handling Practices over the Preceding 12 Months

We have set out below the categories of personal information we have collected about California residents in the preceding 12 months, as enumerated in the CCPA's definition of "personal information".

Identifiers including name, postal address, phone number, unique personal identifier, IP address, email address and Account name.
Information that identifies or is capable of being associated with you.
Internet or other electronic network activity information.
Audio, electronic, visual or similar information.
Inferences drawn from any of the information identified above reflecting your preferences and characteristics.

We collected all these categories of personal information directly from California residents and used them according to the purposes described in this Privacy Policy. We disclosed this information as necessary. We have also "sold" and "shared" device information, browsing and usage data, and purchase history to advertising networks and advertising partners, who may use such personal information for their own purposes, including tailoring advertising to you.

C. Right to Request Correction or Deletion of Personal Information

You have a right to request the correction of personal information that we collect or maintain about you. To submit a request to correct personal information, please submit an email request to privacy@citrolabs.aiand include "California Request to Correct" in the subject line. Please specify in your request the personal information about you that you believe is incorrect, and please provide supporting material reflecting the correct information.

You have a right to request the deletion of personal information that we collect or maintain about you. To submit a request to delete personal information, please submit an email request to privacy@citrolabs.aiand include "California Request to Delete" in the subject line. Please specify in your request the personal information about you that you would like to have deleted, which can be all of your personal information as required by the CCPA.

We will require certain information from you to verify your identity. If you have a password-protected account with us, we may use our existing authentication methods to confirm your identity. The information requested for verification will depend on your previous interactions with us and the sensitivity of the data involved. After verification, we may ask you to confirm your deletion request. Once confirmed, we will process your request in accordance with the CCPA. If we deny your request, we will provide an explanation.

D. Notice of Right to Opt-Out of Selling/Sharing of Personal Information / Do Not Sell or Share My Personal Information

You have the right to opt out of the sale or sharing of your personal information by businesses. We disclose personal data to third-party advertising networks and partners who may use this information for their own purposes, including customizing advertisements directed at you. Therefore, we "sell" and "share" your personal information. To submit an opt-out request, please send an email to privacy@citrolabs.ai. Please be aware that we may require identity verification before processing your request.

E. Right to Non-Discrimination for the Exercise of a Consumer's Privacy Rights

You may not be discriminated against because you exercise any of your rights under the CCPA.

F. Right to Limit Use of Sensitive Personal Information

You have the right to direct us to limit our use of your sensitive personal information (as defined under the CPRA, which includes precise geolocation, contents of communications, and health information) to only that which is necessary to perform the Services and as otherwise permitted by the CPRA.

G. Verification Process and Authorized Agents

Only you, or an individual legally authorized to act on your behalf, may submit a request regarding your personal information. In your request, or in response to our request for further details, you or your authorized representative must provide sufficient information to allow us to reasonably verify that you are the person whose personal information was collected. The specific information required will depend on your previous interactions with us and the sensitivity of the personal data involved. We may ask for additional information to confirm your identity, and if you do not provide enough details for reasonable verification, we will be unable to process your request. Any information collected will be used solely for the purposes of identity verification and fulfilling your request.

You can designate an authorized agent to make a request under the CCPA on your behalf if:

The authorized agent is a natural person or a business entity registered with the Secretary of State of California; and
You sign a written declaration that you authorize the authorized agent to act on your behalf.

If you appoint an authorized agent to submit a request to exercise your right to know or your right to request deletion, the authorized agent must, in addition to following the steps described in sections A and C above:

Mail a notarized copy of your written authorization allowing the agent to act on your behalf to 67 AYER RAJAH CRESCENT, #02-10, SINGAPORE 139950 (we will reimburse you for reasonable notarization and mailing costs upon receipt of proof); and
Provide any information we request to verify your identity and confirm that you have granted the authorized agent permission to act under the CCPA on your behalf. The information requested for verification will depend on your prior interactions with us and the sensitivity of the personal data involved. We may deny requests if the agent does not provide sufficient proof of authorization from you.

If you grant an authorized agent power of attorney under Probate Code sections 4121 to 4130, these additional steps may not be required, and we will handle any requests from such an authorized agent in accordance with the CCPA.

H. Contact Information

If you have any questions regarding this Privacy Policy or wish to exercise your privacy rights, please reach out to us at privacy@citrolabs.ai.

10. Canada Addendum

These supplemental disclosures contain additional information relevant to residents of Canada. This content should be read in conjunction with the rest of our Privacy Policy. In case of conflict between our Privacy Policy and these supplemental disclosures, the supplemental disclosures shall prevail in relation to residents of Canada.

Consent. By expressly consenting to this Privacy Policy, you confirm you have read, understand, and consent to the collection, use, processing, and disclosure of your personal data in accordance with this Privacy Policy and understand that, in jurisdictions where it is available, Citro also relies on other lawful bases for the foregoing as more fully set out in this policy. We will only collect, use and disclose your personal data with your consent, unless otherwise permitted or required by law. Your consent may be given expressly or implied, depending on the circumstances and the sensitivity of the information involved. You may withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice.

Cross-jurisdictional Transfers. By providing us with personal data, you acknowledge and agree that your personal data may be transferred or disclosed to other jurisdictions for processing and storage outside of Canada, including to California, where laws regarding the protection of personal data may be less stringent than the laws in your jurisdiction. Furthermore, we may disclose your personal data in these jurisdictions in response to legal processes or where we believe in good faith that disclosure is required or permitted by law.

Quebec Residents. In addition to the above, residents of Quebec have the following additional rights under Act 25: (i) the right to request that personal information collected through automated means be communicated in a structured, commonly used technological format (right to data portability); (ii) the right to request de-indexation of information that is disseminated online. Our Privacy Officer responsible for compliance in Quebec can be reached at privacy@citrolabs.ai.