AI Helper API keys — privacy, storage and optional sync
An API key is a credential. Connecting AI Helper means trusting JustZix with that credential, so you deserve a clear, honest answer about where keys live, where they travel, and what you are responsible for. This post is that answer.
Where your keys are stored
When you paste a key into Settings → AI Helper, it is saved in chrome.storage.local — the extension's local storage on your device. By default it stays there and nowhere else. There is no JustZix account behind AI Helper and no requirement to register anything to use it.
Why calls go through the background worker
This is the most important design decision, so it is worth being precise. When AI Helper sends a request to OpenAI, Anthropic or Gemini, the request is made by the extension's background service worker — not by JavaScript running in the web page.
Two concrete consequences:
- Your key never reaches the page. The page's own scripts — and any third-party scripts on it — run in a separate context. The key is never placed in a variable, header or request that page JavaScript can read.
- The request bypasses the page's CSP. A page's Content Security Policy can block outbound requests to a provider's API. Because the call originates from the extension's background context, the page CSP does not apply, so AI Helper works even on locked-down sites.
page JavaScript --X--> provider API (never happens)
extension background -----> provider API (this is the path)
key stays here, not in the pageOptional sync — per key, off by default
You probably use JustZix on more than one machine. To make keys available everywhere without exposing them by default, each key has its own "sync" checkbox, and it is off by default.
- Unticked (default) — the key never leaves the device. If you set up a new computer, you re-enter the key there. Maximum privacy, a little manual effort.
- Ticked — the key syncs to your other devices through the JustZix cloud.
It is per key, so you can sync your low-stakes Gemini key and keep a production OpenAI key local-only. Your choice, key by key.
How the sync channel works
Ticked keys do not get a special, separate pipe. They travel through the same encrypted channel that already syncs your folders, groups and rules — the AI keys are simply another entity type (ai_keys) in that sync. So the keys reach your other devices regardless of how the extension was installed on each one, using infrastructure that JustZix users already rely on for their rule library.
Honest guidance
We are not going to pretend an API key is risk-free. A few straight points:
- It is your key and your bill. Tokens used by AI Helper are billed by your provider to your account. JustZix never sees that billing.
- Treat the key like a password. Do not paste it into chats, screenshots or shared documents. If a key leaks, revoke it in the provider console and create a new one.
- Set a spend limit. Most provider consoles let you cap monthly usage. Do it — it is the simplest protection against a surprise.
- Use a scoped key if your provider supports it. A key dedicated to AI Helper is easy to rotate without breaking anything else.
- Sync is a trade-off, not a verdict. Off is the most private; on is the most convenient. Pick per key, with eyes open.
What page context is sent to the model
Separate from key handling: when you chat, AI Helper sends the model the page URL, title and an HTML fragment, and tool calls can send more page HTML on demand. That content goes to your chosen provider under your key and their data policy. If you are on a sensitive internal page, keep that in mind before asking the model to inspect it.
What JustZix does not do
- No JustZix-hosted model, no token resale, no proxying your prompts through JustZix servers — calls go straight from your browser's extension context to the provider.
- No account requirement to use AI Helper.
- No syncing of a key you did not explicitly tick.
See also
- AI Helper setup — getting and entering your key
- Meet AI Helper — the overview
- The agentic tool-calling workflow
Privacy is a setting you control, key by key. Download JustZix, add a key, and decide for yourself whether it syncs.
Rate this post
No ratings yet — be the first.