After installing the browser extension, log into Sprouted, right-click the extension icon in your browser, and choose the Options menu item. Enter your encryption key in the form that is presented. This must be the same key that you use to encrypt user data before calling the Sprouted API.
For instance, if you want to encrypt the user's name you first encrypt the name on your end (usually on your server), and you send the encrypted payload to the Sprouted API. The "encrypted_fields" attribute must contain the name of the field you have encrypted e.g. "encrypted_fields": "full". The encryption key you use on your end must be the same key you've entered in the browser extension's options page.
Neither the Sprouted site nor any other browser extensions you may have installed are able to access the encryption key from the extension's local storage. Data isolation is a safeguard that is built into the browser extension framework.
Since Sprouted is unable to read your encrypted data you would lose access to the user data. However, if this happens you would still have the core of your user data stored on your end.
Sprouted uses symmetric-key cryptography based on Libsodium.
Yes, the source code is here: https://github.com/sproutedapp/chrome-extension
The Chrome extension can be installed from the Chrome Web Store. Versions for Firefox and IE Edge are in the works.