Privacy Policy

Summary

PII Guardrail detects and tokenizes personally identifiable information entirely on your device. Your prompts, documents, and the PII within them never leave your browser and are never sent to any server — not ours, not anyone else's.

What data we collect

We collect the minimum necessary to operate a subscription service:

• Account information — email address and name you provide when signing in via Clerk.
• Subscription status — your plan tier (Free / Pro / Team) and billing dates, stored in our database to issue entitlement tokens.
• Aggregate counts — the extension may send anonymous totals (e.g. number of fields protected in a session) for product analytics. These counts contain no PII values, no token surrogates, and no prompt content.

What we never collect

• The content of your prompts or AI responses.
• The original PII values detected (names, card numbers, SSNs, etc.).
• The surrogate/token values that replace PII in your prompts.
• Browsing history or any data from pages you visit.

All detection and tokenization runs inside your browser using an on-device model. The detection path makes zero outbound network requests — this is enforced structurally by the extension's Content Security Policy (connect-src 'self'), not just policy.

Browser permissions

The extension requests the following Chrome permissions:

• storage — saves your policy configuration (which entity types to protect) and your encrypted entitlement token locally in chrome.storage. Nothing here is synced to our servers.
• offscreen — creates an offscreen document to run the on-device GLiNER PII detection model (WebAssembly) under the extension's Content Security Policy, which is required because host pages (ChatGPT, Claude) block WebAssembly execution.
• tabs — used only when you click "Connect account" in the options page, to open the Trustevo sign-in tab. Not used to read or monitor other tabs.

Host permissions (https://claude.ai/*, https://chatgpt.com/*, https://chat.openai.com/*) are required to inject the content script that intercepts the prompt before submission and re-injects de-tokenized text in responses.

externally_connectable

The extension declares externally_connectable for https://app.trustevo.ai/*. This allows the Trustevo web app to send a signed entitlement token directly to the extension via chrome.runtime.sendMessage when you click "Connect account." No other website can send messages to the extension. The token contains only your plan tier and expiry — no PII.

Third-party services

• Clerk — authentication. Your login email is processed by Clerk under their privacy policy.
• Stripe — payment processing. Card details go directly to Stripe; we never see or store them.
• Supabase — database hosting for subscription records (plan, user ID, billing dates). No PII from your prompts is stored here.
• Vercel — hosting for app.trustevo.ai.

Data retention and deletion

We retain your account and subscription data for as long as your account is active. To delete your account and all associated data, email us at privacy@trustevo.ai. We will process deletion requests within 30 days.

Changes to this policy

We may update this policy as the product evolves. Material changes will be announced via email to registered users. Continued use of the extension or service after changes constitutes acceptance.