Legal & Privacy

Privacy Policy

Last Updated: May 1, 2026

Overview

Sanitized AI ("we," "us," or "our") provides a browser extension that helps protect sensitive data when using AI platforms. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.

1. Data We Collect

1.1 Input Field Monitoring

The extension monitors text input on designated AI platforms (OpenAI ChatGPT, Google Gemini, Perplexity AI, and others) to detect sensitive information. We classify content into categories including:

  • Social Security Numbers
  • Credit card and financial account numbers
  • Phone numbers
  • Email addresses
  • Passwords and authentication credentials
  • Health information
  • Other PII as configured by your organization

Important: We do NOT store the actual input text you type. We only process it in real-time to detect sensitive data.

1.2 Detection Events

When sensitive data is detected, we record:

  • Detection timestamp
  • Data category detected (e.g., "Credit Card")
  • Action taken ("blocked" or "bypassed")
  • Severity level
  • Your user ID and email
  • The AI platform domain visited
  • Aggregated event count (not raw input)

1.3 Authentication Data

To provide multi-tenant functionality, we store:

  • JWT authentication tokens
  • Your tenant/organization ID
  • Your user role (admin, user, superadmin)

1.4 Configuration Data

We cache:

  • Detection rules and guardrails configured by your organization
  • Guarded site lists
  • User preferences for what data to monitor

2. How We Use Your Data

2.1 Core Functionality

  • Detecting sensitive information before you submit it to AI tools
  • Blocking or warning you based on your organization's policies
  • Providing audit logs and analytics to organization administrators

2.2 Analytics and Reporting

Your organization's administrators can view:

  • Aggregated detection statistics and trends
  • Event history filtered by date, severity, or data category
  • User activity summaries for compliance purposes

2.3 Service Improvement

  • Monitoring extension reliability and performance
  • Identifying and fixing bugs
  • Improving detection accuracy (using anonymized patterns only)

2.4 Legal and Compliance

  • Enforcing our Terms of Service
  • Protecting against fraud or security threats
  • Complying with legal obligations

3. Data Storage and Retention

3.1 Local Storage (on your device)

  • Authentication tokens: Stored until logout or expiration
  • Cached configuration: Cleared when extension is disabled
  • No sensitive input text is stored locally

3.2 Server Storage (our backend)

  • Detection events retained per your organization's retention policy
  • Default retention: 90 days (configurable)
  • Users can request deletion of their detection history
  • Administrators can export event data for compliance

3.3 Multi-Tenant Isolation

  • Your organization's data is isolated from other organizations
  • You can only access detection events from your own organization
  • Administrators cannot access other users' data across organizations

4. Data Sharing

We do NOT:

  • Sell your data to third parties
  • Share your data with AI platforms (OpenAI, Google, etc.)
  • Use your data for marketing purposes
  • Share sensitive input content with anyone

We MAY share aggregated, anonymized data:

  • With your organization's administrators (as configured)
  • With law enforcement if legally required
  • With service providers who help us operate (under data processing agreements)

5. Your Rights and Control

5.1 Access and Export

  • You can view your detection history in the extension dashboard
  • Administrators can export organization-wide detection reports

5.2 Deletion

  • You can clear your local extension data anytime
  • You can request deletion of your detection event history
  • Administrators can configure automatic deletion policies

5.3 Configuration

  • You can choose which data categories to monitor
  • Your organization can customize detection rules
  • Administrators can set organization-wide policies

6. Security

We protect your data with:

  • HTTPS encryption for all data in transit
  • Secure JWT token-based authentication
  • Multi-tenant database isolation
  • Regular security audits
  • Access controls and role-based permissions

7. Data Retention Schedule

Data TypeRetention PeriodNotes
Authentication tokensDuration of sessionExpires on logout
Cached configurationUntil extension disabledAutomatically updated
Detection events90 days (default)Configurable by organization
Local input monitoringNot storedReal-time processing only

8. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes by updating the "Last Updated" date and notifying registered users via email if required by law.

9. Contact Us

For privacy questions or data requests, contact:

Email: privacy@sanitized.ai

For data access, deletion, or other requests, please include:

  • Your email address
  • Your organization name
  • Description of your request

We will respond within 30 days of receiving your request.

10. Legal Basis (GDPR/CCPA Compliance)

  • Legitimate Interest: Operating and improving the extension
  • Contract: Fulfilling our service agreement with your organization
  • Consent: Your use of the extension constitutes consent
  • Legal Obligation: Complying with laws and regulations

Note for Users: This extension is typically deployed by your organization. Your organization's administrator controls detection policies and data retention. If you have questions about your organization's specific settings, contact your administrator.