ProtectedAI
protectedai.io/privacy

Privacy Policy

Last updated: March 2026·support@protectedai.io·Terms of Service

1. Introduction

ProtectedAI ("we", "us", "our") operates the ProtectedAI Chrome extension and associated services at protectedai.io. Our product anonymizes sensitive information before it is submitted to AI platforms such as ChatGPT, Claude, and Gemini.

This Privacy Policy explains what personal data we collect, how we use it, and what rights you have in relation to it. By using our service, you agree to the practices described in this policy.

Our core commitment: The text you submit for anonymization is never stored. All processing happens in memory on our servers and the content is discarded immediately after the anonymized version is returned to you. We do not log, retain, or analyze the content of your messages.

2. What We Collect

2.1 Account Data

When you create an account, we collect:

  • Email address — to identify your account and send service notifications.
  • First and last name — to personalize your experience.
  • Password — stored as a encrypted hash. We never store your password in plain text and cannot recover it.
  • Company name — for Business accounts only.
  • Role within the company — for Business accounts only.
  • Language preference — optional, configurable by you or your admin.
  • Last login timestamp — used for security and account management.

2.2 Usage Data

  • Text submitted for anonymization — processed in memory only. Never stored, never logged.
  • AI platform identifier (e.g., chatgpt, claude, gemini) — used at request time to validate access. Not stored per request.
  • Service notification log — we record which type of service email was sent and when (e.g., trial expiration notice). We do not store email content.

2.3 Technical Data

  • Authentication token (JWT) — stored locally in your browser's. Never stored on ProtectedAI servers.
  • Server error logs — contain only technical metadata (timestamps, HTTP status codes, endpoint paths). No user content is ever included.

3. What We Do Not Collect

We explicitly do not collect or store:

  • The original text you type or paste into AI platforms — it is never persisted.
  • Your conversation history with ChatGPT, Claude, Gemini, or any other platform.
  • Behavioral analytics, tracking cookies, or third-party analytics data.
  • Your browsing activity outside of the AI platforms where the extension is active.
  • Payment information of any kind.
  • Personal data from individuals under the age of 18 (see Section 10).

4. How We Use Your Data

We use the data we collect solely for the following purposes:

DataPurpose
Email addressAccount identification; sending service notifications
NamePersonalizing your account and communications
Password hashAuthenticating your login
Company name & roleManaging team access and permissions
Language preferenceDelivering anonymization labels in your preferred language
Last loginAccount security monitoring
Notification logEnsuring each lifecycle notification is sent only once
Error logsDebugging and maintaining service reliability

We do not sell, rent, or trade your personal data. We do not use your data for advertising or profiling.

5. Third-Party Services

We share your data with third parties only when strictly necessary to operate the service.

Resend

We use Resend as our transactional email provider. When we send you a service notification (account verification, team invitation, trial expiration), your email address is transmitted to Resend for delivery. Resend does not receive any text content processed through our service.

Infrastructure Provider

Our backend runs on a cloud hosting provider that processes your requests in transit but does not retain any user content. This section will be updated with the provider's name before publishing.

Google Chrome

The ProtectedAI extension runs within the Google Chrome browser, subject to Google's own privacy policies. The JWT token is stored in chrome.storage.local, isolated to the ProtectedAI extension.

We do not share your data with AI platforms. Our service exists precisely to prevent your sensitive information from reaching those platforms.

6. Security

  • Encryption in transit — all communication uses HTTPS/TLS encryption.
  • Password hashing — passwords are hashed with bcrypt. We cannot recover your password.
  • Local token storage — authentication tokens are stored in your browser's local extension storage, not on our servers.
  • Database access controls — our database is not exposed to the public internet.
  • No content persistence — text submitted for anonymization is processed in memory and never written to disk or logs.

7. Data Retention

Data TypeRetention Period
Text submitted for anonymizationNot retained — discarded immediately after processing
Active account dataRetained while your account is active
Expired or cancelled account dataUp to 90 days after expiration to allow reactivation
Server error logs30 days; no user content included
Service notification logLife of the account
Note: Automatic deletion of expired account data after 90 days is a planned future capability. Until implemented, deletion is handled manually on request.

Account Deletion

You may request deletion of your account and all associated data at any time by emailing support@protectedai.io. Requests are processed within 30 days. Self-service account deletion from within the app is not yet available.

8. Your Rights

  • Right of access — request a copy of the data we hold about you.
  • Right of correction — request that we correct inaccurate or incomplete data.
  • Right of deletion — request that we delete your account and all associated data.
  • Right to object — object to certain uses of your data.

To exercise any of these rights, contact us at support@protectedai.io. We will respond within 30 days.

9. Users in Colombia — Ley 1581 de 2012

For users located in Colombia, the processing of personal data described in this policy is governed by Ley 1581 de 2012 (Ley de Protección de Datos Personales) and Decreto 1377 de 2013.

The rights of access, correction, and deletion described in Section 8 are consistent with the rights recognized to data subjects (titulares) under Colombian law. ProtectedAI acts as the Responsable del Tratamiento (data controller) for all personal data collected through the service.

For data protection inquiries: support@protectedai.io.

10. Minors

ProtectedAI is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, contact us at support@protectedai.io and we will delete that data promptly.

11. Security Breach Notification

In the event of a security breach that compromises personal data, ProtectedAI will notify affected users within the timeframes required by applicable law and take all necessary corrective measures. Notifications will be sent to the email address associated with the affected account.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will revise the "Last updated" date and notify you by email at least 30 days before material changes take effect. Continued use of the service after that period constitutes acceptance.

13. Contact