Is my text really not stored?

By default, your text is processed in memory and discarded after anonymization — only detection metadata is logged. Admins can adjust logging from completely off to full content for compliance. Your text is never used for training.

Does anonymization happen in my browser or on a server?

The extension intercepts your text in the browser, but anonymization is performed on our servers using advanced NLP models. Your text is sent securely, processed, and the anonymized version is returned — typically in a few seconds depending on text length.

What happens after the 14-day free trial?

After the trial ends, you have a 3-day grace period to choose a plan. No credit card is required to start, and you can cancel at any time.

What types of sensitive data does ProtectedAI detect?

ProtectedAI detects 16 entity types including names, emails, phone numbers, dates, locations, SSNs, passport numbers, credit cards, IBANs, IP addresses, and more. You can also create custom recognizers.

Which AI platforms are supported?

ProtectedAI supports prompt anonymization on 19 platforms including ChatGPT, Claude, Gemini, Copilot, Perplexity, Grok, Mistral, DeepSeek, and more.

protectedai.io/privacy

Privacy Policy

Last updated: May 2026·support@protectedai.io·Terms of Service →

1. Introduction

ProtectedAI ("we", "us", "our") operates the ProtectedAI Chrome extension and associated services at protectedai.io. Our product anonymizes sensitive information before it is submitted to AI platforms such as ChatGPT, Claude, and Gemini.

This Privacy Policy explains what personal data we collect, how we use it, and what rights you have in relation to it. By using our service, you agree to the practices described in this policy.

Our core commitment: By default, the text you submit for anonymization is processed in memory and discarded immediately — only detection metadata (entity types, counts, platform) is logged. Your organization's administrator may enable higher audit logging levels that store anonymized or original text for compliance purposes. See Section 2.3 for details.

2. What We Collect

2.1 Account Data

When you create an account, we collect:

Email address — to identify your account and send service notifications.
First and last name — to personalize your experience.
Password — stored as a bcrypt hash. We never store your password in plain text and cannot recover or reverse it.
Company name — for Business accounts only.
Role within the company — for Business accounts only (admin or member).
Language preference — optional, configurable by you or your admin.
Last login timestamp — used for security and account management.

2.2 Usage Data

Each time you use the anonymization service, we record:

Usage metering — character count, AI platform identifier, and timestamp. Recorded on every anonymization request regardless of audit logging level, for billing and consumption tracking.
Service notification log — we record which type of service email was sent and when (e.g., trial expiration notice). We do not store email content.

2.3 Audit Logging

Your organization's administrator configures an audit logging level that determines what data is captured when you use the anonymization service. The default level is Metadata only (Level 1).

Level	Name	What is captured	Available on
0	Off	Nothing — no audit record is created	All plans
1	Metadata only	Entity types detected, entity count, platform, page domain, severity, risk score. No text is stored.	Team and above
2	Redacted context	Everything in Level 1, plus the anonymized text and entity map (entity type and replacement label only — no original values). Encrypted content fingerprint (SHA-256 hash).	Pro and above
3	Full content	Everything in Level 2, plus the original text you submitted and full entity map (entity type, original value, and replacement). Encrypted content fingerprint.	Enterprise only

At Levels 2 and 3, sensitive fields are encrypted at rest using per-tenant keys (AES-256-GCM). Retention periods are determined by your plan: 90 days (Team), 180 days (Pro), or 365 days (Enterprise). After expiry, audit records and associated payload files are automatically deleted.

Important: At Level 3, the original text you submitted for anonymization is stored for the duration of the retention period. Your administrator controls this setting. See our Terms of Service for details on admin responsibilities regarding team notification.

2.4 Platform Activity Monitoring (Shadow AI)

For Business accounts, the extension reports which supported AI platforms team members visit and when. This data powers the Shadow AI dashboard, giving administrators visibility into which AI tools the team uses.

What is recorded: AI platform identifier, timestamp, and user identity. Visits are deduplicated in 30-minute windows.
Enabled by default: Visit tracking is on by default for each platform. Administrators can disable it per platform.
What admins can see: Per-user platform visit counts and last-seen timestamps, aggregate extension coverage metrics, and per-user risk classifications based on platform risk levels.
Retention: Visit records are retained for the same period as audit logs (90–365 days by plan) and automatically deleted after expiry.

2.5 Extension Status

We collect technical data about the browser extension to ensure it is up to date and functioning correctly:

Extension version installed
First installation timestamp
Last active timestamp and last platform used

This data is updated after each anonymization request (throttled to at most once per minute) and is used for security monitoring and extension update notifications.

2.6 IP-Derived Data

When an audit log entry is created (Levels 1–3), we derive and store the following from your IP address:

IP hash (one-way, non-reversible)
Country, region, and autonomous system number (ASN)
Proxy/VPN detection flag

At Levels 2 and 3, the raw IP address is additionally stored in encrypted form and automatically purged after one-third of the retention period (Level 2) or the full retention period (Level 3). The raw IP is never exposed through our API — only the derived metadata listed above is accessible.

2.7 Local Extension Storage

The ProtectedAI extension stores the following data locally in your browser's extension storage (chrome.storage.local):

Authentication token (JWT) and refresh token
Your email address and company name
Cached platform settings and entity detection configuration
Visit deduplication timestamps
Onboarding completion flag (whether you have seen the initial tutorial)

This data is stored only on your device and never transmitted to third parties. Session data (credentials, caches, and timestamps) is cleared when you log out. The onboarding flag persists across sessions to avoid showing the tutorial again. All extension data is removed if you uninstall the extension.

3. What We Do Not Collect

We explicitly do not collect or store:

Your conversation history with AI platforms (we process individual submissions, not conversation threads).
Your browsing activity outside of the supported AI platforms where the extension is active.
Tracking cookies or third-party analytics data — we do not use Google Analytics, Segment, or similar services.
Payment card details — payment processing is handled entirely by Stripe (see Section 6). We only store Stripe reference identifiers.
Personal data from individuals under the age of 18 (see Section 13).

Note on text storage: At the default audit logging level (Level 1), no text content is stored. However, if your administrator enables Level 2 or Level 3 audit logging, anonymized or original text may be stored for the configured retention period. See Section 2.3.

4. How We Use Your Data

We use the data we collect for the following purposes:

Data	Purpose
Email address	Account identification; sending service notifications
Name	Personalizing your account and communications
Password hash	Authenticating your login
Company name & role	Managing team access and permissions
Language preference	Delivering anonymization labels in your preferred language
Last login	Account security monitoring
Usage metering	Billing, consumption tracking, and plan enforcement
Audit logs (Levels 1–3)	Compliance auditing, security monitoring, and incident investigation as configured by your admin
Platform visit activity	Shadow AI monitoring — giving admins visibility into which AI tools the team uses
Extension status	Security monitoring and ensuring the extension is up to date
IP-derived geolocation	Security monitoring, anomaly detection, and access pattern analysis
Custom recognizer patterns	Applying admin-configured detection rules to all team members' text during anonymization
Notification log	Ensuring each lifecycle notification is sent only once
Error logs	Debugging and maintaining service reliability

We do not sell, rent, or trade your personal data. We do not use your data for advertising or profiling.

5. Legal Basis for Processing

We process your personal data on the following legal bases:

Legal Basis	Data Categories
Contractual necessity (GDPR Art. 6(1)(b) / Ley 1581 Art. 5)	Account data (email, name, password hash), anonymization processing, usage metering, billing
Legitimate interest (GDPR Art. 6(1)(f))	Platform visit tracking (Shadow AI), extension status monitoring, IP-derived security telemetry, error logging
Admin authorization with employee notification obligation (GDPR Art. 6(1)(f), subject to balancing test)	Audit logging at Levels 2–3 (anonymized or original text). The admin who enables these levels is responsible for informing affected team members (see Terms of Service).

6. Third-Party Services

We share your data with third parties only when strictly necessary to operate the service.

Stripe

We use Stripe for payment processing. When you subscribe to a paid plan, your payment information (card details, billing address) is handled directly by Stripe and never touches our servers. We store only Stripe reference identifiers (customer ID, subscription ID) to manage your billing relationship. Stripe's privacy policy governs their handling of your payment data.

Resend

We use Resend as our transactional email provider. When we send you a service notification (account verification, team invitation, trial expiration), your email address is transmitted to Resend for delivery. Resend does not receive any text content processed through our service.

Infrastructure Provider

Our backend runs on Amazon Web Services (AWS), which processes your requests in transit but does not retain any user content. AWS operates under its own privacy and security policies. Our database is hosted on AWS RDS and is not exposed to the public internet.

Google Chrome

The ProtectedAI extension runs within the Google Chrome browser, subject to Google's own privacy policies. Extension data is stored in chrome.storage.local, isolated to the ProtectedAI extension.

We do not share your data with AI platforms. Our service exists precisely to prevent your sensitive information from reaching those platforms.

7. Security

Encryption in transit — all communication uses HTTPS/TLS encryption.
Encryption at rest — audit log payloads (Levels 2–3), raw IP addresses, and content fingerprints are encrypted using per-tenant keys (AES-256-GCM).
Password hashing — passwords are hashed with bcrypt. We cannot recover your password.
Local token storage — authentication tokens are stored in your browser's local extension storage, not on our servers.
Database access controls — our database is not exposed to the public internet.
Default minimal logging — at the default audit logging level (Level 1), no text content is written to disk or logs. Text content is only stored when an administrator explicitly enables Level 2 or Level 3.

8. Data Retention

Data Type	Retention Period
Text submitted for anonymization (default)	Not retained — discarded immediately after processing at Levels 0 and 1
Text in audit logs (Levels 2–3)	90 days (Team), 180 days (Pro), or 365 days (Enterprise), then automatically deleted
Audit log metadata (Level 1+)	Same as above — retained per plan, then automatically deleted
Payload files (Levels 2–3)	Same as audit logs — automatically deleted after the plan retention period
Raw IP address (Levels 2–3)	Encrypted; purged after 1/3 of retention period (Level 2) or full retention period (Level 3)
Platform visit activity	Retained per plan retention period, then automatically deleted
Usage metering records	Retained for the life of the account
Extension status	Retained while the account is active
Active account data	Retained while your account is active
Expired or cancelled account data	Retained until you request deletion (see below)
Refresh tokens	Automatically purged 7 days after expiry or revocation
Server error logs	30 days; no user content included
Service notification log	Life of the account

Note: Automatic deletion of expired account data is a planned future capability. Until implemented, data from expired accounts is retained until you request deletion.

Account Deletion

You may delete your account at any time through your account settings or by contacting support@protectedai.io. When you request deletion:

Your account enters a 30-day grace period during which you can cancel the request.
After 30 days, your account is permanently anonymized: all personal data is removed, audit logs are anonymized, platform activity is deleted, and associated payload files are purged.
A deletion confirmation email is sent to your original email address.

9. Your Rights

Depending on your jurisdiction, you may have the following rights:

Right of access — request a copy of the data we hold about you.
Right of correction — request that we correct inaccurate or incomplete data.
Right of deletion — request that we delete your account and all associated data.
Right to object — object to processing based on legitimate interest (e.g., platform visit tracking).
Right to data portability — receive your data in a structured, machine-readable format.
Right to restrict processing — request that we limit how we use your data while a concern is being resolved.

To exercise any of these rights, contact us at support@protectedai.io. We will respond within 30 days (or sooner if required by applicable law).

10. Data Processing Roles

ProtectedAI acts in different data processing capacities depending on the context:

Data controller for account data (email, name, credentials) collected directly from you to provide the service.
Data processor for text and monitoring data processed on behalf of your organization when you use the service through a Business account. In this case, your organization's administrator is the data controller.

Enterprise customers who require a Data Processing Agreement (DPA) may contact us at support@protectedai.io.

11. Users in Colombia — Ley 1581 de 2012

For users located in Colombia, the processing of personal data described in this policy is governed by Ley 1581 de 2012 (Ley de Protección de Datos Personales) and Decreto 1377 de 2013.

The rights described in Section 9 are consistent with the rights recognized to data subjects (titulares) under Colombian law. For individual account data, ProtectedAI acts as the Responsable del Tratamiento (data controller). For data processed on behalf of Business accounts, your organization is the Responsable del Tratamiento and ProtectedAI acts as Encargado del Tratamiento (data processor).

For data protection inquiries: support@protectedai.io.

12. International Users — GDPR

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, the General Data Protection Regulation (GDPR) applies to our processing of your personal data, regardless of where ProtectedAI is incorporated.

In addition to the rights listed in Section 9, you have the right to lodge a complaint with your local supervisory authority. The legal bases for our processing are described in Section 5. Your data may be processed in AWS regions outside your jurisdiction; we rely on the service provider's standard contractual arrangements to safeguard international transfers.

For GDPR-related inquiries: support@protectedai.io.

13. Minors

ProtectedAI is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, contact us at support@protectedai.io and we will delete that data promptly.

14. Security Breach Notification

In the event of a security breach that compromises personal data, ProtectedAI will notify affected users within the timeframes required by applicable law and take all necessary corrective measures. Notifications will be sent to the email address associated with the affected account.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will revise the "Last updated" date and notify you by email at least 30 days before material changes take effect. Continued use of the service after that period constitutes acceptance.

16. Contact

Email: support@protectedai.io
Website: protectedai.io