Embedded Files
AI ChatGuard™ Privacy Policy
AI ChatGuard™ Privacy Policy
AI ChatGuard is a product of AINCO Software in Portland Oregon, USA. Effective date: June 4, 2026 · Policy version: 0.2.128
This policy explains what AI ChatGuard ("the extension," "we") collects. It explains how we use it, how long we keep it, and who we share it with. It describes how the extension works today. It works together with the disclosures inside the product: the bundled privacy page, the first run EULA, and the Settings screens.
Our privacy promise. AI ChatGuard checks your AI chats on your device, before you press send. Your prompts stay in your browser. So do your files, your images, and the sensitive things we detect. Nothing is sent to AINCO. Nothing is sent to anyone else. The only thing that leaves your browser is what you approve and send to the AI tool yourself.
1. Information we do NOT collect
1. Information we do NOT collect
The following never leaves your device and is never sent to our servers or any third party:
The text of your prompts, your AI chat conversations, or AI responses.
Files, documents, or images you scan, and the specific sensitive values detected within them (for example Social Security numbers, card numbers, passwords, API keys, names, emails, or addresses contained in your content).
Full URLs, query strings, or page contents of the websites you visit.
Your physical or GPS location. AI ChatGuard does not request, access, or collect device geolocation.
These values are filtered out before any network request is made, enforced in code by a blocklist that strips raw text, prompts, detected values, screenshots, conversation IDs, and full URLs.
2. Information we DO collect
2. Information we DO collect
(a) Account & identity — only if you choose to create an account or sign in
(a) Account & identity — only if you choose to create an account or sign in
The free tier works without an account. If you sign up we collect: your name and email address; one-way SHA-256 hashes of them; a hashed password if you choose email sign-in (we never store the plain password); a randomly generated install ID and device ID (and their hashes) used to associate your settings and license with your installation; and authentication/session tokens issued when you sign in. A local EULA acceptance record (name, email, timestamp) is stored on your device at install.
(b) Sign-in through Google or Facebook — only the provider you choose
(b) Sign-in through Google or Facebook — only the provider you choose
If you choose "Continue with Google" or "Continue with Facebook," that provider signs you in. It returns your email address, display name, and profile picture URL to us. We contact only the provider you pick, and only when you start a sign-in. No chat content or browsing data is ever shared with these providers.
(c) Device & technical data — for support, compatibility, and licensing
(c) Device & technical data — for support, compatibility, and licensing
Operating system, browser and user-agent family, device type (for example Mac or PC), CPU architecture, and core count. We do not collect hardware model names or serial numbers.
(d) Usage telemetry — metadata only, never content, opt-in and off by default
(d) Usage telemetry — metadata only, never content, opt-in and off by default
Counts and types of protection events (for example "Detected," "Redacted," "Allowed"), the general category label of the data type detected (for example personal data, work data, credential, financial, medical — classifications, not your actual data), and the AI service an event occurred on (for example ChatGPT, Claude, Gemini). Telemetry transmits only if you enable the toggle in Settings → General → Telemetry. With it off, nothing is sent and queued events from a prior consenting period are dropped.
(e) AI-surface registry — to recognize new AI tools without an update
(e) AI-surface registry — to recognize new AI tools without an update
The hostname and a structural "shape" fingerprint of pages that appear to be AI chat tools. No URL paths, query strings, page content, browsing history, page titles, or visit timestamps are sent. Contribution is opt-in via the telemetry toggle.
(f) IP address & approximate location — received server side
(f) IP address & approximate location — received server side
When your browser contacts our servers (for sign-in, licensing, the registry, or telemetry), our hosting provider, Cloudflare, receives your IP address and derives a general location, such as country or region. We use this general location for software distribution, support, security, and abuse protection. We also use it to meet regional software requirements, for example EU privacy rules, and to offer the right language for your country. We never collect precise GPS coordinates, and location is never used for advertising.
3. How we use information
3. How we use information
Create, secure, and authenticate your account and sign-in.
Validate licensing and subscription entitlements.
Provide customer support and diagnose compatibility issues.
Maintain and improve detection coverage of AI tools (the registry).
Understand product usage in aggregate (event counts).
Meet regional software requirements (for example, EU privacy rules) and provide the right language for your country.
We do not use your data for advertising, ad targeting, profiling, creditworthiness, or lending decisions. We do not sell, rent, or trade user data.
4. Every party we share data with
4. Every party we share data with
We share only the limited data described above, only with the service providers that operate the product on our behalf:
AINCO Software backend — account, authentication, and the AI-surface registry at chatguard-api.aincosoftware.com; licensing and opt-in audit telemetry at AINCO-operated Cloudflare Worker endpoints. These Workers are AINCO's shared licensing and audit backend, used by AI ChatGuard and AINCO's Identity Shield enterprise product; the legacy "identityshield" hostname reflects that shared origin. All AINCO endpoints are hosted on Cloudflare, which processes requests as our infrastructure provider.
ExtensionPay and its payment processor Stripe — process subscription payments if you upgrade to a paid tier. Payment-card details are entered on the processor's secure page; AI ChatGuard never receives or stores your card number.
Google or Facebook — only the OAuth provider you choose for sign-in, and only when you initiate it (Google: accounts.google.com; Facebook: graph.facebook.com).
We may also disclose information if required by law, or to protect the rights, property, or safety of our users or the public. There are no other recipients of user data.
5. Google user data and Limited Use
5. Google user data and Limited Use
AI ChatGuard's use and transfer of information received from Google APIs adheres to the Chrome Web Store User Data Policy, including the Limited Use requirements. Google sign-in data (email, display name, profile picture URL) is used only to create and authenticate your account, is never used for advertising, and is never sold or transferred to data brokers or other third parties.
6. On-device processing and local storage
6. On-device processing and local storage
All scanning, detection, redaction, rewriting, and on-device OCR run locally in your browser. The extension stores the following in browser storage on your device, none of which is automatically transmitted off-device: your settings and preferences; the local activity log (event metadata only, no content — you can clear it at any time or set it to auto-delete after 1 day, 1 week, 1 month, or 1 year in Settings); your EULA acceptance record; and, if you sign in, a cached account profile (email, display name, profile picture URL).
7. Data retention
7. Data retention
Account & identity: retained while your account is active; deleted on request (see Section 8).
Authentication sessions: tokens expire automatically and are revoked when you sign out.
Telemetry, registry, and device data: retained for up to 13 months from collection, then deleted or irreversibly aggregated.
Server infrastructure logs (including IP): retained up to 13 months.
On-device data: kept per your retention setting; removed by the browser when you uninstall.
8. Your choices and controls
8. Your choices and controls
Use the free tier without an account.
Leave telemetry off (the default), or turn it off at any time in Settings → General → Telemetry; this stops all outbound audit traffic.
Pause or turn off protection at any time from the popup.
Sign out at any time (Settings → Account) to revoke the active session token.
Clear the local activity log and choose a retention period in Settings.
Request access to, or deletion of, your account data by emailing support@aincosoftware.com. We respond within seven business days and remove your email, profile data, and audit rows on confirmation.
Uninstall the extension at any time; local data is removed by the browser.
9. Children
9. Children
AI ChatGuard is not directed to children under 13 (or the minimum age of consent in your jurisdiction), and we do not knowingly collect data from children.
10. Security
10. Security
Data in transit is protected with HTTPS/TLS. Passwords are never stored in plain text; identifiers are hashed where feasible. Access to backend systems is restricted to authorized AINCO personnel. No method of transmission or storage is 100% secure.
11. Changes to this policy
11. Changes to this policy
We will post any changes on this page and update the effective date above. Material changes will also be flagged in-product.
12. Contact
12. Contact
AINCO Software · Portland, OR, USA · support@aincosoftware.com · https://aincosoftware.com
AINCO SOFTWARE PRIVACY POLICY · v0.2.128 · 2026-06-04
Page updated
Google Sites
Report abuse