AI ChatGuard — Privacy Policy

AI ChatGuard™ Privacy Policy

AI ChatGuard is a product of AINCO Software, based in Oregon, USA.
Effective date: June 4, 2026 · Policy version: 0.2.128
Contact: support@aincosoftware.com · https://aincosoftware.com

This policy explains what AI ChatGuard ("the extension," "we") collects. It explains how we use it, how long we keep it, and who we share it with. It describes how the extension works today. It works together with the disclosures inside the product: the bundled privacy page, the first run EULA, and the Settings screens.

Our privacy promise. AI ChatGuard checks your AI chats on your device, before you press send. Your prompts stay in your browser. So do your files, your images, and the sensitive things we detect. Nothing is sent to AINCO. Nothing is sent to anyone else. The only thing that leaves your browser is what you approve and send to the AI tool yourself.

At a glance

Data category	Collected?	Purpose	Shared with	Retention
Prompts, chats, files, images, detected sensitive values	Never	Processed on device only	No one	Not collected
Account & identity (name, email, hashes, install/device IDs, session tokens; password hash for email sign-in)	Only if you create an account	Sign-in, licensing	AINCO backend	While account is active; deleted on request
Sign-in identity from Google or Facebook	Only if you choose that provider	Account creation, sign-in	The provider you choose; AINCO backend	While account is active
Payment data	Only if you subscribe	Subscription billing	ExtensionPay and Stripe (card details never reach AINCO)	Per processor policy
Device & technical data (OS, browser, device type)	Yes, with backend requests	Support, compatibility, licensing	AINCO backend	Up to 13 months
Usage telemetry (event counts and category labels, never content)	Opt-in; off by default	Product reliability and improvement	AINCO backend	Up to 13 months, then deleted or aggregated
AI-surface registry (hostname + structural fingerprint of AI tools)	Opt-in via telemetry toggle	Recognize new AI tools	AINCO backend	Up to 13 months
IP address & coarse location (server side)	With backend requests	Software support, licensing, security, and regional compliance (including EU privacy requirements)	Cloudflare (infrastructure)	Per infrastructure logs, up to 13 months

1. Information we do NOT collect

The following never leaves your device and is never sent to our servers or any third party:

The text of your prompts, your AI chat conversations, or AI responses.
Files, documents, or images you scan, and the specific sensitive values detected within them (for example Social Security numbers, card numbers, passwords, API keys, names, emails, or addresses contained in your content).
Full URLs, query strings, or page contents of the websites you visit.
Your physical or GPS location. AI ChatGuard does not request, access, or collect device geolocation.

These values are filtered out before any network request is made, enforced in code by a blocklist that strips raw text, prompts, detected values, screenshots, conversation IDs, and full URLs.

2. Information we DO collect

(a) Account & identity — only if you choose to create an account or sign in

The free tier works without an account. If you sign up we collect: your name and email address; one-way SHA-256 hashes of them; a hashed password if you choose email sign-in (we never store the plain password); a randomly generated install ID and device ID (and their hashes) used to associate your settings and license with your installation; and authentication/session tokens issued when you sign in. A local EULA acceptance record (name, email, timestamp) is stored on your device at install.

(b) Sign-in through Google or Facebook — only the provider you choose

If you choose "Continue with Google" or "Continue with Facebook," that provider signs you in. It returns your email address, display name, and profile picture URL to us. We contact only the provider you pick, and only when you start a sign-in. No chat content or browsing data is ever shared with these providers.

(c) Device & technical data — for support, compatibility, and licensing

Operating system, browser and user-agent family, device type (for example Mac or PC), CPU architecture, and core count. We do not collect hardware model names or serial numbers.

(d) Usage telemetry — metadata only, never content, opt-in and off by default

Counts and types of protection events (for example "Detected," "Redacted," "Allowed"), the general category label of the data type detected (for example personal data, work data, credential, financial, medical — classifications, not your actual data), and the AI service an event occurred on (for example ChatGPT, Claude, Gemini). Telemetry transmits only if you enable the toggle in Settings → General → Telemetry. With it off, nothing is sent and queued events from a prior consenting period are dropped.

(e) AI-surface registry — to recognize new AI tools without an update

The hostname and a structural "shape" fingerprint of pages that appear to be AI chat tools. No URL paths, query strings, page content, browsing history, page titles, or visit timestamps are sent. Contribution is opt-in via the telemetry toggle.

(f) IP address & coarse location — received server side

When your browser contacts our servers, our hosting provider, Cloudflare, receives your IP address and may derive coarse location information such as country or region. We do not collect the exact location of your device, and we do not collect GPS coordinates. We use coarse location information to comply with regional legal requirements, including EU privacy laws, and for software support, licensing, security, and abuse protection. Location is never used for advertising.

3. How we use information

Create, secure, and authenticate your account and sign-in.
Validate licensing and subscription entitlements.
Provide customer support and diagnose compatibility issues.
Maintain and improve detection coverage of AI tools (the registry).
Understand product usage in aggregate (event counts).
Meet regional legal requirements, including EU privacy laws, and support software licensing and customer support using coarse location information such as country or region.

We do not use your data for advertising, ad targeting, profiling, creditworthiness, or lending decisions. We do not sell, rent, or trade user data.

4. Every party we share data with

We share only the limited data described above, only with the service providers that operate the product on our behalf:

AINCO Software backend — limited account, authentication, licensing, registry, and opt-in telemetry data is processed by AINCO backend services. We use Cloudflare as our infrastructure provider.
ExtensionPay and its payment processor Stripe — process subscription payments if you upgrade to a paid tier. Payment-card details are entered on the processor's secure page; AI ChatGuard never receives or stores your card number.
Google or Facebook — only the sign-in provider you choose, and only when you initiate sign-in.

We may also disclose information if required by law, or to protect the rights, property, or safety of our users or the public. There are no other recipients of user data.

5. Google user data and Limited Use

AI ChatGuard's use and transfer of information received from Google APIs adheres to the Chrome Web Store User Data Policy, including the Limited Use requirements. Google sign-in data (email, display name, profile picture URL) is used only to create and authenticate your account, is never used for advertising, and is never sold or transferred to data brokers or other third parties.

6. On-device processing and local storage

All scanning, detection, redaction, rewriting, and on-device OCR run locally in your browser. The extension stores the following in browser storage on your device, none of which is automatically transmitted off-device: your settings and preferences; the local activity log (event metadata only, no content — you can clear it at any time or set it to auto-delete after 1 day, 1 week, 1 month, or 1 year in Settings); your EULA acceptance record; and, if you sign in, a cached account profile (email, display name, profile picture URL).

7. Data retention

Account & identity: retained while your account is active; deleted on request (see Section 8).
Authentication sessions: tokens expire automatically and are revoked when you sign out.
Telemetry, registry, and device data: retained for up to 13 months from collection, then deleted or irreversibly aggregated.
Server infrastructure logs (including IP): retained up to 13 months.
On-device data: kept per your retention setting; removed by the browser when you uninstall.

8. Your choices and controls

Use the free tier without an account.
Leave telemetry off (the default), or turn it off at any time in Settings → General → Telemetry; this stops all outbound audit traffic.
Pause or turn off protection at any time from the popup.
Sign out at any time (Settings → Account) to revoke the active session token.
Clear the local activity log and choose a retention period in Settings.
Request access to, or deletion of, your account data by emailing support@aincosoftware.com. We respond within seven business days and remove your email, profile data, and audit rows on confirmation.
Uninstall the extension at any time; local data is removed by the browser.

9. Children

AI ChatGuard is not directed to children under 13 (or the minimum age of consent in your jurisdiction), and we do not knowingly collect data from children.

10. Security

Data in transit is protected with HTTPS/TLS. Passwords are never stored in plain text; identifiers are hashed where feasible. Access to backend systems is restricted to authorized AINCO personnel. No method of transmission or storage is 100% secure.

11. Changes to this policy

We will post any changes on this page and update the effective date above. Material changes will also be flagged in-product.

12. Contact

AINCO Software · Portland, OR, USA · support@aincosoftware.com · https://aincosoftware.com