Privacy Policy

Effective date: [TO BE FILLED]

This privacy policy explains how [Legal entity name TO BE FILLED] ("we", "us", "our") handles personal data when you use the Guardrails Chrome extension and the Guardrails admin panel (together, the "Service"). The Service helps you redact personally identifiable information (PII) from prompts before they are sent to third-party AI providers.

1. Who we are

Data controller: [Legal entity name TO BE FILLED], registered at [Registered address TO BE FILLED]. Privacy contact: [Contact email TO BE FILLED].

2. What data we collect

We collect only what is necessary to operate the Service. Specifically:

• Account data: email address, hashed password, your chosen name, the organisation you belong to, your role within that organisation, account status, and timestamps for sign-up, last activity, and account updates.
• Authentication tokens: a session cookie issued after sign-in, used to keep you signed in across the extension and admin panel.
• Local extension state: the extension stores your authentication state, organisation name, and role in your browser's local storage (chrome.storage.local) so the popup can render the right view. This data stays on your device.

3. What we do not collect or store

Guardrails is designed so that your prompts and AI responses are never retained on our servers.

• Prompts and AI responses: when you send a prompt through the Service, we forward it to your chosen AI provider after PII redaction and return the response to you. We do not write the prompt, the redacted prompt, or the response to any database or long-term log.
• Redaction results: the redaction service detects PII in memory and returns the redacted text to the calling component. The original text and the detection results are discarded after the request completes.
• Browsing activity: the extension only operates on the three AI provider sites it is explicitly permitted to inject into (claude.ai, chatgpt.com, gemini.google.com). It does not read or transmit your browsing history, page contents, or activity on any other site.

4. How we use your data

• To create and authenticate your account.
• To associate you with your organisation and apply the correct permissions.
• To proxy your prompts through the redaction pipeline to your chosen AI provider, and return the response to you.
• To operate, secure, and debug the Service (for example, server logs containing IP addresses and request metadata, retained for a short rolling window).

5. Third parties

When you send a prompt through the Service, the redacted prompt is transmitted to the AI provider you select. We do not control how those providers handle your data — review their policies directly:

• Anthropic (Claude): https://www.anthropic.com/legal/privacy
• OpenAI (ChatGPT): https://openai.com/policies/privacy-policy

We also use the following infrastructure providers:

• Hetzner Cloud (Germany / Finland) — hosts the server and database.
• Cloudflare — hosts the admin panel (Cloudflare Pages) and stores encrypted database backups (Cloudflare R2).
• Google Chrome Web Store — distributes the extension.

6. Retention

• Account data: retained for as long as your account is active. On deletion request, it is removed within [retention period — TO BE FILLED, e.g. "30 days"], subject to backups.
• Database backups: retained for 30 days, then deleted automatically.
• Prompts and AI responses: not retained.
• Server logs: retained for a short rolling window for operational and security purposes.

7. Security

• All traffic between your browser and our servers is TLS-encrypted.
• Passwords are stored hashed (never in plaintext).
• Database backups are encrypted at rest by the storage provider.
• Server access is restricted to authorised personnel via SSH key authentication and a network firewall.

8. Your rights

Depending on your jurisdiction (including the UK GDPR and EU GDPR where applicable), you may have the right to:

• access the personal data we hold about you;
• correct inaccurate or incomplete data;
• request deletion of your account and associated data;
• object to or restrict certain processing, where a legal basis allows;
• data portability;
• lodge a complaint with your local data-protection authority.

To exercise these rights, email [Contact email TO BE FILLED].

9. International transfers

Our infrastructure is located within the European Economic Area (Hetzner — Germany / Finland) and on global content networks (Cloudflare). When you choose to send prompts to AI providers, those providers may process data outside the EEA — see their privacy policies for details.

10. Children

The Service is not directed to children under 16, and we do not knowingly collect personal data from children.

11. Changes to this policy

We may update this policy from time to time. The "effective date" at the top of this page reflects the latest revision. Material changes will be communicated via email or a notice in the admin panel.

12. Contact

Questions or requests: [Contact email TO BE FILLED].

Governing jurisdiction: [e.g. England and Wales — TO BE FILLED].