Skip to content
Contact Us

Data Privacy Policy

🛡️ Privacy Policy

Effective Date: November 1, 2025

1. Overview

AI Data Defense (“we,” “us,” “our”) provides data-security, privacy, and governance solutions for generative-AI environments.
This Privacy Policy explains how we collect, use, and protect personal information when you use our websites, applications, and connected services—including chat.aidatadefense.com (the “Service”).

2. Information We Collect

a. Account & Authentication Data

  • Name, email address, and profile image from sign-in providers (Google, Facebook, or other SSO).

  • Authentication tokens issued by Clerk, our identity provider.

b. Usage Data

  • Log data such as IP address, browser type, device identifiers, and timestamps.

  • Aggregated analytics to improve performance, reliability, and security.

c. Customer Data
Enterprise customers may connect their own systems for monitoring or compliance.
We act as a data processor for this information and process it only under the customer’s instructions.

3. How We Use Information

  • Provide and secure the Service, including authentication and session management.

  • Detect fraud, abuse, or unauthorized access attempts.

  • Improve product functionality, user experience, and enterprise readiness.

  • Comply with legal obligations (e.g., data-protection and security requirements).

We do not sell personal data.

4. Legal Basis

Processing is based on legitimate interest (security, fraud prevention), contract performance (providing our Service), or user consent where required.

5. Sharing & Third Parties

We may share limited data with:

  • Clerk (for authentication)

  • Cloud infrastructure providers (AWS and others under strict DPA)

  • Analytics or monitoring tools (aggregated, non-identifiable form)
    All vendors are bound by data-processing agreements consistent with GDPR and similar frameworks.

6. Data Retention

We retain account data while your account is active and delete or anonymize it within 90 days of account deletion unless a longer period is required by law.

7. Security

Data is encrypted in transit and at rest. Access is controlled by role-based authorization, logging, and auditing systems.

8. Your Rights

Depending on jurisdiction, you may:

  • Access, correct, or delete your data.

  • Object to processing or request data portability.

  • Withdraw consent at any time (without affecting prior lawful processing).

Requests can be submitted to privacy@aidatadefense.com.

9. International Transfers

We may process data in the U.S. and E.U. using privacy-framework compliant providers.

10. Children’s Privacy

Our Service is not directed to children under 16.

11. Browser Extension

Here is the full updated Section 11 for the privacy policy:

11. Browser Extension

The AI Data Defense Browser Extension provides real-time PII protection for AI language model interactions. This section describes data practices specific to the extension.

a. Local Processing

All PII detection and protection occurs locally in the user's browser. Original PII values are never transmitted to AI Data Defense servers. The extension intercepts user prompts, detects sensitive data (names, emails, SSNs, credit card numbers, phone numbers, and other identifiers), and replaces them with protected equivalents before the prompt reaches the AI service.

b. Data Stored Locally

  • Extension configuration and user preferences
  • Device registration and authentication tokens (stored in browser local storage, never synced to the cloud)
  • Detection audit event metadata: timestamps, PII types detected, protection methods applied, and site hostnames. These records do not contain original PII values or prompt content.
  • Session-scoped token mappings for pseudonymization swap-back, automatically cleared when the browser session ends

c. Telemetry

The extension sends anonymous usage metrics to AI Data Defense by default. This telemetry is used for product quality assurance, performance monitoring, and usage analytics.

What we collect:

  • Total detection counts per session
  • PII types detected (e.g. email, credit card) — as category labels only, not values
  • Protection methods applied (pseudonymize, tokenize, redact, mask)
  • AI platform in use (e.g. claude.ai, chatgpt.com)
  • Average scan latency in milliseconds
  • Extension version and browser type
  • Error counts and failure rates
  • Token swap-back counts

What we never collect:

  • The content of any prompt or AI response
  • The actual personal data that was detected or protected
  • Any information that could identify you personally
  • Browser history, saved passwords, or data from other tabs or websites
  • Any data from websites other than the supported AI platforms

Telemetry data is transmitted to telemetry.aidatadefense.com, processed by AWS infrastructure, and used in internal monitoring dashboards. Data is retained for 90 days and then deleted.

Opt-out: Telemetry can be disabled in the extension settings. Disabling telemetry does not affect PII protection functionality.

d. Enterprise Management

Organizations may configure the extension via Chrome Enterprise managed storage (MDM), including policy packs, telemetry endpoints, and locked settings. Enterprise customers may route telemetry to their own infrastructure instead of AIDD's default endpoint. The extension's behaviour is governed by organizational policies when present.

e. Data Retention

  • Audit event metadata is retained locally for a configurable period (default 30 days)
  • Session token mappings are cleared when the browser closes
  • Telemetry data transmitted to AIDD is retained for 90 days then deleted

12. Contact

AI Data Defense, Corp.
USA
Email: privacy@aidatadefense.com