Privacy Policy

1. What Data is Collected

To ensure maximum confidentiality, BrowserShield collects only the minimum information necessary to operate:

• License Activation Details: We store generated activation keys and randomized device IDs to enforce the subscription's active 1-device limit.
• Customer Email: Saved only when provided during secure Stripe checkouts, enabling code recovery services.
• What We NEVER Collect: BrowserShield does not store, log, monitor, or track the websites you visit, search histories, page clicks, or any personal credentials.

2. What Permissions are Used

The BrowserShield Manifest V3 extension requests only the minimum sandbox permissions required to protect your browser session:

• storage: Used to store whitelisted domains, your parental PIN controls, and local statistics options.
• webNavigation: Allows the service worker to intercept navigation requests and evaluate suspicious hosts against local heuristics.
• downloads: Enables checking file download anomalies (e.g., dual extensions like .pdf.exe) and reputation risks.
• declarativeNetRequest: Used to inject forced SafeSearch parameters (Google/Bing/Yahoo/DuckDuckGo) and Restricted YouTube Mode headers at network layer.
• notifications: Displays warnings on your desktop when threat events are blocked or downloads intercepted.
• host_permissions (<all_urls>): Required to perform link safety annotations and local DLP form protection.

3. Whether Data Leaves the Browser

BrowserShield follows a strict **local-first** approach.

All page scanners, Data Loss Prevention (DLP) checks for Social Security Numbers or Credit Cards, and AI prompt leak interceptions run **fully client-side** inside the extension's local sandbox. Visited page texts and input forms are processed locally and **never** leave your machine.

Anonymized hostname checks (e.g. `example.com`) are securely dispatched to our backend API endpoints using temporary access tokens only when local heuristics flag a domain as suspicious, skipping popular or whitelisted safe sites entirely.

4. Third-Party APIs & Cloud Services

We partner with select third-party services to securely authorize your keys and classify threats:

• Stripe: Processes secure credit card checkouts and manages subscriptions. Payment details are processed directly by Stripe on their secure servers.
• OpenAI: Classifies suspicious page content and URLs using the secure `gpt-4o-mini` API model. Requests are completely anonymized, containing no identifying markers (such as user accounts, emails, or IPs), and OpenAI does not retain or use these queries for training models.

5. Contact & Support

If you have any questions regarding this Privacy Policy, your subscription data, or would like to request full deletion of your purchase details, please contact us: