AI Guardian Browser Extension Privacy Policy

AI Guardian Browser Extension Privacy Policy

Effective Date: June 1, 2026

1. Scope and Identity

This Privacy Policy applies exclusively to the WASViking AI Guardian browser extension (the "Extension") distributed through the Chrome Web Store, Microsoft Edge Add-ons, and equivalent enterprise distribution channels. It is published by WASViking LLC, a Florida limited liability company (the "Publisher"), and complements the general WASViking Privacy Policy that governs the broader platform.

The Extension is installed and managed by an end-user organization (the customer, the user's employer, or a Managed Security Service Provider acting on the customer's behalf). The customer is the data controller for any personal data processed in connection with the Extension; WASViking LLC acts as the data processor.

Contact for privacy questions and data subject requests: [email protected].

2. Single Purpose

The Extension has a single, narrowly defined purpose: to detect when a user is about to send sensitive data (such as personally identifiable information, protected health information, secrets, source code, or internal identifiers) to a public generative AI tool, and to apply the organization's configured policy (allow, audit, warn, or block) before that data leaves the device.

The Extension is the browser-side sensor of an enterprise AI exposure monitoring product. It is not a general-purpose extension, an advertising tool, a content scraper, or a productivity utility.

3. What the Extension Does

The Extension runs only on a fixed allowlist of public AI tool websites. The current allowlist includes:

  • chat.openai.com, chatgpt.com (OpenAI ChatGPT)
  • claude.ai (Anthropic Claude)
  • gemini.google.com, aistudio.google.com (Google Gemini and AI Studio)
  • copilot.microsoft.com, m365.cloud.microsoft (Microsoft Copilot)
  • github.com/copilot (GitHub Copilot Web)
  • www.perplexity.ai, perplexity.ai (Perplexity)
  • poe.com (Poe)
  • chat.deepseek.com (DeepSeek)
  • grok.com, x.ai (Grok)
  • openrouter.ai (OpenRouter)
  • huggingface.co/chat (HuggingFace Chat)
  • chat.mistral.ai (Mistral)
  • lovable.dev (Lovable)

On those sites only, and only at the moment the user initiates an action in the chat composer, the Extension observes:

  • text the user is about to paste or submit as a prompt;
  • a file the user is about to upload via the composer;
  • the AI page URL (without query string or fragment), page navigation events, and the AI response length.

For each action, the Extension asks the locally-installed WASViking Sentinel agent (running on the same device, under the same user session) to classify the content for sensitive data categories and to apply the customer organization's configured policy. The Extension then enforces the resulting decision (allow, audit, warn, or block) in the browser.

4. What the Extension Does NOT Do
  • It does not intercept network traffic, install root certificates, or perform SSL/TLS inspection.
  • It does not read pages outside the allowlist in section 3.
  • It does not capture screenshots, keystrokes, the microphone, the camera, or any background browser activity.
  • It does not send data to any WASViking-operated server directly from the browser. The Extension opens no remote network sockets.
  • It does not retain raw prompt text or file bytes. Content used for a policy decision is held in memory only, on the loopback channel between the Extension and the local Sentinel agent, and is discarded after classification.
  • It does not use the data it processes for advertising, profiling, training of machine learning models, sale to third parties, or any purpose unrelated to the single purpose stated in section 2.
  • It does not include analytics SDKs, tracking pixels, or third-party tag managers.
5. Data Flow

The Extension's only outbound channel is the operating system's Native Messaging interface to a locally-installed WASViking Sentinel host running under the same user account on the same device. There is no direct browser-to-cloud communication.

Browser (Extension)
  -> Native Messaging (chrome.runtime.connectNative / browser.runtime.connectNative)
       -> local Sentinel native-host process (same user, same device)
            -> loopback (127.0.0.1, token-authenticated)
                 -> ai-browser monitor (local daemon)
                      -> local JSONL audit (metadata-first; raw bytes never stored)
                      -> mTLS gRPC tunnel to the customer organization's WASViking endpoint

The mTLS tunnel from the local agent to the customer organization's WASViking endpoint is authenticated by a client certificate provisioned to the customer organization during onboarding. Telemetry is logically partitioned per organization on the receiving side.

6. Permissions and Justifications

The Extension declares the minimum permissions required to fulfill its single purpose. Each permission is justified below.

  • nativeMessaging: the only transport the Extension uses. It connects to the locally-installed Sentinel native-host identified by host name com.wasviking.ai_browser. This permission is required because the policy engine, mTLS identity, and audit log must live in a customer-controlled process outside the browser sandbox.
  • storage: locally remembers UI state shown in the popup (pairing status, last-seen timestamp). No content of any inspected page or prompt is written to storage. Nothing is synchronized off device.
  • alarms: keeps the Manifest V3 service worker warm so a pending policy decision is not lost when the worker would otherwise be evicted by the browser (after approximately 30 seconds of inactivity). The Extension never schedules background work that runs outside of an active page interaction.
  • Host permissions on the allowlist in section 3: required for the content script to read the composer field at the moment of paste or submit, so that the user's intent (sending sensitive data to a public AI tool) can be evaluated before it leaves the device. Host permissions are not granted to any site outside that allowlist.
  • web_accessible_resources: limited to the brand image displayed inside the in-page block notification. No script or data is exposed.

The Extension does not request tabs, activeTab, webRequest, webRequestBlocking, cookies, history, downloads, declarativeNetRequest, or any <all_urls> host permission.

7. Categories of Data Processed

The Extension itself processes the following in memory only, for the duration of a single user action:

  • the text content of the composer at the moment of paste or submit;
  • the metadata of a file selected for upload (file name, MIME type, size) and, for inspectable types (PDF, DOCX, XLSX, ZIP, text and source files under 8 MiB), the file bytes for in-memory text extraction;
  • the AI page URL (scheme, host, and path; query string and fragment are dropped);
  • the AI platform name detected from the host.

None of the above is persisted by the Extension. Content is forwarded over Native Messaging to the local Sentinel agent and discarded.

The local Sentinel agent persists only the following metadata-first record on the local device:

  • event timestamp;
  • AI platform host and detected vendor;
  • action type (site visited, prompt submitted, paste, file upload);
  • browser type, operating system, primary egress IPv4 of the device, logged-in operating system user name, agent unique identifier;
  • classification labels produced by the agent's deterministic detectors (for example cpf, email, aws_keys, possible_phi) and a one-way short SHA-256 fingerprint of the inspected content;
  • up to three masked evidence samples per classification, formatted so that the original value cannot be recovered (for example •••.•••.•••-35, AKIA••••••MPLE);
  • the policy decision (allow, audit, warn, block) and the name of the rule that matched.

Raw prompt text, raw file bytes, raw secret values, complete email addresses, complete national identifiers, and complete payment card numbers are never written to disk or transmitted off the device.

8. Use of the Data

Data processed by the Extension and the local agent is used exclusively to:

  • classify the user's intended interaction with a public AI tool;
  • apply the customer organization's configured policy and present the resulting decision in the browser;
  • produce an auditable record for the customer organization's security and compliance teams.

Data is not used for advertising, behavioral profiling, training or fine-tuning machine learning models, sale to any third party, credit decisions, or any purpose unrelated to the single purpose stated in section 2.

9. Disclosure to Third Parties and Sub-processors

The Extension itself transmits no data to any third party. The local Sentinel agent transmits the metadata-first event record to the customer organization's WASViking endpoint over mTLS. That endpoint is operated by WASViking LLC under a written agreement (including a Data Processing Agreement) with the customer organization, or by the customer organization itself in self-hosted deployments.

The current list of sub-processors that may receive data on behalf of WASViking LLC is published at Subprocessors and incorporated by reference into this policy.

10. Storage Location, International Transfers, and Retention

Event metadata is stored in cloud infrastructure operated by WASViking LLC in the United States. If the user or the customer organization is located outside the United States, the data described in section 7 may be transferred to and processed in the United States under appropriate safeguards (including standard contractual clauses where applicable under the GDPR and equivalent international transfer mechanisms under the LGPD).

Retention is controlled by the customer organization. WASViking LLC honors retention sweeps, organization-wide deletion requests, and data subject deletion requests forwarded by the customer organization (the data controller).

11. Security

The Extension and the local agent implement the following protections:

  • loopback transport between the Extension and the local agent is bound to 127.0.0.1 only and authenticated by a per-installation token written with file mode 0600;
  • communication between the local agent and the WASViking cloud endpoint uses mutually authenticated TLS (mTLS) with a per-organization client certificate;
  • identifiers stored on disk by the agent are encoded with a per-installation salt;
  • the agent process runs under the user's account with the minimum file system permissions required (0600 for secrets, 0700 for state directories);
  • raw sensitive values are redacted before serialization, as described in section 7;
  • WASViking platform security practices are detailed at Security Practices and Security Data Handling.
12. Data Subject Rights

Because the customer organization is the data controller, end-user rights under the LGPD (Brazil), the GDPR (European Union and United Kingdom), the CCPA and CPRA (California), and equivalent regimes are exercised through the user's employer or controller.

Depending on jurisdiction, these rights may include:

  • confirmation of the existence of processing and access to personal data;
  • correction of inaccurate or outdated data;
  • deletion, anonymization, or blocking of unnecessary or excessive data;
  • data portability where applicable;
  • objection to or restriction of certain processing activities;
  • revocation of consent, where consent is the legal basis;
  • complaint to a competent supervisory authority.

WASViking LLC provides controllers with the technical means to fulfill these requests, including a deletion API and retention sweeps. Direct requests from end users may be forwarded to [email protected], which will route them to the appropriate customer organization.

13. Children

The Extension is not designed for or directed to children. It is intended for use on managed workforce devices under an employer's policy, and is distributed through enterprise channels.

14. Store-Specific Disclosures

For users who installed the Extension from the Chrome Web Store: WASViking LLC's use of information received from Google APIs adheres to the Chrome Web Store User Data Policy, including the Limited Use requirements. The Extension does not transfer user data to third parties for advertising, profiling, or any purpose unrelated to the single purpose stated in section 2, and does not allow humans to read user data except as expressly permitted (security investigations, debugging with the user's consent, or where required by law).

For users who installed the Extension from Microsoft Edge Add-ons: WASViking LLC complies with the Microsoft Edge Add-ons Store Developer Policies, including the policies on permissions, data collection, and disclosure. The Extension's behavior, permissions, and data handling are identical across browsers; only the distribution channel differs.

15. Changes to This Policy

Material changes will be reflected by a revised Effective Date at the top of this page. Substantive changes that affect the categories of data processed, the permissions declared, or the recipients of the data will be announced on the WASViking AI Guardian product page and, where required, communicated to customer organizations through their administrative contact.

16. Contact

For any question, disclosure request, or report concerning this policy or the Extension:
WASViking LLC
Orlando, FL, United States
Privacy and data subject requests: [email protected]
Legal: [email protected]

Up

Florida, United States