1. Overview
This Privacy Policy describes how CyberWardion ('we', 'us') processes data in connection with G.A.I.N. (Govern Artificial Intelligence Now), an MV3 browser extension and web dashboard for AI visibility and policy control. We are committed to collecting the minimum data necessary, processing it securely, and being transparent about what we do and do not store.
2. Data We Process
G.A.I.N. processes the following categories of data: • Organization ID and device/browser identifiers, used to associate events with the correct workspace and browser instance. • AI tool name and domain (e.g., ChatGPT, Claude), used for usage visibility and reporting. • Event type, detector or pattern category, policy action taken, and severity, used for risk assessment and policy enforcement. • Timestamp and content length (character count only), used for analytics and reporting. • Sync, heartbeat, and extension version status, used for deployment health monitoring. • Organization key, device label, policies, retry queue, and deployment settings, cached locally in browser storage to enable offline operation and policy enforcement.
3. Data We Do Not Store
G.A.I.N. does not store prompt text or file contents. Detection and redaction run entirely inside the browser before any data is transmitted. Prompt content is discarded immediately after local analysis. We do not collect, transmit, or store keystrokes, screenshots, clipboard contents, or browsing activity outside supported AI tools.
4. How We Use Data
Data is used solely to provide the G.A.I.N. service: AI visibility across the organization, policy enforcement and warnings, deployment health monitoring, security incident response, and reporting (including Trust Reports). We do not sell data. We do not use data for advertising. We do not use data for creditworthiness or lending decisions.
5. Local Browser Processing
All sensitive content detection and redaction occur locally within the user's browser. The extension scans prompts, pasted text, and selected file metadata on the device. Only metadata — never the actual content — is sent to our servers. The extension may cache organization keys, device IDs, policies, retry queues, and deployment settings locally in browser storage to maintain functionality when offline.
6. Dashboard and Organization Admins
Event metadata is visible to organization administrators through the G.A.I.N. dashboard. Admins can view aggregated and per-event metadata to manage AI usage, review policy actions, and generate reports. Admins cannot view prompt text or file contents, because that data is never stored.
7. Data Sharing
We do not transfer data to third parties except infrastructure and service providers required to operate the product. Current providers include Supabase (backend storage and Edge Functions) and our hosting provider. All transfers are governed by appropriate data processing agreements. We do not share data with advertisers, data brokers, or analytics vendors for their own purposes.
8. Data Retention
Event metadata is retained for 90 days to power dashboards and Trust Reports, after which it is automatically purged. No backups of individual event data are kept. Organization account and configuration data is retained while the account is active and for a reasonable period afterward to support reactivation or legal obligations.
9. Security
We implement appropriate technical and organizational measures to protect data, including encryption in transit (TLS), access controls, and regular security reviews. Event metadata is hosted in the EU. Device-level identifiers are retained for security-incident purposes only and are not displayed, filterable, or exportable through the dashboard.
10. Your Choices and Requests
Users and organizations can request access to their data, correction of inaccurate data, or deletion of their data by contacting CyberWardion directly. We will respond to verifiable requests in accordance with applicable data protection law, including the GDPR.
11. Contact
If you have questions or concerns about this Privacy Policy or our data practices, contact us at: CyberWardion George Washington St 24, 1000 Sofia, Bulgaria Email: support@cyberwardion.com Website: https://cyberwardion.com