Trust & Security
Exactly what G.A.I.N. collects, what it never touches, and how it works. No ambiguity.
What G.A.I.N. collects
- AI tool name (e.g. ChatGPT, Claude)
- Timestamp of the event
- Risk severity (low / medium / high / critical)
- Risk category (e.g. possible API key, source code)
- Department (self-selected during enrollment)
- Action taken (warned / blocked / allowed)
- Content length (character count only — never the content)
Device-level identifiers are recorded and retained for security-incident purposes only. They are never displayed, filterable, searchable, or exportable through the dashboard. The dashboard shows only aggregate and department-level data. Access to device-level data is restricted and logged.
What G.A.I.N. never collects
- Prompt content — ever
- Your name, email, or identity
- Any browsing activity outside supported AI tools
- Keystrokes
- Screenshots
- Clipboard contents
How it works
Detection
100% local, inside your browser. Nothing is scanned on a server. The extension inspects the DOM of supported AI tools only, looking for risk patterns before the prompt is submitted.
Transmission
Only metadata leaves the device, over an encrypted TLS connection. Tool name, timestamp, risk category, and action taken. Prompt content is discarded immediately after local analysis.
Storage
EU-hosted infrastructure. Event metadata is retained for 90 days to power dashboards and Trust Reports. After 90 days, data is automatically purged. No backups of individual event data are kept.
Extension permissions
Who can see the data
Your event data is visible only to your company's designated admins through the dashboard. In normal operation, CyberWardion staff do not access individual company event data. Any access for support or security is restricted, logged, and only with your authorization.