Privacy Policy

Overview

RuleSentry (“we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains how our software products (browser extension and desktop application) handle your data when you use our services.

What Data We Collect

1. Data We DO NOT Collect

RuleSentry does NOT collect, access, transmit, or store:

• Your conversations with AI assistants (ChatGPT, Gemini)
• Content you type or paste into chat interfaces
• Files you upload to AI assistants
• Documents you scan or redact in the Desktop App
• Sensitive data detected by the software (PII, API keys, secrets)
• Pseudonymization mappings or transformed content
• Browsing history or activity outside supported AI chat sites

2. Local Storage

2a. Chrome Extension

The Extension stores the following data locally in your browser using Chrome's storage API:

• Extension settings: Your preferences for enabling/disabling features per site
• Pseudonymization mappings: Original values and their pseudonyms (stored locally only)
• Scan history: Records of scans performed (stored locally only)

2b. Desktop App

The Desktop App stores the following data locally on your device:

• SQLite database: Custom rules, policies, categories, and entities you create
• App settings: Stored locally via tauri-plugin-store
• NER model files: Stored locally if you choose to download them

This data never leaves your device and is stored exclusively in local storage.

3. Anonymous Usage Statistics (Optional, Future)

We may add optional analytics in the future to improve the software. If implemented:

• Analytics will be opt-in only (disabled by default)
• We will only collect aggregate, anonymous usage metrics (e.g., feature usage counts)
• No personal data, chat content, or sensitive information will be included
• You can disable analytics at any time

Note: As of February 2026, no analytics are implemented. This section is for transparency about potential future features.

How We Process Your Data

Chrome Extension

• Local Processing: The Extension runs WebAssembly code entirely in your browser
• No Network Transmission: Your data is never sent to our servers or any third-party services
• Fully Offline: The Extension works completely offline after installation

Desktop App

• On-Device Processing: All scanning, evaluation, and redaction happens locally on your device using a native Rust engine
• Offline by Default: The Desktop App works fully offline — no network calls are made except when using the optional AI-assisted entity builder
• Optional Anthropic API: If you provide an API key and use the AI builder, rule/policy descriptions are sent to Anthropic's API. No sensitive data or scanned content is included in these requests

Interception Architecture & Transparency (Extension)

The Extension intercepts content before it's sent to AI providers using multiple techniques:

• DOM Monitoring: Watches for changes to text input fields and contenteditable elements
• Event Interception: Captures click and keyboard events on send buttons
• Network Request Hooking: Intercepts fetch/XMLHttpRequest API calls at multiple layers
• Pre-Send Scanning: Analyzes content immediately before transmission

We continuously test interception accuracy using Wireshark network analysis and monitor provider changes. When we discover gaps, we prioritize fixes and release updates promptly.

Third-Party Services

The Extension operates on third-party AI chat websites:

• ChatGPT (chat.openai.com, chatgpt.com)
• Gemini (gemini.google.com)

The Extension intercepts content before it reaches these services to scan for sensitive data. However, we do not control these third-party platforms. Please review their respective privacy policies:

• OpenAI Privacy Policy: https://openai.com/privacy
• Google Privacy Policy: https://policies.google.com/privacy

The Desktop App optionally uses the Anthropic API for AI-assisted entity generation when you provide an API key:

• Anthropic Privacy Policy: https://www.anthropic.com/policies/privacy

Data Security

We implement security best practices:

Chrome Extension

• Content Security Policy (CSP): Strict CSP prevents unauthorized code execution
• Minimal Permissions: The Extension requests only necessary permissions (activeTab, storage)
• Host Restrictions: Only runs on specified AI chat websites
• Local Storage: All user data is stored locally in browser storage, protected by browser security

Desktop App

• Local SQLite Storage: All custom entities stored in a local database on your device
• Tauri CSP: Content Security Policy enforced in the Tauri webview
• No Network Calls: No network connections except the optional Anthropic API for AI-assisted generation

Your Rights and Control

You have complete control over your data:

Chrome Extension

• Access: All your data is stored locally in browser storage (accessible via extension popup)
• Export: Export pseudonymization mappings to CSV at any time
• Delete: Clear all extension data via the extension popup or by uninstalling
• Control: Enable/disable the extension per site or globally at any time

Desktop App

• Uninstall: Uninstalling the Desktop App removes all local data
• Manual Deletion: The SQLite database and settings files can be deleted manually from your filesystem

Since we don't collect your data on our servers, there is nothing for us to delete. Uninstalling the software removes all local data from your device.

Children's Privacy

RuleSentry is not intended for use by children under 13 years of age. We do not knowingly collect information from children. The software operates on AI chat platforms that have their own age restrictions.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated “Last Updated” date. Material changes will be communicated via:

• Software update notification (if applicable)
• Notice on our website homepage

Continued use of the software after changes indicates acceptance of the updated policy.

GDPR and CCPA Compliance

RuleSentry's privacy-first architecture means:

• No Data Controller Issues: We don't collect or control your personal data
• No Data Transfers: Your data never leaves your device
• No Right to Deletion Requests: Since we don't have your data, there's nothing to delete from our servers
• Data Minimization: We only store essential settings locally

For California residents: Because we don't collect personal information, we don't sell or share it either.

Contact Us

If you have questions about this Privacy Policy or our practices, please contact us:

• Email: support@rulesentry.io
• Website: https://rulesentry.io