Privacy Policy

Last Updated: February 10, 2026

Our Privacy Commitment

Cogumi AI Shield is built on a fundamental principle: your data is yours, and it never leaves your device unless you explicitly choose to share it.

Unlike traditional security tools that send your data to the cloud for analysis, Cogumi operates entirely client-side. This isn't just a feature — it's our architecture.

What We Collect (Spoiler: Nothing by Default)

Zero Telemetry

We do not collect:

• ✗ No usage analytics
• ✗ No crash reports
• ✗ No device fingerprinting
• ✗ No browsing history
• ✗ No clipboard contents
• ✗ No API keys or credentials (detected or redacted)
• ✗ No personal information

Why? Because we don't have a backend. There's no server to send data to. Our extension runs entirely in your browser.

Local Storage Only

All extension data is stored locally in your browser using Chrome's chrome.storage.local API:

• Policy configurations (your security rules)
• Grant history (time-limited permissions you've approved)
• Audit logs (events you choose to track)
• Settings (UI preferences, detection thresholds)

Who has access? Only you. This data never leaves your device.

Audit Log Privacy

When you allow or deny a paste/upload to an AI agent, Cogumi logs the event locally:

{
  "timestamp": "2026-01-15T10:30:00Z",
  "agent": "ChatGPT",
  "action": "paste",
  "detection": "API key (OpenAI)",
  "decision": "denied",
  "redacted_preview": "sk-proj-••••••••"
}

What's redacted? Everything except the first 8 characters (to help you identify which key).

Where is this stored? In chrome.storage.local on your device. We cannot access it.

Can you export it? Yes. The Options Console has an "Export Audit Logs" button that saves a JSON file to your Downloads folder. You control the data.

Can you delete it? Yes. Click "Clear Audit Logs" in settings, or uninstall the extension (removes all data).

What We DON'T Do

We Don't Intercept Your Data

How Cogumi works:

1. Detects when you're on an AI agent site (ChatGPT, Claude, etc.)
2. Listens for paste events or file uploads
3. Analyzes content locally (regex + entropy, runs in your browser)
4. Prompts you if sensitive data is detected
5. Logs your decision locally

What we DON'T do:

• ✗ Send clipboard content to a server
• ✗ Upload files to the cloud for analysis
• ✗ Store plaintext secrets (even locally — only redacted previews)
• ✗ Transmit audit logs to our servers (we don't have servers)

We Don't Track You

No third-party SDKs (except Google Analytics for basic page view metrics, which you can block with ad blockers).

We track:

• Page views (website only, to measure traffic)
• Install button clicks (to measure conversion)

We DON'T track:

• What you paste into AI agents
• Which secrets are detected
• Your browsing history
• Personally identifiable information

We Don't Monetize Your Data

Our business model (future, when we launch Teams tier):

• ✅ Freemium (free for individuals, paid for teams)
• ✅ Enterprise licenses (companies pay for centralized policy management)

NOT our business model:

• ✗ Selling anonymized usage data
• ✗ Training AI models on your prompts
• ✗ Advertising

Permissions We Request (And Why)

When you install Cogumi AI Shield, Chrome will show a permissions prompt. Here's what we need and why:

1. Storage (storage)

Why: Store your policy settings, grant history, and audit logs locally.

What we DON'T do: Send this data to external servers.

2. Tabs (tabs)

Why: Detect which website you're on to determine if it's an AI agent (ChatGPT, Claude, etc.).

What we DON'T do: Read tab contents, track your browsing history, or monitor non-AI sites.

3. Host Permissions (https://*/*)

Why: Inject the content script that intercepts paste events on AI agent sites.

What we DON'T do: Monitor all websites. The content script only activates on known AI agent domains (see Permissions Explained for the full list).

4. Idle (idle)

Why: Detect when you're away from your computer to auto-revoke time-limited grants (e.g., "Allow for 10 minutes").

What we DON'T do: Track your activity patterns or report idle time to external services.

Full transparency: See Permissions Explained for a plain-English breakdown of every permission.

Third-Party Services

We use ZERO third-party services for analytics, logging, or telemetry.

The only external connections Cogumi makes:

1. Chrome Web Store (for extension updates, managed by Google)
2. None (seriously, that's it)

No CDNs. No external fonts. No tracking pixels.

Data Retention

How long do we keep your data? We don't. You do.

• Audit logs: Stored locally until you delete them (or uninstall the extension)
• Policy settings: Stored locally, cleared on uninstall
• Grant history: Stored locally, auto-purged after 90 days (configurable)

What happens when you uninstall?

All extension data is permanently deleted from chrome.storage.local. We have no backups (because we never had the data in the first place).

Your Rights (GDPR, CCPA, etc.)

Right to Access

How to export your data: Options Console → Audit → Export Logs (downloads JSON file)

Right to Deletion

How to delete your data:

1. Options Console → Settings → Clear Audit Logs
2. Or uninstall the extension (removes all data)

Right to Portability

Your audit logs are exported in standard JSON format. You can import them into any SIEM or log analysis tool.

Right to Opt-Out

What's there to opt out of? We don't collect anything by default. There's no telemetry toggle because there's no telemetry.

Children's Privacy

Cogumi is not directed at children under 13. We don't knowingly collect data from anyone (including adults), but if we did, we wouldn't collect data from children.

Changes to This Policy

If we ever add optional telemetry (e.g., anonymous crash reports with explicit opt-in), we'll:

1. Update this policy
2. Notify users via the extension's Options Console
3. Require explicit consent before enabling

Promise: Any future telemetry will always be:

• ✅ Opt-in (disabled by default)
• ✅ Anonymous (no identifiers)
• ✅ Content-free (no sensitive data)

Contact Us

Questions about privacy?

• Email: privacy@cogumi.ai
• Support: support@cogumi.ai

We typically respond within 24 hours.

---

The Bottom Line: Cogumi AI Shield never sees your data. We can't leak what we don't have.

Back to Home • Permissions Explained • Terms of Service