Privacy Policy

AI DLP Pro ("we," "our," or "us") operates the AI DLP Pro Chrome and Edge browser extension and the website located at aidlppro.com. This Privacy Policy explains how we collect, use, and protect information when you use our products.

1. What We Collect

The AI DLP Pro extension collects the following data to provide its core functionality:

• DLP event logs: When the extension detects sensitive data in a prompt or file upload, it logs the event. Logs include: timestamp, AI tool name (e.g. ChatGPT), action taken (block/warn/redact/override), data categories detected (PHI/PII/Financial/Secret), a short preview of the prompt (first 160 characters, redacted), and your device ID.
• Device ID: A randomly generated identifier stored locally in your browser to track your license seat. It is not tied to your identity.
• License key and tenant ID: Used to validate your organization's license and enforce seat limits.
• User email (optional): Provided voluntarily during setup to help your administrator identify which seat belongs to whom.

The extension does not collect, store, or transmit the full text of your prompts. Only a short redacted preview is logged for audit purposes.

2. What We Do Not Collect

• We do not read or store your browsing history
• We do not collect passwords, authentication tokens, or cookies from any website
• We do not sell your data to any third party
• We do not use your data for advertising
• We do not perform OCR or analysis on images
• We do not collect data from websites other than the supported AI tools listed in the extension manifest

3. How We Use Your Data

• License validation: To confirm your device is an authorized seat under your organization's license
• Audit logging: To provide your organization's compliance team with a record of AI tool usage and DLP events
• Product improvement: Aggregate, anonymized usage statistics may be used to improve detection accuracy

4. Data Storage and Security

Event logs are stored in two places:

• Locally: In your browser's chrome.storage.local, capped at 2,000 events. Cleared when you uninstall the extension.
• On our servers: If your organization has configured a backend URL, events are transmitted to that server over HTTPS and stored in a secured Azure SQL database hosted in Microsoft Azure.

We use industry-standard encryption in transit (TLS 1.3) and at rest. Access to our servers is protected by token-based authentication.

5. Data Retention

Event logs are retained for up to 365 days by default. Your organization's administrator may configure a shorter retention period. Device records are automatically deactivated after 90 days of inactivity.

6. HIPAA

AI DLP Pro is designed to help covered entities and business associates prevent PHI from being transmitted to external AI tools. Enterprise customers requiring a Business Associate Agreement (BAA) should contact us at hello@aidlppro.com.

7. Your Rights

You may request deletion of your device record and associated logs at any time by contacting your organization's administrator or emailing us directly. For users subject to GDPR, you have the right to access, correct, and delete your personal data.

8. Third Parties

We use Microsoft Azure to host our backend infrastructure. Microsoft's privacy practices are governed by the Microsoft Privacy Statement. We do not share your data with any other third parties.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify enterprise customers of material changes via email. Continued use of the extension after changes constitutes acceptance of the updated policy.