Privacy Policy

Effective: April 1, 2026
Last updated: April 1, 2026

PiiBlocker processes all data locally in your browser. We do not collect, transmit, or store any personal data on any server.

1. Data We Collect

We collect NO personal data. Specifically:

• We do not collect your prompts or AI conversations
• We do not collect the PII our extension detects
• We do not collect your browsing history
• We do not collect usage analytics that identify you
• We do not have servers that receive your data
• We do not use cookies
• We do not fingerprint your browser

2. Local Data Storage

The following data is stored LOCALLY on your device only and never transmitted anywhere:

• Extension settings - on/off toggle, detection preferences
• Encrypted PII mappings - AES-256-GCM encrypted, auto-expiring after 4 hours, purged on browser close
• Personal PII dictionary entries - detection hints you have manually saved
• Anonymous aggregate statistics - e.g., "12 items detected today" - no PII values stored

This data never leaves your browser. It is stored in Chrome's local storage and IndexedDB.

3. Encryption

All PII mappings are encrypted using AES-256-GCM via the Web Crypto API. Encryption keys are ephemeral - generated in memory, marked non-extractable, and permanently lost when the browser closes. No keys are ever written to disk or sent anywhere.

4. Third-Party Services

The Extension

The PiiBlocker browser extension uses zero third-party analytics, tracking, advertising, or data collection services. The extension makes zero outbound network requests. No data from the extension is transmitted to PiiBlock or any third party.

The Website (piiblock.com)

Our website uses Cloudflare Web Analytics, a privacy-focused analytics service that collects anonymised, aggregated page view data. Cloudflare Web Analytics does not use cookies, does not track individual users, does not collect IP addresses, and does not fingerprint browsers. No personally identifiable information is collected through our website analytics.

Our uninstall feedback page uses Formspree to process optional feedback submissions. If you choose to submit uninstall feedback, Formspree receives the response you select. No name, email, or other identifying information is required or collected through this form unless you voluntarily include it in a comment. Formspree's privacy policy is available at formspree.io/legal/privacy-policy.

5. Data Sharing

We do not share any data. There is no data to share.

6. Your Rights Under GDPR (EU/EEA and UK Users)

If you are located in the European Union or European Economic Area, you have the following rights under the General Data Protection Regulation:

• Right of Access - We hold no personal data about you on our servers. All data remains local to your device.
• Right to Erasure - You can delete all locally stored data at any time via the extension popup or by uninstalling the extension.
• Right to Data Portability - No personal data is held by us, so there is nothing to transfer.
• Right to Object - No processing of your personal data occurs on our servers.
• Right to Lodge a Complaint - You have the right to lodge a complaint with your local Data Protection Authority (DPA).

Legal basis: Our legal basis for any minimal processing is legitimate interest in providing the extension's core functionality. Since all processing occurs locally on your device, no consent for server-side data processing is required.

UK Users

If you are located in the United Kingdom, you have equivalent rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. The rights described above apply equally to UK residents. You have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

7. Your Rights Under CCPA (California Users)

If you are a California resident, you have the following rights under the California Consumer Privacy Act:

• Right to Know - We do not collect, store, or process your personal information on our servers. There are no categories of data to disclose.
• Right to Delete - All data is stored locally on your device and can be deleted at any time through the extension popup or by uninstalling.
• Right to Opt-Out of Sale - We do not sell, rent, or trade your personal information to any third party.
• Non-Discrimination - We will not discriminate against you for exercising any of your CCPA rights.

8. Chrome Web Store Compliance

PiiBlocker adheres to the Chrome Web Store User Data Policy and its Limited Use requirements. Our use of data obtained through Chrome APIs is limited to providing and improving the extension's core functionality.

9. Permissions We Request

Below are the browser permissions PiiBlocker requests, and why each is necessary:

• storage - Stores settings and encrypted mappings locally on your device
• contextMenus - Adds the right-click "Mask with PiiBlocker" option
• activeTab - Reads the current tab to detect PII (only on supported AI sites)
• Host permissions (chatgpt.com, claude.ai, gemini.google.com) - Injects the content script on supported AI chatbot sites only

10. Children's Privacy

PiiBlocker does not collect personal data from any user, regardless of age. Because no personal data is transmitted to our servers or any third party, no age-specific data protection requirements (such as COPPA or Article 8 of the GDPR) are triggered by use of the extension. No age verification is required because no personal data is processed on our servers.

11. International Users

PiiBlocker performs all data processing locally on your device. There are no cross-border data transfers because no data is transmitted to our servers or any third party. Regardless of your location, your data stays on your device and under your control.

12. Data Breach Notification

Since PiiBlocker does not store any user data on servers, a server-side data breach affecting your personal information is not possible. All data remains encrypted and local to your device. In the unlikely event of a security vulnerability in the extension itself, we will notify users through the Chrome Web Store update mechanism and on our website.

13. Changes to This Policy

If we make material changes to this policy, we will post the updated version at this URL and update the "Last updated" date at the top. We encourage you to review this page periodically.

14. Policy History

We maintain a record of material changes to this privacy policy.

• March 3, 2026 - Initial publication
• April 1, 2026 - Added Cloudflare Web Analytics and Formspree disclosures, added Gemini host permission, added UK GDPR reference, updated legal entity details, updated children's privacy section

Previous versions of this policy are available upon request at [email protected].

15. Contact

Questions or concerns about this privacy policy? Reach us at:

• Privacy enquiries: [email protected]
• General support: [email protected]
• Security issues: [email protected]