AI Firewall Browser Extension - Privacy Policy

The AI Firewall browser extension inspects the prompts you are about to send to AI services so it can warn you about, redact, or block secrets and personal information before they leave your browser.

What the extension accesses

• The text you submit on supported AI sites (e.g. ChatGPT, Claude, Gemini, Copilot, Perplexity). It is read at submit time only, to be checked.
• The destination hostname of the AI request (e.g. api.openai.com).
• Local extension settings you set (proxy URL, fail mode, and - if your organization uses it - a fleet server URL and token), stored via chrome.storage.

Where your data goes

• By default, nowhere external. Prompt text is sent only to the local AI Firewall proxy on your own machine (http://127.0.0.1:8080) for inspection. The proxy returns a decision (allow / warn / redact / block); the extension acts on it locally. No prompt content is sent to the extension author or any third party.
• When the local proxy is unreachable, the extension runs a small on-device check that looks only for obvious credentials (e.g. API keys). This runs entirely inside your browser and sends nothing anywhere.
• Optional organization fleet (opt-in only). If your organization configures a fleet server URL + token (via managed policy, or you enter them in the options page and grant access), the extension may send decision metadata only - timestamp, destination host, the AI service name, the allow/warn/redact/block decision, and the detector category. It never sends your prompt text or any matched secret in this channel. This lets your organization see which AI services are in use and enforce policy. It is off unless your organization turns it on.

What is stored locally

• Your settings (proxy URL, fail mode, optional fleet URL/token).
• Rolling counts of your own decisions (how many were allowed / warned / redacted / blocked, and per-service totals) to power the popup dashboard. These counts stay in your browser and are not transmitted.

What we do NOT do

• No analytics, tracking, advertising, or fingerprinting.
• No transmission of prompt content or secrets to the extension author.
• No remote code: the extension ships all of its code in the package.
• No selling of data, and no use of data for any unrelated purpose.

Permissions, briefly

• Host access to AI sites: to read the prompt at submit time and enforce the decision on those sites.
• Host access to 127.0.0.1: to reach your local inspector proxy.
• storage: to keep your settings and local counts.
• declarativeNetRequest: to block requests to AI hosts at the network layer when you choose fail-closed mode and the proxy is unreachable.
• Optional host access (requested only if you enable a fleet server): to send decision metadata to your organization's server.

Contact

Questions: mdaniel.goldberg@gmail.com or the project homepage at danielmgoldberg.github.io.