Privacy Policy
Effective Date: March 2026 • Version 2.1
LoricaPrompt is a browser extension designed to help you detect and prevent accidental pasting of sensitive data (such as API keys, passwords, and personal information) into AI platforms and web-based tools.
Our core principle is privacy-first: all analysis is performed locally on your device.
1. Data Collection
We collect the absolute minimum data necessary for the extension to function.
What we DO NOT collect:
We do not collect, transmit, or monitor your clipboard contents, file contents, browsing history, or personal information.
What we DO collect:
If you choose to use the optional authentication feature via BrowserCraftStudio, we collect only your email address strictly to verify your Pro license. No sensitive prompts, files, or clipboard data are collected during this process.
Your Consent:
When signing up for a Pro account, you will be explicitly asked to confirm your agreement to this Privacy Policy. You may withdraw consent at any time by requesting account deletion.
Anonymous Telemetry (Optional):
If enabled in your settings, we collect anonymous, aggregated performance metrics (such as scan speeds, feature usage counts, and triggered rule names) to help us improve the extension. This telemetry never contains your actual clipboard text, prompts, files, or personal information.
2. Data Handling
- Clipboard Processing: When you paste text on supported AI platforms, your clipboard data is analyzed strictly locally within your browser using regex pattern matching.
- File Processing (File Shield): Files uploaded via the File Shield feature are processed entirely on your device. No file content is ever sent to external servers. Redacted output is generated locally and discarded immediately after your session ends.
- Purpose: All local processing exists solely to alert you to potential sensitive information leaks before they happen.
3. Data Storage
- Local Storage Only: Your configuration settings, custom detection patterns, and activity logs of blocked paste events are stored locally on your device using Chrome's local storage. This data never leaves your device.
- Retention Period: All local data, including activity logs, settings, and custom detection rules, is retained until you manually clear your browser data or uninstall the extension. You can also manually clear all local data at any time from the extension settings.
- No Server Storage: We do not store any user content or scan results on our servers at any time.
4. Data Sharing and Disclosure
- No Third-Party Sharing: We do not sell, trade, rent, or share any user data, activity logs, or personal information with any third parties under any circumstances.
- We never transmit your sensitive content (clipboard, prompts, files) to our servers or any external service.
- The only external interactions with our servers are for optional anonymous telemetry (if enabled in settings) and Pro license verification. Neither process ever involves your scanned content.
5. User Rights & GDPR (EU Users)
If you are located in the EU or elsewhere, you have the right to:
- Access: All local data is visible directly within the extension settings.
- Delete/Erasure ("Right to be forgotten"): Clear all local data at any time from the extension settings panel.
- Account Deletion & Withdraw Consent: Contact us to permanently delete your Pro account and associated email address, effectively withdrawing your consent for email collection.
6. Security
All data processing occurs locally in your browser. No sensitive content is transmitted over the network at any time. Pro account authentication uses HTTPS encryption exclusively.
7. Permissions Explained
| Permission | Why We Need It |
|---|---|
| storage | To save your settings and local activity log on your device. |
| notifications | To show alerts when sensitive data is detected. |
| alarms | To schedule background tasks such as Pro license verification checks. |
| scripting / host permissions | To detect and redact sensitive data before it is submitted on supported websites. |
8. Legal Basis & Data Controller
- Legal Basis: We process necessary data under Legitimate Interest (providing core security functionality) and Contract Performance/Consent (processing email specifically for Pro license verification).
- Data Controller: BrowserCraftStudio
Email: support@browsercraftstudio.com
Location: Italy, EU
9. International Data Transfers & Supervisory Authority
All core processing happens locally on your device. No personal data is transferred outside the European Economic Area (EEA). Pro license authentication is conducted via HTTPS and does not involve transferring sensitive content outside the EEA. EU users may lodge a complaint with the Italian data protection authority: Garante per la protezione dei dati personali.