Last Updated: 1/10/25

GPT-Shield (“GPT-Shield,” “we,” “us,” or “our”) provides software products including a desktop application and browser extensions designed to protect users from unintended disclosure of sensitive information during interactions with artificial intelligence systems (collectively, the “Software”).

We are committed to privacy-first design. This Privacy Policy explains what information we collect, how it is used, and how your data is protected.

1. Core Privacy Principle: Local Execution

GPT-Shield processes sensitive content locally on your device.

• Text content, documents, prompts, and any detected personally identifiable information (“PII”) are analyzed and redacted entirely on-device
• No prompt text, document content, or detected PII is transmitted to our servers
• We do not store, inspect, or retain customer content

This local-execution architecture is a foundational design principle of GPT-Shield.

Browser Extension Privacy Notice
The GPT-Shield browser extension does not collect, store, or transmit user content, browsing history, or website data. Any text inspection performed by the extension occurs locally on the user’s device and is discarded immediately after processing. Site-level preferences (such as enabled or disabled sites) are stored locally as configuration data only and never leave the device.

The browser extension does not execute remote JavaScript or load third-party scripts from external servers.

2. Information We Collect

We collect only the minimum information necessary to operate, license, and support the Software.

a. Account & Licensing Information

• Email address
• License keys or subscription identifiers
• Organization name (if provided)

This information is used for authentication, licensing, and customer support.

b. Billing Information

Payments are processed by our third-party payment processor.
- GPT-Shield does not store or process raw credit card numbers
- Billing details are handled directly by Stripe, Inc.

For more information, see Stripe’s privacy policy.

c. Device & Application Information

We may collect limited technical metadata, such as:
- Operating system type and version
- Application version
- License activation status
- Error codes (non-content based)

This data is used solely for:
- Software updates
- Compatibility fixes
- Support diagnostics

3. Information We Do NOT Collect

We do not collect:
- Prompt text or chat content
- Documents or pasted text
- Detected PII or redaction results
- Browsing history
- Keystrokes outside protected contexts

The extension may store local configuration settings (such as site enable/disable preferences) on the user’s device. These settings are not transmitted or shared.

4. Telemetry & Analytics (Optional / Configurable)

If enabled (desktop agent only), GPT-Shield may collect anonymous, non-content usage metrics, such as:
- Feature usage counts
- Redaction event totals (numeric only)
- Performance timing data

Telemetry can be disabled by the user or organization administrator where applicable.

5. Third-Party Service Providers

We use the following subprocessors only as required for core operations:

Stripe, Inc. - Payments & subscriptions
Google Firebase - Authentication & licensing metadata only

GPT-Shield does not transmit customer content to OpenAI or any other AI service unless explicitly disclosed and enabled by the customer (currently not used).

6. Data Retention

• Account and billing records are retained as required for legal, accounting, and operational purposes
• No customer content is retained because it is never transmitted to us

7. Security

We employ industry-standard administrative, technical, and organizational safeguards to protect account and licensing data.

8. Your Rights

Depending on your jurisdiction, you may have rights to:
- Access or correct your personal information
- Request deletion of your account
- Object to certain processing activities

Requests may be submitted to: noah@gpt-shield.com

9. Changes

We may update this Privacy Policy periodically. Material changes will be communicated via our website or application.

10. Legal Basis for Processing

We process personal information as necessary to:
- Perform our contract with customers
- Comply with legal obligations
- Pursue legitimate business interests (licensing, support)

11. International Users

If you access the Software outside the United States, you acknowledge that limited account data may be processed in the United States.

12. Children’s Data

GPT-Shield is not intended for use by children under 13, and we do not knowingly collect data from children.

13. Regulatory Rights (GDPR / CCPA-Light)

Depending on jurisdiction, you may have rights to access, correct, delete, or restrict processing of your personal information.
Requests: noah@gpt-shield.com