Privacy & Security
Audit metadata
The fields recorded for each detection, designed to be useful for administrators while excluding sensitive content.
Recorded fields
A detection record is metadata about what happened — not the content involved.
| Field | Description |
|---|---|
| Detection category | Which category matched, e.g. SSN, credit card, or API key. |
| Action and outcome | The policy action and user outcome, such as warned, blocked, redacted, canceled, or sent with a reason. |
| Severity | The audit severity assigned to the event. |
| Site | The site hostname or domain where the event occurred, without full URL paths, query strings, or URL hashes. |
| Device information | Which enrolled device and extension installation the detection occurred on. |
| Policy information | The policy source and version that produced the decision. |
| Attachment metadata | Counts, file types, and skip reasons for supported attachment scans. |
| Justification metadata | Whether a reason was provided and, when required, locally redacted justification text. |
| Timestamp | When the detection happened. |
Deliberately excluded
Audit metadata is designed to exclude prompt text, pasted content, attachment contents, full sensitive values, full URLs, query strings, URL hashes, and raw justification text. The category is recorded; the underlying scanned value is not.
Why this matters
Administrators get the signal they need to understand and enforce policy without ever seeing the sensitive content itself. If a policy requires a reason, the extension may upload locally redacted justification text for auditability.