Privacy & Security

What data is stored

A plain breakdown of where data lives — on the device, in your organization, or nowhere at all.

Stored locally on the device

In standalone mode everything stays on the device. The extension keeps:

  • Your local policy and settings
  • Local audit history of detections
  • The device identity (when enrolled in an organization)

Received by an organization

When a device is enrolled, an organization may receive managed policy and audit metadata:

  • Organization, deployment, and policy identifiers
  • Device and extension installation metadata, including reported device name, operating system, browser, extension version, and sync timestamps
  • Detection categories, detector variants, match counts, severity, action, and outcome
  • Site hostname or domain, without full URL paths, query strings, or URL hashes
  • Attachment counts, file types, and skip reasons
  • Whether redaction or a justification was used
  • Locally redacted justification text when a policy requires a reason

Scanned content not stored or uploaded

InputGuard is designed not to capture the sensitive scanned content itself. That includes:

  • Prompt text
  • Pasted content
  • File and attachment contents
  • Full sensitive values
  • Full URLs, query strings, and URL hashes
  • Raw justification text

Content stays on the device

Detection is local, so prompt text, pasted content, and file contents are not transmitted to InputGuard or your organization for scanning. See the Privacy model for the full picture.