InputGuard

Privacy Policy

InputGuard Privacy Policy

Last updated: June 15, 2026

InputGuard is operated by Sunny Gateway LLC. InputGuard is built for organizations that need browser-native data protection around AI tools. The product is designed around local scanning, admin-managed policy, and audit records that avoid capturing sensitive content.

Local scanning boundary

The browser extension scans pasted text, final prompt text, and supported text attachments locally in the browser according to configured policy. Detection happens before content is submitted to an AI tool. In standalone mode everything stays on the device and nothing is uploaded. In managed organization mode the extension uploads metadata only — never the scanned content itself — to the organization's admin portal over HTTPS.

Content not stored

InputGuard is designed to avoid storing the scanned content itself, including:

  • Prompt content
  • Pasted content
  • Page content
  • Attachment contents and attachment file names
  • User messages submitted to AI tools
  • Full sensitive values
  • Full URLs, query strings, and URL hashes
  • Raw justification or reason text

Managed organizations

Admins may use the portal to manage organizations, devices, deployment state, and policies. End users of the extension do not need portal accounts unless they also administer InputGuard.

Metadata-only audit ingestion

In managed mode, portal audit ingestion receives operational metadata only: site hostname, detected category names, detector variants, severity, policy action and outcome, match and attachment counts, redaction-used state, timestamps, extension version, organization and install identifiers, and locally redacted justification text when a policy requires a reason. It does not receive prompt text, pasted content, page content, attachment contents, attachment file names, full sensitive values, full URLs, query strings, URL hashes, or raw reason text.

Account and device data

The portal may process admin account details, organization names, organization membership and roles, policy and deployment settings, device enrollment metadata, reported device names, operating system and browser information, extension versions, hashed deployment/device identifiers, sync timestamps, and support information needed to operate managed workflows.

Cookies and analytics

Essential cookies support authentication and portal sessions. Optional Google Analytics is consent-gated and limited to public marketing pages. Analytics is not enabled for portal or admin pages. The public-site analytics choice is stored in local storage.

Contact form

Contact and sales forms process the name, email address, optional company details, and message content you submit so we can respond to support, deployment, or purchasing requests. The form uses Cloudflare Turnstile for spam prevention, which may process visitor IP address, device, and browser signals, and sends the submission by email; current application code does not store contact submissions in the portal database.

Service providers (sub-processors)

InputGuard relies on a small set of sub-processors to operate the managed service: Supabase (database hosting, authentication, and storage of portal account, organization, device, policy, and metadata-only audit records), Resend (delivery of transactional and contact emails), Stripe (payment processing and billing; billing records may include organization, customer, subscription, invoice, payment status, and active-device quantity information), Cloudflare Turnstile (spam and abuse prevention on the public contact form), and Google Analytics (consent-gated analytics limited to public marketing pages). When an admin chooses to sign in with Google, Google sign-in (OAuth) is used to authenticate the account, and Google processes the sign-in and basic identity information needed to do so. The standalone extension uses none of these; it runs entirely on the device.

Retention

Data is retained only for as long as needed to provide the service, meet security and legal obligations, resolve disputes, and maintain auditability, after which it is deleted or anonymized. Audit retention is configurable by organization admins in the portal. Standalone local audit logs live only in the browser and can be cleared by the user at any time.

Your rights and roles

InputGuard is intended for business customers. For managed organizations, the customer organization is the controller of its account, device, policy, and audit data, and InputGuard acts as a processor on its behalf. Depending on your location and applicable law (such as the GDPR or CCPA), you may have rights to access, correct, export, delete, or restrict processing of your personal data, and to object to or withdraw consent for optional analytics. Organization admins can manage users, devices, and policy state directly in the portal; for other requests, contact us using the contact email below and we will respond subject to security, billing, legal, and audit-retention requirements.

Privacy questions

Questions about this Privacy Policy or privacy-related requests may be sent to support@inputguard.app.