What does SOWA Privacy do?

SOWA Privacy is a Chrome extension that detects and replaces sensitive data in AI prompts locally – in your browser – before the prompt reaches ChatGPT, Claude, Gemini, or any other AI tool.

Is SOWA Privacy free?

Yes. The Starter plan is free forever and includes 30+ regex patterns, basic NER detection, and TXT file scanning. Pro (4.99 EUR per month), Business (7.99 EUR per user per month), and Enterprise (custom) unlock additional features.

Which AI tools does SOWA Privacy work with?

SOWA Privacy works with ChatGPT, Claude, Gemini, Microsoft Copilot, Grok, Perplexity, HuggingFace Chat, and any self-hosted OpenAI-compatible interface.

Is SOWA Privacy GDPR compliant?

SOWA Privacy is designed for GDPR compliance. All detection runs locally in the browser, no prompt data is transmitted to SOWA servers, and the source code is open-source under MIT license for full auditability.

Does SOWA Privacy send my data to any server?

No. Detection runs entirely in your browser using local regex, ONNX-based NER models, and optionally local LLMs. Only the placeholder-replaced prompt is forwarded to the AI provider you choose.

Privacy Policy

How SOWA Privacy handles your data – spoiler: it stays on your device.

SOWA Privacy – Secure Online Watcher for Anonymity
Browser extension for Chrome and Microsoft Edge, plus the website at sowaprivacy.ai (and sowaprivacy.ai) where you can create an account and start a paid subscription.
Last updated: May 26, 2026

1. Introduction & scope

SOWA Privacy ("we", "us", "our") protects your personal data when you use AI chatbots such as ChatGPT, Claude, Gemini, Copilot, and Grok. The product is split across two surfaces, and both are covered by this Privacy Policy:

The browser extension. Detection and anonymisation of personal data in your prompts. Runs entirely in your browser. Free Starter tier works without any account.
The website at sowaprivacy.ai / sowaprivacy.ai. Account creation, subscription management, contact and sales forms, marketing pages. Required only if you choose to start a paid subscription, manage an organisation, or contact our team.

Our core principle is data minimisation: anything that can stay on your device does. The contents of your AI conversations and the personal data the extension detects in them never reach our servers. This stays true whether you have a paid subscription or not.

SOWA Privacy is developed by SOWA Privacy (registration pending). Our source code is publicly available at github.com/Sowa-Privacy, so every claim in this policy can be independently verified against the code.

2. Data processed in the browser extension

2.1 Personal data detection (local-only)

SOWA Privacy scans text you type into AI chatbot interfaces to detect personal data – names, email addresses, phone numbers, ID numbers, credentials, financial identifiers, and other sensitive information. This detection runs entirely within your browser. No text – neither the original nor the anonymised version – is sent to SOWA Privacy or any server we operate.

2.2 No collection of AI conversations

The contents of your AI conversations and any personal data the extension detects never leave your device. We do not collect, transmit, store, or process them on any server. The extension contains no analytics, telemetry, tracking pixels, or fingerprinting.

2.3 Data stored locally by the extension

The extension uses your browser's local storage (chrome.storage.local and chrome.storage.session) to keep:

Settings and preferences – detection categories, language, theme, site rules, custom regex / whitelist / blacklist entries.
Anonymisation dictionary – the mapping between original values and their placeholders, so that AI responses can be de-anonymised on your screen.
Audit log – a SHA-256-chained record of what was detected, when, and on which site. Stored only on your device. You can export it (JSON / CSV) or clear it from the Audit page.
Session token and cached entitlements (only if signed in) – the JWT issued by Supabase Auth plus the most recent response from /api/entitlements/me. Used to keep paid features unlocked offline.

You can wipe all locally stored data at any time by clearing the extension's storage in your browser, or by uninstalling the extension.

3. Data processed when you create an account

Creating a SOWA Privacy account is optional. The free Starter tier works without one. You only need an account to start a Pro or Business subscription, manage an organisation, or sign the extension in to a paid plan.

3.1 Registration and login

When you sign up at sowaprivacy.ai, we collect:

Email address – used as your account identifier and for transactional emails (verification, password reset, important account notices).
Password – hashed and stored by Supabase Auth; never visible to us in plain text.
Full name (optional) – used to address you in the dashboard and on invoices.
Default plan – the tier currently associated with your account (Starter / Pro / Business).
Account creation timestamp – for audit and lifecycle management.

Sessions are issued as a JWT by Supabase Auth. The JWT plus a refresh token live in browser storage (website) or chrome.storage.local (extension). We do not set tracking cookies; the only cookies on the website are the authentication session cookie set by Supabase Auth (essential, first-party).

3.2 Organisation memberships (Business plan)

If you're on the Business plan and create or join an organisation, we additionally process:

Organisation name and slug.
Member list – the email addresses and roles of users invited into your organisation.
Pending invitations – the invited email address, the token used to accept the invitation, and the inviting user. Tokens expire and are deleted once the invitation is accepted, declined, or revoked.

When you invite a colleague, their email address is shared with our backend so we can route the invitation. The invited person becomes an independent data subject of this policy from the moment they accept.

3.3 Entitlements lookup

Both the website and the extension call /api/entitlements/me to find out which features are unlocked for your plan. The response contains only feature flags and your plan tier – it does not contain any prompt content, audit data, or personal data beyond your own user ID. The extension caches the response for up to 60 minutes (refreshed via chrome.alarms) so it keeps working offline.

3.4 Connecting the extension to your account

When you click "Sign in" inside the extension popup, Chrome's chrome.identity.launchWebAuthFlow opens a window at sowaprivacy.ai/auth/extension-connect. After you authenticate, the website returns a short-lived handoff token, which the extension exchanges for a Supabase session via /api/extension/handoff/exchange. The token is single-use and expires within minutes.

4. Billing (Stripe)

When you start a paid Pro or Business subscription, billing is handled by Stripe. The data split is:

Stripe receives directly: your card data, billing name, billing address, country, and any tax identifiers you enter. We never see or store full card numbers – Stripe Checkout collects them in an iframe served from stripe.com.
We receive from Stripe (via webhook): your Stripe customer ID, subscription ID, plan tier, billing cycle (monthly / yearly), trial status, subscription state (active / trialing / past_due / canceled), and invoice metadata (amount, currency, status, hosted invoice URL). We store these on your account in Supabase so we can show you the right state on the Billing page.
14-day trial: new Pro and Business subscriptions include a 14-day trial. No card is required to start; if you don't add a payment method by the end of the trial, the subscription pauses automatically.
Stripe webhook event log: we record incoming Stripe events (checkout.session.completed, customer.subscription.*, invoice.payment_*) to make webhook delivery idempotent. The log keeps the Stripe event ID and timestamp; no card data is involved.
Self-service billing portal: when you click "Manage subscription" on the Billing page, we open Stripe's hosted Billing Portal. There you can update your payment method, change plan, download invoices, or cancel – all directly with Stripe.

5. Contact and sales forms

5.1 Contact form (contact.html)

When you submit the form on the Contact page, the data you enter (name, email, optional company, optional phone, topic, message) is sent through Resend, a transactional email service, to one of our department inboxes based on the topic you pick:

General → info@sowaprivacy.ai
Support → support@sowaprivacy.ai
Security → security@sowaprivacy.ai
Feedback → feedback@sowaprivacy.ai

The email is sent from no-reply@sowaprivacy.ai, with your email address set as Reply-To so a reply goes straight back to you. Resend handles only the transmission; the message then sits in our inbox under our standard email retention.

5.2 Sales / enquiry form (sales.html)

When you submit the "Talk to sales" form on the Sales page, the data you enter (name, email, optional company, optional phone, area of interest, message) is forwarded to HubSpot via the HubSpot Forms API in the EU region. We use HubSpot as our CRM to track inbound sales enquiries.

If a HubSpot tracking cookie (hubspotutk) happens to be present in your browser from elsewhere when you submit the form, its value is passed along so HubSpot can link the submission with any existing analytics it has. We do not load HubSpot's tracking script on our marketing site, so we set no HubSpot cookies ourselves; you can clear or block it in your browser at any time without affecting your ability to use the extension.

6. AI API providers (user-initiated, extension-only)

When you use the extension's built-in AI chat proxy, the anonymised text – with your personal data already replaced by placeholders – is sent to the AI API provider you select. This happens only when you actively trigger it. Supported endpoints:

OpenAI API (api.openai.com)
OpenRouter (openrouter.ai)
Fireworks AI (api.fireworks.ai)
Mistral AI (mistral.ai)

The request goes from your browser directly to the chosen provider, authenticated with your own API key, which is stored only in chrome.storage.local. We do not see your API keys or the requests. The privacy policy of the provider you choose governs what they do with the anonymised text they receive.

7. Local AI model downloads

If you opt in to NER or Local LLM detection in the extension's Settings, the necessary model files are downloaded from:

HuggingFace (huggingface.co) – Named Entity Recognition models (~65 MB).
GitHub (raw.githubusercontent.com) – extension resources and WebLLM model files.
WebLLM CDN – local LLM model weights (~200 MB) when Power Mode is enabled.

These are standard HTTPS GETs. No personal data is sent beyond what any HTTP request includes (your IP address). Inference itself runs entirely on your device via WebAssembly (ONNX Runtime) and WebGPU (WebLLM).

8. Subprocessors

The third-party services we rely on to operate the website are listed below. Each handles a specific data scope and is governed by its own data processing terms.

Subprocessor	Purpose	Region
Supabase	Account auth, profiles, organisations, entitlements, subscriptions table. Privacy policy.	EU (Frankfurt)
Stripe	Payment processing, subscription management, billing portal, invoices. Privacy policy.	US / global; EU SCCs in place
HubSpot	CRM for sales-form submissions and inbound sales enquiries. Privacy policy.	EU (Frankfurt)
Resend	Transactional email delivery for contact-form messages, routed by topic to our info / support / security / feedback inboxes. Privacy policy.	US (Delaware); EU SCCs in place
Vercel	Hosting of the marketing site and serverless API. Processes HTTP traffic (IP address, user agent) for routing and operational logs. Privacy policy.	EU edge; US infrastructure with EU SCCs
PostHog	Privacy-friendly product analytics for the marketing site – page views and aggregate interactions. Consent-gated: loads only after you opt in. No session replay. Privacy policy.	EU (Frankfurt)
HuggingFace	Static delivery of NER model files. Opt-in only.	Global CDN
GitHub	Source code repository; static delivery of WebLLM model resources. Opt-in only.	US

We do not sell, rent, or share your data with anyone outside the list above. We run no advertising network and no session-replay tool. The only behavioural analytics is PostHog, which is off by default and loads on the marketing site only after you opt in via the consent banner – and never inside the browser extension.

9. Legal bases (GDPR Article 6)

Performance of a contract (Art. 6(1)(b)) – to provide the extension and the account / billing features you actively use: registration, login, entitlements check, subscription management, invoices.
Legal obligation (Art. 6(1)(c)) – to retain invoice and tax-relevant records for the periods required by applicable bookkeeping and tax law.
Legitimate interests (Art. 6(1)(f)) – to keep the service secure (operational logs, rate limiting, webhook signature verification), and to respond to contact-form messages.
Consent (Art. 6(1)(a)) – for product analytics on the marketing site (PostHog), and for any optional component that downloads a third-party model on first use (NER, Local LLM). Analytics stays off until you accept the consent banner; you can withdraw at any time (see Section 13). The local model files can be deleted from the extension at any time.

10. Retention

How long each kind of data is kept:

Locally stored extension data (settings, dictionary, audit log, cached session) – kept on your device until you clear it or uninstall the extension. We have no copy on our servers.
Account profile (email, hashed password, name, plan) – kept while your account is active. Deleted within 30 days of an account-deletion request, except for fields that must be retained for billing or legal obligations (see below).
Organisation memberships and invitation tokens – kept while the organisation exists. Invitation tokens are deleted once they're accepted, declined, revoked, or expired.
Stripe billing data on our side (customer ID, subscription state, plan history) – kept while the subscription is active and for the duration mandated by applicable accounting and tax law (commonly 10 years in the EU, 7 years in some jurisdictions). Card data is not stored on our side at any point.
Invoices – same as above. Available to you in the Stripe Billing Portal for the same period.
Stripe webhook event log – kept indefinitely for idempotency and audit, but contains only Stripe event IDs and timestamps, no card data.
Contact-form emails (Resend) – the message itself is delivered transiently through Resend; Resend's own delivery logs are kept according to its policy (typically up to 30 days). The copy that lands in our department inbox is retained under our standard email retention.
Sales-form submissions in HubSpot – kept for up to 24 months from the last contact, unless we have an active business relationship with you, after which we apply the same retention as for account data. You can ask us to delete your HubSpot record sooner.
Server-side operational logs (Vercel / Supabase) – IP addresses, request paths, and timestamps in short-term operational logs are retained according to each provider's own retention policy, typically 7–30 days. They contain no AI-prompt content and no personal data the extension detected for you.

When you delete your account, we anonymise records we must keep for legal reasons (e.g. invoices) and delete everything else.

11. International data transfers

Supabase, HubSpot, and the Vercel edge network primarily serve EU users from EU data centres. Stripe, Resend, and GitHub are headquartered in the United States; transfers to them are covered by the European Commission's Standard Contractual Clauses and, where applicable, the EU-US Data Privacy Framework. HuggingFace serves model files from a global CDN; model downloads are static HTTPS GETs with no personal data attached.

12. Browser permissions

The extension requests the following Chrome permissions. We list each one and why it's needed:

activeTab – to access the content of the active tab for PII detection in text fields.
storage – to save settings, anonymisation dictionary, and (if signed in) your session and entitlements locally.
tabs – to identify the AI chatbot site you're on and to manage the extension UI across tabs.
contextMenus – to provide right-click options for quick anonymisation, whitelisting, and blacklisting.
sidePanel – to display the extension's side panel interface.
windows – to manage popup and panel windows.
offscreen – to run NER inference in an isolated context that the host page can't see or call.
identity – to sign the extension in to your SOWA Privacy account via chrome.identity.launchWebAuthFlow. Used only when you click "Sign in".
alarms – to refresh your entitlements once an hour so plan changes apply even when you're not actively using the extension.

The content script runs on <all_urls>, but detection and the Privacy Owl only activate on the seven AI chat domains in the default integration list (ChatGPT, OpenAI, Claude, Gemini, Copilot, Grok, x.ai). You can add or remove sites in Settings → Sites & Privacy.

13. Cookies and local storage

The extension stores nothing in cookies – only in chrome.storage.local and chrome.storage.session.
The marketing website sets a small sowa-theme entry in localStorage to remember your dark/light preference, and a sowa-analytics-consent entry to remember your analytics choice. Neither is a tracking cookie.
The dashboard (Account, Billing, Settings pages) sets an essential, first-party authentication cookie via Supabase Auth so your session survives page reloads. This cookie is strictly necessary for the service and is not used for tracking.
PostHog analytics – only if you accept the consent banner. When opted in, PostHog sets first-party cookies / localStorage entries to count page views and aggregate interactions on the marketing site. It is off by default, honours your browser's "Do Not Track" signal automatically, runs no session replay, and never loads inside the extension. You can change your mind at any time – declining (or clearing the sowa-analytics-consent entry) stops it and the banner returns on your next visit.
HubSpot – we do not load HubSpot's client-side tracking script on the marketing site, so we do not set HubSpot cookies. If your browser already has a HubSpot cookie (hubspotutk) from another site, its value may be forwarded with sales-form submissions; clearing or blocking it never affects your use of the extension or your account.

14. Security

The contents of your AI conversations and detected PII never leave your browser, so that data is not exposed to any server-side breach risk. Your local data is protected by your browser's and operating system's own security model – keep your browser current.

Account and billing data sit with our subprocessors under their respective security regimes. On our side we apply least-privilege engineering: row-level security on the Supabase database, Stripe webhook signature verification, secrets held only in Vercel's encrypted environment variables, HTTPS on every endpoint, and short-lived JWTs with refresh-token rotation.

15. Your rights

Under the GDPR (and equivalent laws in other jurisdictions), you have the right to:

Access the personal data we hold about you.
Rectify incorrect or incomplete data.
Erase your data, subject to the legal retention obligations described in Section 10.
Restrict processing in certain situations.
Object to processing based on legitimate interests.
Portability – receive a copy of your account data in a machine-readable format.
Withdraw consent at any time where processing is based on consent.
Lodge a complaint with your local supervisory authority. A list of EU authorities is available at edpb.europa.eu.

For local extension data, you exercise these rights directly: settings expose every stored item, the Audit page lets you export and clear the log, and uninstalling the extension wipes everything. For account and billing data, email info@sowaprivacy.ai from the address on the account, or use the in-product "Delete account" action where available; we respond within 30 days.

16. Children

The extension is not directed at children. You must be at least 16 years old (or the digital-consent age in your jurisdiction) to create a SOWA Privacy account or start a subscription. The free Starter tier of the extension processes everything locally and we do not knowingly collect personal data from anyone – including children – through it.

17. Open-source transparency

SOWA Privacy is open source under a Source-Available licence. Our complete source code is at github.com/Sowa-Privacy. You – or any security researcher – can audit the code to verify that the extension behaves exactly as described in this policy. We believe transparency is the strongest form of trust.

18. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of the page reflects the most recent revision. For material changes, we will notify you through the dashboard and, where appropriate, by email to the address on your account.

19. Contact

For questions, requests, or complaints about this Privacy Policy, please contact us:

Legal entity and postal address: see our Imprint.

If you cannot reach a satisfactory resolution with us, you have the right to lodge a complaint with the data-protection supervisory authority in your country of residence.