Privacy Policy | SOWA Privacy — AI Privacy. On Premise.

SOWA Privacy — Secure Online Watcher for Anonymity
Browser Extension for Chrome and Microsoft Edge
Last updated: March 26, 2026

1. Introduction

SOWA Privacy ("we", "us", "our") is a browser extension that protects your personal data when you use AI chatbots such as ChatGPT, Claude, Gemini, Copilot, and Grok. This Privacy Policy explains how SOWA Privacy handles information. Our core principle is simple: your data stays on your device.

SOWA Privacy is developed by SOWA Privacy (registration pending). Our source code is publicly available at github.com/Sowa-Privacy, allowing independent verification of every claim made in this policy.

2. Data We Process

2.1 Personally Identifiable Information (PII) Detection

SOWA Privacy scans text you type into AI chatbot interfaces to detect personal data such as names, email addresses, phone numbers, identification numbers, credentials, and other sensitive information. This detection and processing happens entirely within your browser. No text — whether original or anonymized — is sent to SOWA Privacy or any server we operate.

2.2 No Data Collection by Us

We do not collect, transmit, store, or process any of your personal data on any external server. We do not use analytics, telemetry, tracking pixels, fingerprinting, or any other monitoring technology. We have no servers that receive your data.

3. Data Stored Locally on Your Device

SOWA Privacy stores the following data using your browser's local storage (chrome.storage.local). This data never leaves your browser and is accessible only to the extension on your device:

User Settings & Preferences — your configuration choices (e.g., enabled detection categories, language preferences, display options).
Anonymization Dictionary — the mapping between original PII values and their anonymized placeholders, enabling de-anonymization of AI responses when you choose.
Audit Trail — a local log of PII detection events (what type of PII was detected, when, and on which site), enabling you to review what the extension has protected. This log is stored only on your device.

You can delete all locally stored data at any time by clearing the extension's storage through your browser settings or by uninstalling the extension.

4. Data Transmitted to Third Parties

4.1 AI API Providers (User-Initiated)

When you use the built-in AI chat proxy feature, SOWA Privacy sends anonymized text — text from which your personal data has already been replaced with placeholders — to the AI API provider of your choice. This transmission occurs only when you actively initiate it. The following third-party API endpoints may be contacted:

OpenAI API (api.openai.com)
OpenRouter (openrouter.ai)
Fireworks AI (api.fireworks.ai)
Mistral AI (mistral.ai)

These connections are made using your own API keys, which you provide and which are stored only locally in your browser. We do not have access to your API keys. The privacy policies of these third-party providers govern how they handle the anonymized text they receive.

4.2 AI Model Downloads

SOWA Privacy may download machine learning models from:

HuggingFace (huggingface.co) — for Named Entity Recognition (NER) models used in PII detection.
GitHub (raw.githubusercontent.com) — for extension resources and model files.

These are standard HTTPS downloads. No personal data is transmitted during these downloads beyond what is inherent to standard HTTP requests (e.g., your IP address).

4.3 Local AI Processing

SOWA Privacy uses HuggingFace Transformers (ONNX Runtime) for NER-based PII detection and optionally WebLLM for local large language model inference. Both run entirely within your browser using WebAssembly and WebGPU. No data is sent to any remote server for AI inference.

5. Browser Permissions Explained

SOWA Privacy requests the following browser permissions. We believe in transparency about why each is needed:

activeTab — to access the content of the currently active tab for PII detection in text fields.
scripting — to inject the content script that monitors text input for PII on supported websites.
storage — to save your settings, anonymization dictionary, and audit trail locally in your browser.
tabs — to identify which AI chatbot website you are using and to manage extension UI across tabs.
contextMenus — to provide right-click menu options for quick anonymization and de-anonymization of selected text.
downloads — to allow you to export anonymized documents, audit logs, and other files to your device.
sidePanel — to display the extension's side panel interface for the AI chat proxy and PII monitoring dashboard.
windows — to manage extension popup and panel windows.

The content script runs on all URLs (<all_urls>) so that PII protection is available on any website where you might type personal data into an AI chatbot or text field.

6. Cookies and Tracking

SOWA Privacy does not use cookies, web beacons, tracking pixels, or any form of cross-site tracking. We do not participate in any advertising network or data broker ecosystem.

7. Data Security

Because all data processing occurs locally and we do not operate servers that store your data, the risk of server-side data breaches is eliminated. Your data is protected by the security mechanisms of your browser and operating system. We recommend keeping your browser up to date to benefit from the latest security patches.

8. Children's Privacy

SOWA Privacy does not knowingly collect any personal information from anyone, including children under the age of 13 (or the applicable age in your jurisdiction). Since the extension processes all data locally and does not transmit personal data to us, we do not have the ability to identify the age of our users.

9. Your Rights Under GDPR and Other Privacy Laws

Since SOWA Privacy does not collect or store your personal data on any server, traditional data subject rights (access, rectification, erasure, portability) apply to the data stored locally on your device, which you already fully control. You can:

View all stored data through the extension's settings and audit trail interface.
Delete all stored data by clearing the extension's storage or uninstalling it.
Export your data using the built-in download/export features.

No data controller or processor relationship exists between you and SOWA Privacy with respect to your personal data, as we never receive it.

10. Open Source Transparency

SOWA Privacy is open source. Our complete source code is available at github.com/Sowa-Privacy. You or any security researcher can audit the code to verify that the extension behaves exactly as described in this policy. We believe transparency is the strongest form of trust.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on our website and reflected in the "Last updated" date. For significant changes, we will provide notice through the extension's update notes.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy, please contact us: