1. Who We Are
The Systango AI Compliance Shield is a Chrome browser extension developed and operated by Systango Technologies Ltd(“Systango”, “we”, “us”, or “our”). It is designed for enterprise users to prevent accidental exposure of sensitive or confidential information via AI chat platforms.
For privacy enquiries, contact us at: compliance@systango.com
2. What This Extension Does
When you type a message into a supported AI chat platform and press Send (or the Enter key), the extension:
- Intercepts the message before it is delivered to the AI platform.
- Scans the text for sensitive data patterns (API keys, credit card numbers, SSNs, etc.) using local rules.
- Sends the text to Systango’s backend API for a deeper compliance analysis.
- Displays a warning or block if sensitive data is detected, and allows you to cancel, redact, or proceed.
The same scan happens when you upload a file (PDF, Word document, plain text, or CSV) to a supported AI platform.
3. Data We Collect
3.1 Account Information
When you log in through the extension's welcome screen, you provide your email address and password. Your password is transmitted directly to our authentication server over HTTPS and is never stored in the browser. On successful login, an authentication token is stored in your browser's local extension storage.
On the extension's options page, you may also save your name and email address. These are stored locally in your browser and included in every compliance scan request so that events can be attributed to your account.
3.2 Prompt Text (Messages You Type)
Every message you attempt to send on a supported AI platform is transmitted to Systango’s compliance API at https://inhibitor-be.envistudios.com for analysis. This includes the full text of your message.
The extension also performs a background check when you click outside the text field (blur event). This check uses the same API and the same data.
Prompt text is not stored by the extension itself after the scan is complete. Whether or not our backend stores prompt content is governed by our data retention policy described in Section 6.
3.3 Uploaded Document Content
If you upload a file to a supported AI platform, the extension extracts the text locally (in your browser) and sends up to 8,000 characters of that text to the compliance API. The original file is not transmitted; only the extracted text excerpt is sent.
3.4 Scan Log
A log of your most recent 10 scan events is stored locally in your browser. Each entry contains:
- Timestamp of the scan
- Which AI platform was in use (e.g., ChatGPT, Gemini, Claude)
- The scan decision (ALLOW or BLOCK)
- The type and severity of any detected findings (e.g., “credit card number detected”)
The scan log does not contain the actual prompt text. It is visible in the extension popup and is not transmitted anywhere automatically.
3.5 Extension Configuration
Your extension settings (such as whether scanning is enabled, feature toggles, and API endpoint overrides) are stored in Chrome’s sync storage, which may be synced across your Chrome browsers if you are signed into your Google account. These settings do not include API keys, authentication tokens, or personal data.
4. Alert Emails
If the extension detects sensitive data and you choose to send the message anyway (“Send Anyway”), an alert email is sent to your registered email address. This email includes:
- The full text of the message you chose to send
- The scan decision and confidence score
- A description of what was detected
This email is sent as a compliance record. It is sent to you (your registered email) and is not shared with any third party.
5. Data Transmission and Security
All data transmitted by the extension is sent over HTTPS to Systango’s backend infrastructure hosted at inhibitor-be.envistudios.com. Requests are authenticated using a token issued at login.
API keys and authentication credentials are held exclusively in the extension’s background service worker and are never exposed to web pages or the browser console.
Local scanning (regex-based pattern matching) runs entirely in your browser and produces no network traffic.
6. Data Retention
| Data Item | Where Stored | Retention |
|---|---|---|
| Name & email (options page) | Browser local storage | Until you clear or change it |
| Authentication token | Browser local storage | Until you uninstall the extension or clear browser data |
| Scan log | Browser local storage | Last 10 entries only; auto-truncated |
| Extension settings | Chrome sync storage | Until you reset or uninstall |
| Prompt text (during scan) | In-memory only | Discarded immediately after scan response |
| Prompt text (server-side) | Systango backend | Subject to Systango’s data retention policy; contact compliance@systango.com |
7. How to Delete Your Data
To remove locally stored data:
- Go to chrome://extensions, find Systango AI Compliance Shield, and click Remove. This deletes all local and sync storage used by the extension.
- Alternatively, you can clear extension storage from the browser’s developer tools (Application → Storage → Extension Storage).
To request deletion of any data held on Systango’s servers, email compliance@systango.com.
8. Permissions This Extension Requests
| Permission | Why It Is Needed |
|---|---|
storage | Save your name, email, auth token, scan log, and settings locally and in Chrome sync. |
scripting | Inject the compliance monitoring script into AI chat pages. |
tabs | Detect which AI platform is active so the correct scan configuration is applied. |
| Host access (chat.openai.com, chatgpt.com, gemini.google.com, claude.ai, anthropic.com) | Read and intercept text input on the supported AI chat platforms only. No other sites are accessed. |
9. Children’s Privacy
This extension is intended for professional and enterprise use. It is not directed at children under the age of 13, and we do not knowingly collect personal information from children.
10. Changes to This Policy
We may update this privacy policy from time to time. When we do, we will update the effective date at the top of this page. Continued use of the extension after changes are posted constitutes acceptance of the updated policy.
11. Contact
For questions about this privacy policy or your data, contact us at:
Systango Technologies Ltd
Email: compliance@systango.com
Website: www.systango.com