1. Introduction
Naosuu ("we," "our," or "us") operates the Naosuu browser extension (the "Extension") and the Naosuu website at naosuu.com (together, the "Service"). This Privacy Policy explains what information we collect, how we use it, and your rights with respect to that information.
We wrote this policy to be specific and technically accurate, not vague. If something is unclear, contact us at info@naosuu.com.
2. The Core Principle: Your Prompt Text Never Leaves Your Browser
The central purpose of Naosuu is to analyze text you are about to send to third-party AI platforms and identify personally identifiable information ("PII") before it is transmitted. All analysis of your prompt text is performed entirely on your device using locally bundled models. No prompt text, no document contents, no detection results, and no PII are ever transmitted to Naosuu servers or any third party.
This is an architectural guarantee, not a policy choice. The Extension contains no code path that sends prompt text or document contents over any network connection.
3. Information We Collect and How We Use It
3.1 Information Processed Locally (Never Transmitted)
The following data is processed exclusively within your browser and is never sent to Naosuu or any third party:
| Data | Purpose | Storage |
|---|---|---|
| Text content of AI platform prompts | PII detection before submission | Not stored; processed in memory only |
| Contents of uploaded documents (PDF, DOCX, TXT) | PII detection in attached files | Not stored; processed in memory only |
| Detection results (which PII categories were found) | Displaying warnings in the Extension UI | Not stored beyond the current session |
| Token vault entries (custom redaction rules you create) | Applying your personal redaction preferences | Stored locally in your browser via chrome.storage.local; never transmitted |
| Extension settings and preferences | Remembering your configuration | Stored locally via chrome.storage.local; never transmitted |
3.2 Information Transmitted to Naosuu
The only data transmitted to our servers is the minimum required to validate your license. License checks occur at most once every 24 hours; the result is cached locally in your browser and no additional requests are made during that period.
| Data | When Transmitted | Purpose | Retention |
|---|---|---|---|
| Email address | During activation and at most once every 24 hours for license validation | Verifying your subscription is active | Stored in our license database for the duration of your subscription |
| License token | During activation and at most once every 24 hours for license validation | Authenticating your license | Stored in our license database |
| Standard request metadata (which may include IP address and timestamp) | With each license check request | Security, fraud prevention, and abuse detection | Retained per Cloudflare's standard infrastructure log retention policies. See Cloudflare's Privacy Policy for details. |
License checks are made to our validation service hosted on Cloudflare Workers. No prompt text, document content, or PII accompanies these requests.
3.3 Extension Activation
After completing a subscription purchase, you are redirected to naosuu.com/welcome. That page retrieves your email address and a cryptographically signed license token from our validation service and sends them directly to the Extension to complete activation. This communication uses Chrome's externally_connectable API, which is restricted exclusively to naosuu.com. No other website can communicate with the Extension. The email and token are stored locally in your browser via chrome.storage.local and are used solely for ongoing license validation.
3.5 Information Collected on Our Website (naosuu.com)
When you visit naosuu.com, we may collect:
- Standard web server logs (IP address, browser type, pages visited, referrer)
- Information you voluntarily submit by contacting us by email (name, email address)
- Payment information submitted through our billing provider, Stripe — Naosuu does not store payment card numbers; all payment processing is handled by Stripe under their own privacy policy
4. Legal Bases for Processing (GDPR)
For users in the European Economic Area, United Kingdom, or Switzerland, we process your data on the following legal bases:
- Contract performance (Article 6(1)(b) GDPR): Processing your email address and license token is necessary to provide the subscription service you have purchased.
- Legitimate interests (Article 6(1)(f) GDPR): Retaining server logs to detect abuse, fraud, and unauthorized use of the Service.
- Consent (Article 6(1)(a) GDPR): For any optional marketing communications, which you may withdraw at any time.
5. Data Sharing and Disclosure
We do not sell, rent, or trade your personal information. We share data only in the following limited circumstances:
- Cloudflare, Inc.: Our license validation service runs on Cloudflare Workers infrastructure. License check requests are processed through Cloudflare's network. Cloudflare is bound by its own privacy policy and applicable data processing agreements.
- Stripe, Inc.: Payment processing for subscriptions. Stripe receives payment and billing information directly; Naosuu receives only a subscription status indicator.
- Legal obligations: We may disclose information if required by law, court order, or to protect the rights, property, or safety of Naosuu, our users, or the public.
- Business transfers: In the event of a merger, acquisition, or sale of all or substantially all assets, user data may be transferred. We will provide notice before your information becomes subject to a materially different privacy policy.
We do not share any locally processed data (prompt text, document contents, vault entries) because we never have access to it.
6. Data Retention
- License data (email, token): Retained for the duration of your subscription and deleted within 90 days of subscription termination upon request.
- Infrastructure logs: Retained per Cloudflare's standard log retention policies.
- Local extension data (vault, settings): Stored in your browser until you clear it or uninstall the Extension. Naosuu has no access to this data and cannot delete it on your behalf. You may clear it at any time by navigating to chrome://extensions, clicking Details on the Naosuu extension, and selecting Clear Storage. Uninstalling the Extension also removes all locally stored data.
7. Children's Privacy
The Service is not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If you believe a child under 16 has provided us with personal information, please contact us at info@naosuu.com and we will delete it promptly.
8. Your Rights
Depending on your jurisdiction, you may have the following rights:
- Access: Request a copy of the personal data we hold about you.
- Correction: Request correction of inaccurate personal data.
- Deletion: Request deletion of your personal data, subject to our legal retention obligations.
- Portability: Receive your personal data in a structured, machine-readable format.
- Objection: Object to processing based on legitimate interests.
- Withdrawal of consent: Where processing is based on consent, withdraw it at any time.
- California residents (CCPA/CPRA): Right to know, right to delete, right to opt out of sale (we do not sell personal data), and right to non-discrimination for exercising these rights.
To exercise any of these rights, contact us at info@naosuu.com. We will respond within 30 days.
9. Security
- License validation requests are transmitted over HTTPS/TLS.
- License tokens are cryptographically signed and validated server-side.
- Local extension data is stored in Chrome's sandboxed chrome.storage.local API, which is not accessible to web pages or other extensions.
- Session maps containing placeholder-to-original-value mappings are stored in chrome.storage.session, which is accessible only to the extension's background service worker. Page-level JavaScript on AI platforms cannot access this data.
- We do not store payment card numbers or sensitive financial data.
No security measure is perfect. In the event of a data breach affecting your personal information, we will notify affected users as required by applicable law.
10. Third-Party Platforms
The Extension operates on third-party AI platforms (OpenAI ChatGPT, Anthropic Claude, Google Gemini, and others). This Privacy Policy governs only Naosuu's handling of data. The AI platforms you use are governed by their own privacy policies and terms of service. Naosuu is not responsible for those platforms' data practices.
11. Chrome Web Store
The Extension is distributed through the Google Chrome Web Store. Google's privacy policy governs information Google collects in connection with the Chrome Web Store. Our data practices as described in this policy are independent of Google's.
12. Changes to This Policy
We will post any changes to this policy at naosuu.com/privacy with a revised "Last updated" date. For material changes, we will notify active subscribers by email at least 14 days before the change takes effect. Continued use of the Extension after the effective date constitutes acceptance of the updated policy.
13. Governing Law
This Privacy Policy is governed by the laws of the State of New York, United States, without regard to conflict of law principles.
14. Contact
Naosuu
info@naosuu.com