Privacy Policy

Effective date: 2026-06-09 · Last updated: 2026-06-09

This policy applies to the MyYaad browser extension and the MyYaad desktop application. Auxilio Technologies LLC (“we”, “us”, “our”), trading as MyYaad, operates this software and is registered in the State of Colorado, United States.

1. Summary

MyYaad helps you avoid sharing real personal data with AI chatbots by replacing it with realistic “shadow” values before your prompt is sent, then restoring your real values in the response shown in your browser. We do not collect your personal data. Your vault and all shadow processing live on your own device. We run no servers that receive your prompts, vault, or documents, and we use no analytics or tracking.

2. What runs where

  • Desktop app (your device): stores your vault and performs all shadow transformations locally. Today the vault is stored as a local file on your device. (Encrypted-at-rest storage is on our roadmap and not yet shipped — see “Honest status” below.)
  • Browser extension: detects vault values in your prompt, shows you a preview of what will be sent, sends the shadowed prompt, and restores real values in the displayed response. It holds no vault data.

3. Network requests the extension makes

The extension makes only these network connections:

  1. Your local desktop app — http://127.0.0.1:3000. A loopback connection on your own computer. The extension sends prompt text to be shadowed and receives shadowed/restored text. It also keeps one event-stream connection (/pair/events) open via a background “offscreen” document so it can react to the desktop app's state. This traffic never leaves your machine.
  2. Selector configuration — https://www.myyaad.com/api/selectors. Periodically (on startup and roughly every 6 hours) the extension downloads a small JSON file of CSS selectors. This lets it keep finding the chat input box when a chatbot site (ChatGPT, Claude, Gemini, etc.) changes its layout, without us shipping an update for every UI tweak. This is a download-only request: it contains no user data — no prompt text, no vault contents, no account identifier, no cookies, no telemetry. The response is configuration data (selector strings); it is never executed as code.

There are no other external connections. We operate no servers that receive your prompts, vault entries, shadow mappings, or documents.

4. What we collect

Nothing. Specifically, we do not collect, transmit, or store your vault entries, shadow mappings, prompts, AI responses, documents, or browsing history; we do not use analytics, telemetry, or tracking code; there are no third-party tracking scripts, A/B-testing SDKs, or session-replay tools; we do not require an account; and we do not sell, share, or transfer user data to third parties.

The extension stores only operational data in your browser's chrome.storage.local: your protection on/off toggle, selected provider, UI preferences, the cached selector configuration, the desktop-app pairing token, and a master salt used as an input to shadow generation (an HMAC input, not a decryption key). None of this is transmitted to us.

5. Website content the extension reads (and never sends)

To do its job, content scripts on supported chatbot pages read the text you type into the chat box (to shadow it) and the AI's response (to restore your real values in what you see). This reading happens locally in your browser. This content is never transmitted to us or any third party — it is sent only to your own local desktop app over loopback for shadowing, and the restored text is shown only to you.

6. Supported sites

Content scripts run only on these AI chatbot domains:

  • ChatGPT — chatgpt.com, chat.openai.com
  • Claude — claude.ai
  • Gemini — gemini.google.com
  • DeepSeek — chat.deepseek.com
  • Perplexity — perplexity.ai, www.perplexity.ai
  • Grok — grok.com, grok.x.ai

We do not monitor any other browsing activity.

7. Your control and responsibility

You decide what to put in your vault and what to type into a chatbot. MyYaad shows a pre-send preview so you can see what will be sent before sending. MyYaad is fail-closed: when it detects high-sensitivity data it cannot safely shadow, it warns and holds the send for your confirmation rather than letting raw data through unnoticed. No automated protection is perfect — always review the preview, especially for documents (spreadsheet detection works cell-by-cell and may miss some cells).

Each AI provider has its own Terms of Service and privacy policy. MyYaad reduces the personal information present in your prompts, but we make no guarantees about how AI providers store, process, use, or retain data — shadowed or otherwise — and shadow protection is provided “as is.” You are responsible for the security of your device and for your own backups; because we store no copy of your data, a lost or wiped device may make your vault unrecoverable without your own backup.

8. Honest status

MyYaad is early software under active development. Detection is strongest for structured data (emails, phone numbers) and your saved vault entries; free-text dates of birth and some document edge cases are still improving. Encrypted-at-rest vault storage is planned but not yet shipped. We will update this policy as these change.

9. Future cloud features

The current product operates locally with no cloud account. If we add optional cloud features (e.g. encrypted sync) in the future, they will be opt-in and this policy will be updated before they ship. The free tier will always remain fully local.

10. Your rights (UK GDPR / GDPR)

  • Access: your vault is a folder of files on your computer. You can open it in any text editor.
  • Deletion: delete any vault entry by deleting the file. Uninstalling the extension and desktop app removes all MyYaad data from your device.
  • Portability: your vault files are standard Markdown and JSON — copy them anywhere.
  • Disable: you can pause shadow protection at any time from the extension popup without uninstalling.

Because we do not collect, store, or process personal data on our servers, there is no data held by us to request access to, correct, or delete.

11. Children's privacy

MyYaad is not directed at children under 13 (or under 16 in UK/EU jurisdictions). We do not knowingly collect data from children. Since we collect no data from any user, this risk is mitigated by architecture.

12. Google API Services Limited Use Disclosure

MyYaad's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, MyYaad:

  • only uses permissions necessary for the extension's core privacy protection function;
  • does not transfer user data to third parties (no data leaves your device);
  • does not use data for advertising, analytics, or profiling;
  • does not allow humans to read user data (all processing is local and automated); and
  • does not use Google user data to train, develop, or improve generalised or non-personalised AI and/or machine-learning models.

13. Changes to this policy

We will update this policy if our data practices change. The “Last updated” date at the top reflects the most recent revision. Material changes will be communicated via application update notes and our website.

14. Contact

For questions about this privacy policy: