Privacy Policy

Effective date: 23 March 2026 · Last updated: 23 March 2026

1. Introduction

MyYaad (“we”, “us”, “our”) is a privacy-first browser extension and desktop application that protects your personal information when using AI chatbots. This Privacy Policy explains how the MyYaad browser extension (“The Shield”) handles data.

Our core principle is simple: your data never leaves your device unless you explicitly choose to send it to an AI provider. We do not operate servers that receive, store, or process your personal information.

2. What Data the Extension Accesses

The MyYaad browser extension accesses the following data types locally on your device:

  • Text you type into AI chatbot input fields (ChatGPT, Claude, Gemini, DeepSeek, and other supported providers) — to detect personal information that matches your vault entries and replace it with privacy-protecting shadow values before the prompt is sent.
  • AI chatbot response text — to detect shadow values in the response and restore them to your real values in the browser display only.
  • Browsing activity on supported AI chatbot sites only — limited to the specific domains where shadow protection is active (chat.openai.com, chatgpt.com, claude.ai, chat.deepseek.com, and gemini.google.com). We do not monitor general browsing activity.

3. How Data Is Processed

All data processing happens entirely on your local device:

  • The browser extension communicates exclusively with the MyYaad desktop application running on your computer via localhost (127.0.0.1:3000). This is a loopback connection that never touches the internet.
  • The extension uses event delegation on the document body (capture phase) to detect when you submit a prompt. It captures the submit action (click or Enter key) on chatbot input fields only.
  • The extension uses DOM mutation observers to: (a) detect when the chatbot input field appears on the page and inject the MyYaad shield icon, and (b) watch for new AI assistant responses to perform de-shadowing (restoring real values in the displayed response).
  • Your vault entries (names, employers, salaries, dates, etc.) are stored as Markdown and JSON files in a local folder on your device (~/.myyaad/vault/). They are never uploaded to our servers.
  • Shadow mappings (the lookup table between real values and shadow values) are generated locally using cryptographic functions and stored locally.
  • Provider-specific salts (used to generate different shadows per AI provider) are stored in your operating system's secure keychain (macOS Keychain, Windows Credential Manager, or Linux Secret Service).

4. What Data We Collect

We collect no personal data. Specifically:

  • We do not collect, transmit, or store your vault entries, shadow mappings, prompts, AI responses, or browsing history.
  • We do not operate servers that receive your data.
  • We do not use analytics that track individual user behaviour.
  • We do not sell, share, or transfer any user data to third parties.

We have no telemetry, analytics, or tracking code in the extension.

5. Third-Party Services

The extension facilitates your use of third-party AI chatbot services (OpenAI, Anthropic, Google, DeepSeek, etc.). When you submit a prompt through a chatbot with MyYaad active, the AI provider receives only the shadow-protected version of your text. Your real personal information is never sent to these providers.

Each AI provider has its own privacy policy governing how they handle the (shadowed) prompts you send them. MyYaad does not control these third-party services.

The extension or desktop application may contain links to external websites such as buymeacoffee.com (for optional support/donations). These links open in your default browser and are governed by the respective third-party's privacy policies.

6. Data Storage and Security

  • All user data is stored locally on your device in human-readable files you can inspect, edit, or delete at any time.
  • Cryptographic salts are stored in your OS-managed secure keychain.
  • The extension stores the following in Chrome's chrome.storage.local API: user preferences (e.g., protection enabled/disabled state), a daemon authentication token (used to authenticate localhost requests to the desktop daemon — never sent to any external server), and a master salt (a 32-byte cryptographic value used for provider-specific shadow generation). No personal data, vault entries, or shadow mappings are stored in browser storage.
  • Shadow mappings are held in memory during your browser session only.
  • No data is transmitted to any remote server operated by MyYaad.
  • The extension has no crypto library dependencies — the only cryptographic operation in the extension is generating a random salt via the browser's built-in crypto.getRandomValues API. All other cryptographic operations (shadow generation, provider salting, encryption) happen in the desktop daemon.

7. Your Rights and Controls

  • Access: Your vault is a folder of files on your computer. You can open it in any text editor.
  • Deletion: Delete any vault entry by deleting the file. Uninstalling the extension and desktop app removes all MyYaad data from your device.
  • Portability: Your vault files are standard Markdown and JSON — copy them anywhere.
  • Disable: You can pause shadow protection at any time from the extension popup without uninstalling.

8. Children's Privacy

MyYaad is not directed at children under 13. We do not knowingly collect data from children.

9. Changes to This Policy

We will update this policy if our data practices change. The “Last updated” date at the top reflects the most recent revision. Material changes will be communicated via the extension's update notes.

10. Contact

For questions about this privacy policy: