Privacy Policy

Effective date: 25 March 2026 · Last updated: 25 March 2026

1. Introduction

MyYaad is a privacy-first personal data protection tool comprising two components: a desktop application and a browser extension. Together, they form a local protection layer that ensures your sensitive information never leaves your device in its original form.

The desktop application stores your encrypted vault of personal data entries, runs the Shadow Engine that generates provider-specific fake (“shadow”) values, and performs all cryptographic operations locally on your device.

The browser extension intercepts prompts you type on supported AI chatbot sites (ChatGPT, Claude, Gemini, DeepSeek), communicates with the desktop application via localhost (127.0.0.1) to replace real values with shadow values before the prompt is sent, and restores shadow values back to real values when they appear in AI responses — in your browser display only.

Our core principle: your data never leaves your device in its original form. Only shadow (fake) values are ever sent to AI providers. Each AI provider receives mathematically different shadow values, preventing cross-provider correlation even in breach scenarios.

Auxilio Technologies LLC (“we”, “us”, “our”), trading as MyYaad, operates this software. Auxilio Technologies LLC is registered in the State of Colorado, United States.

2. What Data the Software Accesses (Locally)

Desktop Application

The MyYaad desktop application accesses the following data locally on your device:

  • Vault entries (names, emails, companies, dates, financial data, health data, and other personal information you choose to store) — stored as Markdown+JSON files in ~/.myyaad/vault/.
  • Provider-specific cryptographic salts — stored in your OS secure keychain (macOS Keychain, Windows Credential Manager, Linux Secret Service).
  • Shadow mappings — generated locally using cryptographic functions, stored locally.
  • Documents you choose to parse (PDF, Word, Excel) — parsed locally, text extracted for prompt context. Files are never uploaded anywhere.
  • FTS5 search index — a local search index derived from vault files, rebuildable at any time.
  • Tamper-evident audit log — an append-only, hash-chained log stored locally on your device.

Browser Extension

The MyYaad browser extension accesses the following data locally on your device:

  • Text you type into AI chatbot input fields on supported sites only (ChatGPT, Claude, Gemini, DeepSeek) — to detect vault matches and replace them with shadow values before the prompt is sent.
  • AI chatbot response text — to detect shadow values and restore real values in your browser display only.
  • Browsing activity on supported AI chatbot sites only — limited to specific domains (chat.openai.com, chatgpt.com, claude.ai, chat.deepseek.com, gemini.google.com). We do not monitor general browsing activity.
  • Extension preferences in chrome.storage.local: protection toggle state, daemon auth token (used for localhost communication only — never sent externally), and master salt for shadow generation. No personal data, vault entries, or shadow mappings are stored in browser storage.

3. How Data Is Processed

All processing happens entirely on your local device.

  • The browser extension communicates exclusively with the MyYaad desktop application via localhost (127.0.0.1). This is a loopback connection that never touches the internet.
  • The extension uses event delegation to detect prompt submission on chatbot input fields.
  • The extension uses DOM mutation observers to inject the MyYaad shield icon and watch for new AI assistant responses to perform de-shadowing (restoring real values in the displayed response).
  • Shadow values are generated using provider-specific cryptographic salting — each AI provider receives mathematically different shadow values, preventing cross-provider correlation.
  • Document parsing (PDF, Word, Excel) happens locally in the desktop application — the file never leaves your device.

4. What Data We Collect

We collect no personal data. Specifically:

  • We do not collect, transmit, or store your vault entries, shadow mappings, prompts, AI responses, documents, or browsing history.
  • We do not operate servers that receive personal data.
  • We do not use analytics, telemetry, or tracking code.
  • We do not sell, share, or transfer any user data to third parties.
  • We have no ability to access, view, or recover your vault data. It exists only on your device.

5. User Control and Responsibility

You are in full control of your data at all times. MyYaad provides tools to protect your personal information, but the decision to use AI chatbots — and what information to include in your prompts — is yours alone.

  • We do not own, control, or have access to your data. Vault data, shadow mappings, cryptographic keys, documents, and audit logs reside exclusively on your device. We cannot access them remotely.
  • You are responsible for your interactions with AI providers. Each AI provider has its own Terms of Service and privacy policy. MyYaad reduces the personal information present in your prompts, but we cannot guarantee completeness or effectiveness in all scenarios.
  • We are not liable for data processed by AI providers. Shadow values are designed to be realistic but fake. We make no guarantees about how AI providers store, process, use, or retain data — shadowed or otherwise.
  • You are responsible for the security of your device. Vault data is encrypted and stored locally. Its security depends on your device, operating system, and keychain protection.
  • Backup responsibility is yours. We do not store copies of your data. If your device is lost, damaged, or wiped, your vault may be unrecoverable without your own backups.
  • Shadow protection is provided “as is.” We design the Shadow Engine to produce realistic, provider-isolated shadow values, but we do not warrant 100% effectiveness in all scenarios, with all AI providers, or against all methods of analysis.

6. Third-Party Services

MyYaad facilitates your use of third-party AI chatbot services (OpenAI/ChatGPT, Anthropic/Claude, Google/Gemini, DeepSeek). When you submit a prompt with MyYaad active, the AI provider receives only shadow-protected values. Your real personal information is not sent to these providers.

We are not affiliated with, endorsed by, or partnered with any AI provider. We have no relationship with, control over, or responsibility for these AI providers.

The software may contain links to external websites. These are governed by the respective third parties' privacy policies.

7. Data Storage and Security

  • All user data is stored locally on your device in human-readable files you can inspect, edit, or delete at any time.
  • Vault data is encrypted using AES-256-GCM.
  • Cryptographic salts are stored in your OS-managed secure keychain.
  • Shadow mappings are held in memory during your browser session only.
  • No data is transmitted to any remote server operated by Auxilio Technologies LLC.
  • The extension's only cryptographic operation is generating a random salt via the browser's built-in crypto.getRandomValues API. All other cryptographic operations happen in the desktop application.

8. Pro Tier and Cloud Sync (Future)

The free tier of MyYaad operates entirely locally with zero cloud communication.

A future Pro tier may offer optional end-to-end encrypted cloud sync. If offered, all data will be encrypted client-side using AES-256-GCM before leaving your device. The sync server would store only encrypted blobs that it cannot decrypt.

Cloud sync will always be opt-in. The free tier will always remain fully local.

This policy will be updated before any cloud features are released.

9. Children's Privacy

MyYaad is not directed at children under 13 (or under 16 in UK/EU jurisdictions). We do not knowingly collect data from children. Since we collect no data from any user, this risk is mitigated by architecture.

10. Your Rights (UK GDPR / GDPR)

  • Access: Your vault is a folder of files on your computer. You can open it in any text editor.
  • Deletion: Delete any vault entry by deleting the file. Uninstalling the extension and desktop app removes all MyYaad data from your device.
  • Portability: Your vault files are standard Markdown and JSON — copy them anywhere.
  • Disable: You can pause shadow protection at any time from the extension popup without uninstalling.

Because we do not collect, store, or process personal data on our servers, there is no data held by us to request access to, correct, or delete.

11. Google API Services User Data Policy

MyYaad's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, MyYaad:

  • Only uses permissions necessary for the extension's core privacy protection function
  • Does not transfer user data to third parties (no data leaves your device)
  • Does not use data for advertising, analytics, or profiling
  • Does not allow humans to read user data (all processing is local and automated)
  • Limits data use strictly to providing and improving the privacy protection features the user requested

12. Changes to This Policy

We will update this policy if our data practices change. The “Last updated” date at the top reflects the most recent revision. Material changes will be communicated via application update notes and our website.

13. Contact

For questions about this privacy policy: