KoraSafe Chrome Extension Privacy Policy
This policy explains how the KoraSafe Chrome Extension processes data when you use it to detect shadow AI activity, scan prompts for sensitive data, and apply organization governance policies in the browser.
1. Data processed locally
The extension evaluates supported AI chat pages in the browser to identify policy-relevant activity. Prompt text may be scanned locally for configured sensitive-data patterns such as email addresses, phone numbers, account identifiers, health identifiers, or custom organization rules.
Local scanning is used to show warnings, redactions, blocks, or policy notices before content is submitted to an AI service.
2. Data sent to KoraSafe
If you sign in with a KoraSafe organization account and enable cloud sync, the extension may send governance events to KoraSafe. Events can include page domain, event type, policy match labels, severity, timestamps, extension version, and other evidence needed for audit and governance review.
KoraSafe does not sell extension data. Raw prompt content is not sent as part of ordinary governance event reporting unless your organization explicitly configures a workflow that requires content capture.
3. Authentication and settings
The extension stores the API key in Chrome session storage so it is cleared when the browser session ends. Non-sensitive preferences, such as API URL and enabled state, may be stored using Chrome sync storage.
4. Permissions
The extension uses Chrome permissions to operate only on supported AI surfaces, refresh organization policy configuration, store local preferences, show the side panel, and observe supported AI API requests in read-only mode. The extension does not modify network requests.
5. Retention
Local session data is cleared by Chrome according to browser session behavior. Governance events sent to KoraSafe are retained according to your organization's KoraSafe retention settings and the main KoraSafe privacy policy.
6. Your choices
- You can pause monitoring from the extension UI.
- You can remove the API key by closing the browser session or clearing extension storage.
- You can uninstall the extension from Chrome at any time.
- Organization administrators can configure policy behavior in KoraSafe.
7. Contact
For privacy questions or requests, contact KoraSafe at Contact-us@korasafe.ai.
For the platform-wide policy, see KoraSafe Privacy Policy.
Last updated: June 17, 2026