Privacy Policy

Effective 11 May 2026 · Last updated 11 May 2026

The short version Cairn Guard runs entirely in your browser. We don't operate a server that sees your prompts. We don't collect, store, sell, or share the content of any prompt, any detected match, or anything you type into ChatGPT, Claude, Gemini, or Copilot. The only things that leave your device are license-key activation requests to Lemon Squeezy (our payment processor) and an optional event-metadata record to our backend if you're on the Team plan — never prompt content.

1. Who we are

"Cairn Guard," "we," "us," and "our" refer to the Cairn Guard browser extension and its developer, a sole proprietorship based in Washington State, USA, doing business as Cairn at cairn.it.com.

Questions about this policy: hello@cairn.it.com.

2. What Cairn Guard processes locally

When you use a supported AI chat site (ChatGPT, Claude, Gemini, or Microsoft Copilot), Cairn Guard reads the text of your in-progress prompt in your browser in order to detect categories such as email addresses, phone numbers, credit-card numbers, government IDs, API keys, and similar sensitive data.

This processing happens entirely on your device using regular expressions, format validators, and contextual heuristics that ship with the extension. None of this content is sent anywhere, including to Cairn, to Anthropic, to OpenAI, or to any third party.

The detection rule set is open source and visible in the extension's source repository.

3. What is stored on your device

Settings (which categories are enabled, license key, license activation metadata). Stored using the browser's chrome.storage.local API on your device only.
Event counters — the total number of detection events, broken down by category and host (e.g., "12 detections on chatgpt.com today, 3 in the financial category"). Counters are numbers only; we never store the matched content. Used to populate the popup's stats view. Stored locally; cleared when you click "Reset stats" or uninstall the extension.

4. What leaves your device, and to whom

Lemon Squeezy (payment processor)

If you purchase a paid license, payment is handled entirely by Lemon Squeezy, who acts as the Merchant of Record. We never see your full payment card details. When you activate a license key in the extension, Cairn Guard sends an HTTPS request to api.lemonsqueezy.com containing:

Your license key
A device identifier we generate for this browser (a short string like "Cairn Guard · Chrome · MacIntel")

Lemon Squeezy's privacy practices are governed by their own privacy policy.

Team plan audit log (optional, Team plan only)

If you are on the Cairn Team plan, the extension reports event metadata to Cairn's backend so a designated admin in your organization can see when, where, and what category of detection happened — never the matched content. The metadata sent is the same as the local event counter described in section 3 (category and host, plus a timestamp and a member identifier).

If you are not on a Team plan, no such reports are ever made.

5. What we do not do

We do not sell, rent, or share your personal information with advertisers or data brokers.
We do not track your browsing across sites for advertising or analytics.
We do not embed third-party trackers, ad networks, or behavioral analytics in the extension.
We do not log the content of any prompt, anywhere, ever.
We do not transmit your prompts, your detection results, or any matched data to our servers or any third party.

6. Permissions the extension requests

Cairn Guard requests only the minimum permissions it needs:

storage — to persist your settings, stats, and license state locally on your device.
alarms — to schedule a weekly background re-check of license validity.
host permissions on chatgpt.com, chat.openai.com, claude.ai, gemini.google.com, and copilot.microsoft.com — to read your in-progress prompt for local detection and to insert the confirmation modal.

7. Children

Cairn Guard is not directed to children under 13 and does not knowingly collect personal information from children.

8. Your rights

Because Cairn Guard processes prompt content entirely on your device and we don't operate a backend that stores it, there is no "delete my data" request to send for your prompts — that data was never in our possession.

For licensing data held by Lemon Squeezy or Team-plan audit metadata, contact hello@cairn.it.com with your request and we'll process it within 30 days.

9. Security

The extension is signed and distributed through the Chrome Web Store. Detection logic is open source. We use HTTPS for all network calls (license activation, optional Team audit reporting).

10. Changes to this policy

If we change this policy materially, we'll update the "Last updated" date above and, for users on paid plans, send a notice via email.

11. Contact

Cairn (a Washington State sole proprietorship)
hello@cairn.it.com