What stays on your machine.

Catches sensitive stuff before you send it.

Redactopia is a browser extension. It notices things you probably didn't mean to paste into an AI chat (API keys, passwords, email addresses, database strings) and pauses the send so you can redact, edit, or send anyway.

Your prompts. Your findings. Your history.

None of this is collected by Redactopia or sent anywhere by Redactopia:

• Prompt text
• Detected findings (the matches the scanner produces)
• Redacted versions
• Prompt history
• Browsing history
• Clipboard contents (Redactopia can write redacted text to your clipboard via the Web Clipboard API from your click, but never reads from the clipboard)
• Personal identifiers (name, email, account ID, device fingerprint)
• Usage analytics or behavior tracking

We don't run any server that receives your prompts, findings, or redacted text. There's nothing on our end to inspect that content, share it, or sell it.

What's kept in your browser.

The following data is stored locally in your browser's extension storage. Redactopia does not transmit it to us, and we do not operate a server that receives or stores it.

• Your settings. The on/off state of each protection, each detection category, the Visual Redactor master toggle.
• Your custom patterns. The name, the regex source, the severity, and whether the pattern is enabled. No matched text — just the rules you wrote.
• Your custom AI sites. The hostnames you added, the labels you gave them, and (if you calibrated the send button on any of them) the selector you pinned, plus a small note on whether that calibration still resolves on the page.
• Your per-site detection rules. When you customize detection for a specific AI site (Pro), the rules for that site — which categories and custom patterns it uses. Just the configuration, no prompt content. Per-site rules stay only on this device; they aren’t part of the optional sync.
• Your visual redactors. See the next section for details — text redactions may store a copy of the selected text locally.
• Small UI preferences. Which cards you've collapsed, whether you've dismissed the welcome card, the click-through preference on redaction overlays.
• Usage statistics. An aggregate count of total scans run, total findings caught, and the date of your first scan. No prompt content or finding details are stored — only the numbers.

There's also one transient slot in chrome.storage.session used to hand off prompt text from a warning modal to the side panel. It's cleared on read and doesn't persist across browser sessions.

Clearing local data

You can clear individual items at any time — the × on a Custom AI site row, the trash icon on a custom pattern, the Clear all button in the Visual Redactor popover. Turning off the Visual Redactor master toggle clears every stored redaction on every site you'd granted access to.

Optional sync across your devices. By default, everything above stays only on the device where you created it. Redactopia includes an optional Sync toggle — off unless you turn it on — that mirrors just three things (your custom patterns, your custom AI site list, and your detection on/off preferences) to your other devices using your browser's own built-in sync, the same encrypted channel your bookmarks already use. When it's on, that data travels through your own Google or Microsoft account, never through a Redactopia server — we still never see it. Your prompts, findings, redacted text, and anything on the pages you visit are never synced and never leave your browser. Leave the toggle off and nothing syncs at all.

Uninstalling the extension removes Redactopia's local storage. Content you copied elsewhere, pasted into another service, saved in screenshots, or left on your clipboard is outside Redactopia's control.

Where selected text is stored locally.

The Visual Redactor is opt-in. When you turn it on, you're enabling Redactopia to do three kinds of redactions: clicking an element, dragging across text, or dragging a rectangle (area). Each kind stores a small record locally so the redaction can come back when the page reloads.

What gets stored, by redaction type

• Element redactions. A CSS selector for the element, the bounds at create time, and the density setting.
• Text redactions. A small block of selected text — the exact text you redacted, plus a short snippet of the surrounding text — so Redactopia can find the same text again after reload. This text is not sent to Redactopia, but it may remain in your browser's local extension storage until you delete the redaction, clear all visual redactors, turn off the tool, or uninstall the extension.
• Area (screenshot) redactions. The rectangle's position and size on the page, plus the density setting. The screenshot itself is processed locally — Redactopia doesn't transmit it.

Redactions are scoped per page (origin + path). Each redaction has a trash icon for individual removal; the dock's Clear button removes all redactions on the current page; the Visual Redactor popover's Clear all stored redactions option removes them across every site you'd used it on. Turning the tool off clears all stored redaction records and revokes the broad permission, unless you have active Custom AI sites, in which case the permission is kept so their chat protection keeps working.

A small set, each tied to a feature.

Redactopia requests a focused list of browser permissions. Each one has a specific purpose tied to a specific feature. The extension is built on Manifest V3, the current extension platform standard for both Chrome and Edge.

About the optional <all_urls> permission

This permission can look broad, so here's exactly what it does. It covers two things: the browser screenshot capability the Visual Redactor's area picker needs, and the chat-protection adapter that runs on Custom AI sites you add. It is requested only when you turn on the Visual Redactor. When you turn the Visual Redactor off, it is revoked, unless you have active Custom AI sites, in which case it stays so those sites' protection keeps working. It is revoked fully once the Visual Redactor is off and no Custom AI sites are active.

About browser permission memory

Chromium-based browsers (Chrome and Edge) remember earlier consent. If you turn the Visual Redactor off and on again, the permission prompt may not reappear; your browser silently re-grants based on your earlier choice. This is a Chromium behavior, not something Redactopia controls. To force a fresh prompt or fully revoke access, manage Redactopia from chrome://extensions or edge://extensions → Site access.

What Redactopia never requests

For the record: tabs, webNavigation, webRequest, declarativeNetRequest, clipboardRead, clipboardWrite, cookies, history, identity, notifications.

One optional request, only for Pro.

The part of Redactopia that runs on AI sites and web pages — the scanner, the warning modal, the Visual Redactor — makes zero network requests. Your prompts, findings, redacted text, and anything on the pages you visit never leave your browser. No third-party SDKs, no ad code, no remote-fetch scripts. You can confirm it in your browser's network panel.

There is exactly one exception, and it only happens if you buy Pro:

• Activating a Pro license. When you enter a license key, the extension sends the key to LemonSqueezy — our payment and licensing provider — to confirm it's valid. The extension re-checks about once a day to confirm the license is still active. There is no Redactopia server: free previews of the Pro tools, like everything else, run entirely in your browser.

That's the whole list of requests the extension itself makes. No prompt text, no findings, no page content, and no personal information is ever sent in that request. And if you never enter a license key, Redactopia makes no network requests at all — the free experience is exactly as local as it has always been.

Separately, if you turn on the optional Sync toggle, your browser (not Redactopia, and not via any request the extension makes) syncs your custom patterns and site list through your own browser account — see Local storage above. Prompts, findings, and page content are never part of it.

Payments are handled entirely by LemonSqueezy, acting as Merchant of Record. Redactopia never sees or stores your card details. LemonSqueezy collects the billing information it needs to process the purchase under its own privacy policy.

Where Redactopia's scope ends.

Redactopia does not send your prompts, findings, or redacted text to us. Any AI service, website, chat app, document editor, or other third-party service you choose to submit content to handles that content under its own terms and privacy policy. Redactopia cannot control how those services process, store, review, or use content you submit to them.

The redacted versions you produce in Redactopia are yours. What happens after you click send is between you and the destination.

Not directed to children under 13.

Redactopia is not directed to children under 13, and we do not knowingly collect personal information from children under 13.

Because Redactopia has no accounts and collects no personal information, we don't collect age information either. If you believe a child has provided personal information, contact us and we'll review.

Nothing to request — because nothing's held.

Redactopia collects no personal data on our end — no accounts, no analytics, no identifiers tied to you, and no Redactopia server that stores anything about you. There's nothing personal for us to access, delete, or export. You control everything directly through the extension. Uninstalling it removes everything Redactopia stored in your browser.

If you bought Pro, your payment and license records are held by LemonSqueezy, our payment provider. To access or delete those, contact us or LemonSqueezy and we'll help — they're governed by LemonSqueezy's own privacy policy.

Because Redactopia itself holds no personal data, its local-only design keeps it largely outside the personal-data scope of GDPR, CCPA, and similar regulations. If that ever changes, this policy will be updated before the change takes effect.

If anything changes, this page changes first.

If Redactopia's privacy behavior changes in a meaningful way, we will update this policy before that change takes effect. For example, if a future version adds accounts, analytics, telemetry, remote scanning, or any collection of your prompt content, this policy will be updated to explain what changed. The "Last updated" date at the top of this page reflects the most recent revision.

Questions or concerns.

Write to support@redactopia.com. Please don't include passwords, API keys, or sensitive prompts in your message — those shouldn't be in plaintext anywhere they don't need to be.