This Privacy Policy describes how Cazimir ("we," "us," or "our") collects, uses, and protects information when you use the Cazimir browser extension (the "Extension").
1. Overview
Cazimir is a browser extension designed to protect your privacy by automatically detecting and redacting Personally Identifiable Information (PII) before it is sent to AI service providers. We are committed to transparency about how the Extension works and what data is processed.
2. What Information We Process
2.1 PII Detection
The Extension analyzes content you send to AI providers to detect the following types of PII:
Thai National ID Numbers: 13-digit identification numbers
Email Addresses: Standard email formats
Phone Numbers: Various international and Thai formats
Physical Addresses: Street addresses and location information
Personal Names: Thai and English names
Important: The Extension only processes this information locally in your browser. We DO NOT send PII to our servers or any third parties.
2.2 Redaction Process
When PII is detected, the Extension:
Replaces PII with placeholder tokens (e.g., [REDACTED_EMAIL], [REDACTED_PHONE])
Sends only the redacted version to AI service providers
Stores a local audit log of the redaction event (without storing the actual PII)
3. Data Storage
3.1 Local Storage Only
All data processed by the Extension is stored locally on your device using Chrome's storage API. Specifically:
Audit Logs: Records of when and what type of PII was redacted (without storing the actual PII values)
User Preferences: Your settings and configuration preferences
Session Data: Temporary data needed for redaction and restoration
3.2 What We DON'T Store
The actual PII values that are redacted
Your browsing history
Complete message contents
Personal identification beyond anonymous user IDs
4. Data Sharing and Third Parties
4.1 AI Service Providers
The Extension intercepts requests to the following AI service providers:
OpenAI (api.openai.com, chatgpt.com)
Anthropic (api.anthropic.com, claude.ai)
Google AI (generativelanguage.googleapis.com)
Cohere (api.cohere.ai)
Mistral AI (api.mistral.ai)
What we send: Only redacted content (with PII replaced by placeholders) is sent to these services. The original PII never leaves your device to these providers.
4.2 No Data Collection by Us
We do not operate any backend servers that collect, store, or process your data. All processing happens locally in your browser.
5. Permissions Explained
The Extension requires the following Chrome permissions:
5.1 Required Permissions
storage: To save audit logs and user preferences locally on your device
tabs: To open the audit dashboard in a new tab
webRequest: To intercept and modify requests to AI providers before they are sent
5.2 Host Permissions
The Extension requests access to specific AI provider domains to intercept and redact PII in requests. These permissions are limited to:
api.openai.com
chatgpt.com
api.anthropic.com
claude.ai
generativelanguage.googleapis.com
api.cohere.ai
api.mistral.ai
6. Audit Dashboard
The Extension includes a local audit dashboard that displays:
Timestamps of redaction events
Types of PII detected (e.g., "email", "phone")
Which AI provider the request was sent to
Redaction success/failure status
Privacy Note: The audit dashboard does NOT display the actual PII values, only the types and counts of redactions performed.
7. Hallucination Detection
The Extension includes an optional hallucination detection feature that validates URLs in AI responses. When enabled:
URLs in AI responses are checked for validity
Warnings are displayed for potentially fake citations
This feature does not send your data to any external servers beyond standard URL validation
8. Your Rights and Choices
8.1 Data Access and Deletion
You have full control over your data:
View Data: Access all stored audit logs through the Extension's dashboard
Delete Data: Clear all audit logs and stored data through the dashboard or by uninstalling the Extension
Export Data: Export audit logs as CSV files for your records
8.2 Disable the Extension
You can disable or uninstall the Extension at any time through Chrome's extension management page. Uninstalling will permanently delete all locally stored data.
9. Security
We implement the following security measures:
Local Processing: All PII detection and redaction happens locally in your browser
No External Transmission: PII is never transmitted to our servers
Secure Storage: Chrome's storage API provides encrypted storage on your device
Manifest V3: Built using Chrome's latest, most secure extension framework
10. Children's Privacy
The Extension is not intended for use by children under the age of 13. We do not knowingly collect information from children under 13.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we do:
The "Last Updated" date at the top will be revised
Significant changes will be communicated through the Extension's update notes
Continued use of the Extension after changes constitutes acceptance of the updated policy
12. Compliance
The Extension is designed with privacy regulations in mind, including:
GDPR: Compliant with EU data protection requirements
PDPA: Aligned with Thailand's Personal Data Protection Act
Local Processing: All processing occurs on your device, minimizing data protection concerns
13. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or the Extension's data practices, please contact us at: