Privacy Policy

1. What the Extension does

The Extension intercepts prompts typed into supported AI tools (such as ChatGPT, Claude, and Gemini) in your browser. Before a prompt is submitted to the AI provider, the Extension checks it against your organisation's AI governance policies managed by the AI Tower platform. Depending on the policy outcome, the prompt is allowed, blocked, or held for approval.

2. Data collected by the Extension

The Extension processes the following data:

• Prompt text — the text you type into a supported AI tool, intercepted locally in your browser before submission. Prompt text is sent to the AI Tower platform API solely to evaluate governance policies (risk classification, sensitive-data detection, policy matching). It is not stored server-side unless your organisation has enabled the audit trail feature and you are signed in.
• Governance decisions — the outcome of the policy evaluation (ALLOW, BLOCK, REQUIRE_APPROVAL) together with the rule that triggered it. These are stored as audit events attributed to your authenticated user account when audit is enabled.
• Session token — a short-lived authentication token that identifies your user account within your organisation's AI Tower tenant. This token is stored in browser extension storage and is used only to authenticate requests to the AI Tower API.
• Domain and use-case context — the hostname of the AI tool you are using (e.g.chat.openai.com) is used to look up the applicable governance policy. No browsing history outside supported AI tool domains is accessed.

3. What is NOT collected

• Browsing history on non-AI-tool domains
• Passwords or credentials
• AI model responses or outputs
• Personal data outside of what you type into a supported AI tool
• Any data from pages not matching the Extension's supported AI tool list

4. How data is used

Data is used exclusively for the following purposes:

• Policy enforcement — evaluating prompts against your organisation's AI governance policies in real time.
• Audit trail — when enabled by your organisation, recording governance decisions so administrators can review AI usage and compliance posture.
• Security and operations — detecting abuse, diagnosing errors, and operating the AI Tower platform securely.

AI Tower does not sell your data, use it to train third-party AI models, or use it for advertising.

5. Data retention

Audit events (governance decisions) are retained for as long as your organisation's AI Tower subscription is active, or as configured by your organisation's administrator. When a subscription is cancelled, data is deleted in accordance with the customer agreement.

Prompt text that is evaluated but not stored (i.e. when audit trail is disabled) is not persisted beyond the duration of the policy evaluation request.

6. Data sharing

Data is processed by AI Tower on behalf of your employer (the subscribing organisation). Your organisation is the data controller; AI Tower acts as a data processor. AI Tower does not share your data with third parties except as required to operate the service (e.g. cloud infrastructure) or as required by law.

7. Your rights

Depending on your jurisdiction, you may have rights to access, correct, or delete personal data processed about you. Because the Extension is deployed by your employer, requests relating to your audit data should first be directed to your organisation's AI Tower administrator. You may also contact AI Tower directly using the details below.

8. Security

All communication between the Extension and the AI Tower API uses HTTPS. Session tokens are stored in browser extension storage (not accessible to web pages) and are short-lived. Sensitive configuration is encrypted at rest.

9. Changes to this policy

We may update this policy as the Extension evolves. Material changes will be communicated via the AI Tower platform or the Chrome Web Store listing. Continued use of the Extension after a policy update constitutes acceptance of the revised policy.

10. Contact

For privacy questions or data requests, contact AI Tower at: privacy@aitower.no

See also: Terms of Service · Support