Five promises Ai Notice can actually keep. They are not marketing language — they are technical constraints enforced in how the extension is built.
All scanning happens in your browser. No file content is sent to any server. The analysis pipeline has no external dependencies.
No usage data, analytics, or behavioral metrics are collected. There are no analytics libraries or telemetry SDKs in the extension.
File contents are never logged, stored, or transmitted. Each scan runs in browser memory and is discarded when you dismiss the notice.
Detection uses structured heuristics, not model inference. The same document produces the same result — consistent and auditable.
You always have final authority to proceed or cancel. Every notice is a pause, not a stop.
Extension permissions
Minimal privilege — only what's strictly necessary.
| Permission | Reason |
|---|---|
activeTab |
Required for content script injection on AI platform tabs only |
storage |
Required for local audit log and license token storage |
Content script matches |
Limited to chatgpt.com, claude.ai, copilot.microsoft.com, gemini.google.com |
- webRequest / webRequestBlocking — no network interception capability
- identity, cookies, history, or bookmarks
- Broad or wildcard host permissions
- Clipboard access beyond paste interception
Attack surface analysis
Every potential vector and its mitigation.
| Attack vector | Mitigation | Residual risk |
|---|---|---|
| Network exfiltration | No network permissions for content transmission. Manifest restricts host access to monitored AI domains only. | Negligible |
| Malicious file parsing | Text extraction uses size caps, timeouts, and graceful degradation for oversized or malformed files. | Low |
| Regex denial-of-service | Detection patterns reviewed for catastrophic backtracking. Runtime match count limits enforced. | Low |
| Extension compromise | Minimal dependency surface. No remote code loading. | Standard |
| License tampering | Ed25519 cryptographic signatures. Tampering degrades to community mode — core protection preserved. | Negligible |
| Audit log manipulation | Local storage only. Metadata-only schema limits exposure if compromised. | Low |
Known limitations
Disclosed transparently. Not omissions — intentional honesty.
Extracted text is not explicitly zeroed after scanning — it relies on JavaScript garbage collection. No path exists for this data to be persisted or transmitted.
Heuristic detection is best-effort. It does not guarantee detection of all sensitive content and may produce false positives or false negatives.
Password-protected PDFs or encrypted archives cannot be scanned. The extension degrades gracefully and informs the user.
Files Ai Notice cannot parse — such as spreadsheets, images, or ZIP archives — are passed through without scanning. Users are not currently warned when a file type was skipped.
If you've discovered a security issue, please report it responsibly.
[email protected]Each item below can be independently verified by your security or privacy team. Ai Notice's architecture makes these checks straightforward.
Need the full security & privacy assessment guide?
We have a detailed auditor-facing document covering GDPR alignment, DPIA risk profile, and extended technical verification steps.
Request the assessment guide