Rescriber — Privacy Policy

Effective date: 2026-04-25

Short version:

Rescriber detects personally identifiable information (PII) in your ChatGPT prompts so you can replace it with placeholders before sending. Detection runs entirely in your browser. We do not collect, transmit, sell, or share your prompts, your detected PII, or any analytics.

Who this policy covers

This policy describes how the Rescriber Chrome extension ("the extension") handles user data. It applies to the extension as published on the Chrome Web Store and the equivalent source code in this repository. Rescriber is an independent project and is not affiliated with, endorsed by, or sponsored by OpenAI.

What the extension does

When you visit chatgpt.com, the extension reads the text you have typed into the ChatGPT composer, runs a local PII-detection model on it, and shows you a panel where you can choose to replace detected items (names, emails, phone numbers, addresses, URLs, dates, account numbers, secrets) with placeholders. If you replace items and then send the message, the extension keeps a local mapping so that when ChatGPT echoes a placeholder back, the original value is shown to you in-place. You can disable the extension or clear the stored data at any time.

What we collect

Nothing is collected by the developer. The extension does not transmit your prompts, your detected PII, your placeholder mappings, or any usage analytics to the developer or to any third party.

What is stored locally on your device

The extension uses Chrome's built-in storage APIs to persist data on your computer. None of this data leaves your machine.

Stored in `chrome.storage.local` (this browser only)

piiToPlaceholder / placeholderToPii — per-conversation mappings between original PII text and the placeholder you chose, keyed by the ChatGPT conversation ID.
entityCounts — per-conversation counts used to generate placeholder labels (NAME1, NAME2, …).
actionHistory — a local log of replace/abstract actions you took, used to power the in-extension privacy dashboard.
abstractMappings — additional context used to render replaced text inside ChatGPT responses.

Stored in `chrome.storage.sync` (UI preferences only)

storage.sync is replicated by Chrome across the browsers where you are signed into the same Google account. Rescriber only uses it for non-sensitive UI preferences:

Whether the extension is enabled.
Privacy Filter settings: segmentation mode, aggregation strategy, score threshold.
The verbose-logging diagnostic flag.

Prompt content, detected PII, and placeholder mappings are never written to storage.sync.

Browser cache

The first time you use Privacy Filter, the browser downloads the openai/privacy-filter model files (configuration, tokenizer, ONNX weights, ~30–50 MB) from huggingface.co and stores them in the browser's normal HTTP cache so subsequent runs are offline-capable. These files are data, not executable code from a third party.

Network requests

The extension makes outbound network requests only to:

https://huggingface.co and https://*.huggingface.co — to fetch the openai/privacy-filter model artifacts referenced above. Hugging Face's privacy practices govern that request; their policy is at huggingface.co/privacy.

No prompt content, no detected PII, and no usage analytics are sent with these requests; only the standard HTTP request needed to retrieve the model files.

Permissions, and why each is needed

storage — to persist the local data described above.
offscreen — Chrome service workers cannot run WebGPU reliably, so the PII-detection model runs in an offscreen document.
clipboardRead / clipboardWrite — when you click ChatGPT's "Copy message" button, the extension reads what was copied and rewrites placeholders back to your original PII so the clipboard contains the values you actually want to paste.
Host access to huggingface.co — to download the detection model. The extension does not request access to any other website.
Content script on chatgpt.com — the composer, the message panel, and the placeholder restoration UI only need to run on ChatGPT pages.

Third parties

The extension does not use third-party analytics, advertising, or tracking SDKs. The only third-party service contacted is Hugging Face, solely to download the public openai/privacy-filter model on first use.

Sale or sharing of data

We do not sell, rent, or share any user data, because we do not collect any user data.

Your controls

Disable Rescriber at any time from the toolbar popup, or remove it from chrome://extensions.
From the extension's Options → View stored data page you can inspect, edit, and delete every piece of local storage Rescriber has written, individually or all at once.
Removing the extension from Chrome deletes its local storage as well.

Children

Rescriber is not directed to children under 13 and does not knowingly collect data from any user.

Compliance with Chrome Web Store policies

Rescriber's collection and use of any user data complies with the Chrome Web Store Limited Use requirements. Specifically, the extension does not transfer user data to third parties, does not use user data for advertising or to determine creditworthiness, and does not allow humans to read user data except as required for security or with the user's explicit consent.

Changes to this policy

Material changes will be reflected in the "Effective date" above and committed to the project's public repository. Continued use of the extension after a change indicates acceptance of the updated policy.

Contact

Questions about this policy or the extension's data handling can be directed to the developer at tia.li@northeastern.edu.