PII Shield LogoPII Shield
Legal

Privacy Policy

Effective Date: March 8, 2026

PII Shield is owned and operated by Vervian Inc.

Privacy first. At PII Shield, we take your privacy seriously. This policy outlines how we collect, use, and safeguard your data.

1. Overview

PII Shield is a Chrome browser extension that protects your privacy when communicating with AI agents. It intercepts outgoing messages, detects personally identifiable information (PII), and gives you the opportunity to redact that data before it is transmitted. This Privacy Policy explains what data is collected, how it is used, where it is stored, and with whom it is shared.

2. Data We Collect

When you use PII Shield, the extension may access and process the following categories of personal and sensitive information within the content of your messages:

Message Content (for Detection)

  • Full names
  • Email addresses
  • Phone numbers
  • Credit card and financial data
  • Government-issued identification numbers (e.g., Social Insurance Numbers, passport numbers)
  • Health and medical information
  • Physical addresses and location data

This data is accessed solely for the purpose of detecting and flagging personal information before transmission. The extension does not collect browsing history, credentials, or any data unrelated to the messages you are actively composing and sending to AI agents.

Account Information

Your name, email address, and payment details (via Stripe) when you register or subscribe.

Usage Metadata

Counts of detections and redactions, aggregated per account, for reporting purposes.

3. How We Handle Your Data

When personal information is detected in a message, the following process occurs:

  • The extension intercepts the outgoing message and presents you with a prompt to review and optionally redact identified personal information.
  • If you choose to redact, the personal information is replaced with anonymized placeholders before the message is sent.
  • If you choose not to redact, the original message content is transmitted as-is.

API-Based Detection

In order to detect personal information accurately, message content is sent to our secure backend API for processing. This transmission occurs over encrypted HTTPS connections. Our backend applies AI-based analysis to identify personal information within the message text.

No Permanent Message Storage

We do not permanently store the content of your messages. Message content is processed transiently for detection and is not retained on our servers after processing is complete. No message logs or personal information databases are maintained.

4. Data Storage

Backend Infrastructure

All backend infrastructure used by PII Shield is hosted exclusively in Canada on Canadian servers.

AI Processing

AI processing is performed through a secure, private instance of Microsoft Azure, also located within Canada.

Any extension settings or user preferences are stored locally in your browser using Chrome's standard storage APIs and remain on your device.

5. Data Sharing

We do not sell, rent, or trade your personal data to third parties. Message content processed by PII Shield is shared only as follows:

Our Backend API (Canadian-Hosted)

Receives message content for analysis. Content is processed transiently and not retained.

Microsoft Azure AI (Canadian Region)

Used as the AI processing layer within our secure infrastructure. Azure processes data under strict data processing agreements and does not use your data to train its models.

Stripe Payment Processing

Stripe is used for secure payment processing. We never store your credit card information.

Important: No other third parties receive your message content or any personal information processed by this extension. We do not sell or share your personal information with third parties for marketing or advertising.

6. Optional Incident Content Capture

This section applies only if you enable “Incident Content Capture” in your team settings.

When a user bypasses a warning (i.e., chooses “Send Anyway”), your organization may optionally capture the intercepted content for compliance review. This feature is disabled by default.

Encryption Tiers

When content capture is enabled, your organization can choose between two encryption modes:

Standard Encryption

Content is encrypted using AES-256 on our servers. PII Shield personnel with appropriate access may be able to decrypt this data for technical support or legal compliance purposes.

Suitable for most organizations without healthcare data.

Zero-Knowledge Encryption

Content is encrypted in your browser before transmission using a passphrase only you control. PII Shield cannot decrypt this data under any circumstances.

Required for healthcare organizations (PHIPA, HIPAA) handling patient data.

Healthcare Organizations (PHIPA/HIPAA)

If your organization handles personal health information (PHI), we strongly recommend enabling Zero-Knowledge Encryption. This ensures that PII Shield acts solely as a data processor with no ability to access the content of intercepted messages — a requirement under many healthcare privacy regulations.

Passphrase Recovery (Zero-Knowledge Mode)

Important: When using Zero-Knowledge encryption, if you lose your encryption passphrase, all captured incident content is permanently unrecoverable. PII Shield does not have access to your passphrase and cannot assist in recovery. Please store your passphrase in a secure password manager.

7. How We Use Account Information

  • To manage subscriptions and billing via Stripe
  • To administer your account and team access
  • To send essential service updates (no spam or advertising)

8. Your Choices and Control

You are always in control of your data:

  • You can review any detected personal information before it is transmitted and choose to redact or allow it.
  • You can disable the extension at any time through Chrome's extension settings.
  • Uninstalling the extension removes all locally stored preferences and settings.

You may request access to, or deletion of, your account-related data at any time. Contact us at support@vervian.com for any data requests.

9. Data Security

We apply industry-standard security practices to protect all account and system data, including:

HTTPS Encryption

All data in transit is encrypted

Access Control

Protected admin tools and systems

Team Privacy

Role-based access management

10. Canadian Privacy Compliance

PII Shield is operated in compliance with applicable Canadian privacy legislation, including the Personal Information Protection and Electronic Documents Act (PIPEDA). All data processing and storage occurs within Canada. We collect only the minimum data necessary to provide the extension's core functionality.

11. Children's Privacy

PII Shield is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided personal information through our service, please contact us and we will promptly delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be reflected with an updated effective date. Continued use of the extension after changes are posted constitutes your acceptance of the updated policy. We encourage you to review this policy periodically.

13. Contact Information

If you have questions about this Privacy Policy, please contact us at:

Email: support@vervian.com

This privacy policy was prepared to comply with the Google Chrome Web Store Developer Program Policies.