PII Shield LogoPII Shield
Install Extension
PII Shield

PII Shield – Privacy Policy

Effective Date: February 6, 2026

PRIVACY FIRST. At PII Shield, we take your privacy seriously. This policy outlines how we collect, use, and safeguard your data.

PII Shield is owned and operated by Vervian Inc.

1. What We Collect

We collect only the minimum data necessary to operate our service:

Account Information

Your name, email address, and payment details (via Stripe) when you register or subscribe.

Usage Metadata

Counts of PI detections and redactions, aggregated per account, for reporting purposes.

2. What We Do NOT Collect or Store

Privacy First: We do not collect, store, or transmit any of the following:

  • PI content identified by our system
  • User queries or prompts submitted to any AI tools
  • Text or form content processed via the Chrome extension

All redaction and detection is performed locally in your browser.
No sensitive user content ever leaves your device.

2.5 Optional Incident Content Capture

⚠️ This section applies only if you enable "Incident Content Capture" in your team settings.

When a user bypasses a PI warning (i.e., chooses "Send Anyway"), your organization may optionally capture the intercepted content for compliance review. This feature is disabled by default.

Encryption Tiers

When content capture is enabled, your organization can choose between two encryption modes:

Standard Encryption

Content is encrypted using AES-256 on our servers. PII Shield personnel with appropriate access may be able to decrypt this data for technical support or legal compliance purposes.

Suitable for most organizations without healthcare data.

🔒 Zero-Knowledge Encryption

Content is encrypted in your browser before transmission using a passphrase only you control. PII Shield cannot decrypt this data under any circumstances.

Required for healthcare organizations (PHIPA, HIPAA) handling patient data.

Healthcare Organizations (PHIPA/HIPAA)

If your organization handles personal health information (PHI), we strongly recommend enabling Zero-Knowledge Encryption. This ensures that PII Shield acts solely as a data processor with no ability to access the content of intercepted messages—a requirement under many healthcare privacy regulations.

Passphrase Recovery (Zero-Knowledge Mode)

Important: When using Zero-Knowledge encryption, if you lose your encryption passphrase, all captured incident content is permanently unrecoverable. PII Shield does not have access to your passphrase and cannot assist in recovery. Please store your passphrase in a secure password manager.

3. How We Use Account Information

  • To manage subscriptions and billing via Stripe
  • To administer your account and team access
  • To send essential service updates (no spam or advertising)

Important: We do not sell or share your personal information with third parties for marketing or advertising.

4. Third-Party Services

Stripe Payment Processing

Stripe is used for secure payment processing. We never store your credit card information.

Analytics

We may use analytics (e.g., for subscription status or feature usage) but not tied to your content or queries.

5. Your Rights

You may request access to, or deletion of, your account-related data at any time. Contact us at jlist@vervian.com for any data requests.

6. Data Security

We apply industry-standard security practices to protect all account and system data, including:

HTTPS Encryption

All data in transit is encrypted

Access Control

Protected admin tools and systems

Team Privacy

Role-based access management

7. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Effective Date” at the top.

8. Contact Information

If you have questions about this Privacy Policy, please contact us at:

Email: jlist@vervian.com