# Privacy Policy — Prompt Injection Shield _Last updated: 2026-06-17_ Prompt Injection Shield is designed to protect you, and it is built to respect your privacy completely. ## What we collect **Nothing.** The extension does not collect, store, transmit, or sell any data. - It does **not** send page content anywhere. - It does **not** record your browsing history. - It does **not** use analytics, tracking, or telemetry. - It does **not** contain any third-party code or network requests. ## How it works All scanning happens **locally, in your browser**. When you open the popup or press **Rescan**, the extension analyzes the current page's DOM in memory and shows the results. Findings exist only for the current tab and are discarded when you navigate away or close the tab. No information ever leaves your device. ## Permissions | Permission | Why it's needed | |---|---| | `activeTab` | To read and scan the page of the tab you're actively using when you open the extension. | | Host access (content script) | The scanner must be able to run on whatever page you're viewing, since hidden injection content can appear on any site. It only reads the page locally. | The extension makes no network connections of any kind. ## Contact Questions about this policy can be directed to the project maintainer via the GitHub repository.