Privacy Policy

1. Overview: Zero-Trust Data Sanitization (ZTDS)

PrivacyScrubber ("we", "us", "our") operates strictly on a Zero-Trust Architecture. We do not collect, store, transmit, or process any personal data you enter into the tool. All Data Loss Prevention (DLP) and PII masking happens exclusively in your browser's local memory. Cleartext data is discarded instantly upon refresh or closing the tab.

You can verify our absolute zero-server execution at any time by loading the tool, then enabling Airplane Mode — PrivacyScrubber continues to function perfectly with no network connection. Full technical verification instructions are available in our Security Center.

2. Data We Do Not Collect

• Text or documents (PDF, DOCX) you paste or upload
• Names, emails, phone numbers, or any PII detected by our local engine
• IP addresses or browser fingerprints (beyond standard CDN routing)
• Cookies (we set absolutely zero tracking cookies)
• Session mapping tokens

3. TEAMS Shared Sessions & Encryption

If you use the TEAMS tier to export a .pssession file to share with colleagues:

• The exported file is encrypted locally in your browser using AES-256-GCM.
• The encryption key is generated exclusively from the passphrase you provide via PBKDF2 (600,000 iterations).
• We never see your passphrase, and we cannot recover it. The encrypted payload never touches our servers. Your organization maintains 100% cryptographic sovereignty over shared sessions.

4. Chrome Extension Privacy

The PrivacyScrubber Chrome Extension follows a strict Least Privilege permission model:

• Text you choose to scrub via the right-click menu is stored temporarily in chrome.storage.session — which clears automatically when the browser closes.
• No PII is ever written to chrome.storage.local, chrome.storage.sync, or any remote endpoint.
• The extension declares host_permissions: [] — it has no declared access to any website's content.
• The extension makes zero outbound network requests except to download offline model definitions.

5. Payment Data (PRO / TEAMS Billing)

License payments are processed directly via PayPal. PrivacyScrubber never receives, logs, or stores your credit card details. PayPal's Privacy Policy governs all payment data operations: paypal.com/privacy.

6. Third-Party Services

The following third-party services are loaded on this site. None of them receive the text you process:

• Google Fonts — typography (fonts.googleapis.com)
• Tailwind CSS CDN — styling
• Font Awesome CDN — icons
• Mammoth.js, pdf.js, Tesseract.js CDNs — local document parsing (WASM, no data sent)
• PayPal SDK — loaded only when you open the PRO payment modal
• Vercel Analytics — anonymous page-load performance metrics only (no PII, no cookies)
• Vercel — hosting (server-level access logs per Vercel's policy)

7. Cookies

PrivacyScrubber does not use cookies. We do not use analytics cookies, tracking pixels, or persistent identifiers. Third-party CDN providers may set their own cookies subject to their policies.

8. Data Controller (GDPR Art. 13)

Because PrivacyScrubber processes no personal data from its users, no formal controller–processor relationship exists under GDPR. However, for transparency, the service is operated by:

• Operator: PrivacyScrubber
• Contact: support@privacyscrubber.com
• Jurisdiction: International (no EU establishment; GDPR Art. 3(2) applies where relevant)

Because we collect no personal data, there is nothing to access, correct, export, or delete under GDPR or CCPA. All data subject rights requests can be directed to the email above.