This Privacy Policy describes how PrivacyScrubber ("we", "our") handles data. Unlike traditional SaaS applications, PrivacyScrubber is designed on the principle of Privacy by Architecture. We do not store, process, or transmit your sensitive data because we do not have an application backend to receive it.

1. Zero-Server Data Collection

PrivacyScrubber is a standalone client-side application. No text you paste, no files you upload, and no PII entities we detect ever leave your local machine or browser instance. All sanitization logic is executed locally using your device's CPU.

2. Cookies & Analytics

We use minimal cookies for essential site functionality. We utilize Vercel Analytics to understand aggregate, anonymized site traffic (e.g., page views, browser types). These analytics do not contain any PII from your scrubbing sessions and cannot be linked back to individual users' data inputs.

3. RAM-Only Session Storage

The "Session Map" (the key used to reverse-scrub and bring back original data) is held exclusively in your browser's volatile memory (RAM). We do not use persistent storage like localStorage or IndexedDB for sensitive mappings. This means:

• Data is permanently and irrecoverably lost when you refresh the page or close the browser tab.
• No trace of your original data remains on your disk after the session ends.
• Original values are never transmitted to any third-party AI provider; only the masked output is sent to your clipboard.

4. User Responsibilities

While PrivacyScrubber provides the tools for anonymization, users remain responsible for ensuring that the masked output satisfies their specific corporate or regulatory requirements before transmission to third-party AI platforms (like ChatGPT). We recommend a "Trust but Verify" approach: use our built-in highlight features to confirm all sensitive items have been correctly captured.