sigill.ai

Browser Extension Privacy Policy

What the Sigill browser extension collects, where it is stored, and what leaves your browser. This notice is written to match what the extension actually does, not the marketing version. If a claim here does not match the extension's behaviour, write to contact@sigill.ai and we will correct it. For the sigill.ai platform itself, see the main privacy policy.

ControllerSigill AS
Organisation number937 798 970
Registered officeArne Garborgs veg 21, 7071 Trondheim, Norway
Applies toSigill Browser Extension v0.5.0+
Versionv1.0
Effective2026-07-02

Summary

  • Your conversations never leave your browser. The extension reads your AI conversations on claude.ai, chatgpt.com and gemini.google.com and stores them in a local evidence log on your device. What is transmitted to Sigill is a SHA-256 hash — a fingerprint that identifies the content without revealing it — together with your API key for authentication.
  • Everything is local and user-controlled. The evidence log lives in your browser's extension storage. You can export it, and you can delete it at any time with one click. Uninstalling the extension removes everything it stored.
  • Nothing is sold or shared. No analytics, no tracking, no advertising identifiers, no third-party data transfers. The extension talks to exactly one service: api.sigill.ai.

What the extension collects

These are the categories we declare in the Chrome Web Store, with what each one actually means here:

  • Personal communications and website content. The text of your AI conversations (your prompts and the assistant's answers) on the three supported platforms, together with metadata the platforms themselves report: message IDs, conversation IDs, the model identifier, and completion status. Files you attach and files the AI generates are recorded as SHA-256 hashes plus filename, size and type — never their content. All of this is stored only in the local evidence log on your device.
  • Personally identifiable information. If you sign in on sigill.ai, the extension picks up your account email address and records it as the actor identity in your evidence records, so the records can attest who was at the keyboard. Without a connected account, a random per-device identifier is used instead and no email is collected.
  • Authentication information. Your Sigill API key, which you enter yourself. It is stored on the device (not synced) and sent only as an authorisation header to api.sigill.ai. When you are signed in on sigill.ai, the extension also reads its session token from that page — it is sent only back to api.sigill.ai, the service that issued it, to resolve your organisation name. The extension never reads credentials for any other site.
  • User activity (network monitoring). The extension works by observing the network responses that claude.ai, chatgpt.com and gemini.google.com send to your own browser — that is how it captures a conversation turn exactly as the platform produced it. Observation is read-only (requests and responses are never modified), is limited to those three sites, and the observed data goes nowhere except your local evidence log. The extension has no access to any other website you visit.

Exactly what leaves your browser

Each network call the extension makes, exhaustively:

  • Timestamping — a SHA-256 hash of the evidence record, a short label (platform name and a record identifier), and your API key, sent to api.sigill.ai. The conversation content itself is never sent.
  • Ledger anchoring — once per hour, the hash of the head of your local evidence chain, sent to api.sigill.ai for timestamping. Skipped when nothing new was recorded.
  • Sealing (explicit action) — when you click Seal log, a SHA-256 hash of your evidence bundle is sent to api.sigill.ai for signing. The bundle itself stays on your device; you receive a detached signature file back.
  • Identity sync — your sigill.ai session token, sent to api.sigill.ai to resolve your account's organisation.
  • Generated-file hashing — when you download a file the AI produced, the extension may fetch that same file once more from the AI platform's own download URL in order to hash it. The bytes are hashed in memory and discarded; nothing is sent to Sigill except the resulting hash inside the evidence record.

There are no analytics or telemetry calls of any kind. What api.sigill.ai stores server-side about timestamp operations (the hash, label, and operation metadata) is described in the main privacy policy.

Where data is stored, and for how long

  • The evidence log (conversation content, hashes, timestamp proofs) and your API key are stored in the extension's local storage on the device. They are not synced anywhere by the extension.
  • Your platform on/off switches and, if signed in, your account email and organisation are stored in the extension's sync storage, which your browser may replicate across your own signed-in browser profile. No conversation content is ever placed in sync storage.
  • Retention is entirely user-controlled: data remains until you press Clear log or uninstall the extension. There is no server-side copy of your evidence log.

Why each permission is requested

  • claude.ai, chatgpt.com, gemini.google.com — observing conversation turns on the supported platforms, and displaying the evidence badge.
  • api.sigill.ai, sigill.ai — submitting hashes for timestamping and signing; picking up your Sigill sign-in.
  • storage / unlimitedStorage — the local evidence log.
  • alarms — the hourly ledger anchor.
  • downloads — detecting when you download an AI-generated file so its hash can be recorded. Downloads that are not attributable to a supported AI platform are ignored entirely and never recorded.

What the extension does not do

  • No collection of browsing history, location, health, financial or payment data.
  • No keystroke logging; no reading of any website other than the three supported AI platforms and sigill.ai.
  • No sale of data, no transfer to third parties, no advertising or analytics, no use of data for any purpose beyond producing your evidence records.
  • No modification of the AI platforms' traffic — observation is strictly read-only.

Legal basis and your rights (GDPR)

Processing happens on your device at your instruction; the legal basis for the hash-and-timestamp calls to Sigill is the performance of the service you signed up for (Art. 6(1)(b) GDPR). Because your conversation content never reaches Sigill, access, rectification and deletion of the evidence log are actions you perform locally (export, edit settings, clear log). For data Sigill holds server-side — your account and timestamp-operation metadata — the rights and contact points in the main privacy policy apply. Complaints may be directed to Datatilsynet (the Norwegian Data Protection Authority) or your local supervisory authority.

Changes and contact

Material changes to this policy are versioned on this page and noted in the extension's release notes. Questions and corrections: contact@sigill.ai.