Legal & Privacy Center

Everything you need to know about how we protect your data and the terms of using our security tools

Last Updated: January 2026

Privacy Policy

Our Privacy Commitment

IronCrux Shield is a "Local-First" security tool. All security analysis of your AI prompts, emails, and web content is performed locally on your device. Your private content is never transmitted to our servers.

What We Do NOT Collect

IronCrux Shield never collects, transmits, or stores:

  • AI prompts or conversations - Your AI interactions are analyzed locally and never stored or transmitted
  • Email content or metadata - Your emails are analyzed locally in your browser memory, never sent to our servers
  • Browsing history or visited websites - The URLs are analyzed locally to detect threats. We do not store or transmit a history of the websites you visit.
  • Usage analytics or telemetry - We don't track how you use the extension
  • Location data - We never access or store your physical location
  • Device identifiers or fingerprints - Your browser remains anonymous to us

What We Collect

When you create a premium account, we collect and store the following information on our servers:

  • Account Information - Email address and user ID for authentication and account management
  • Subscription Data - Billing cycle, subscription status, and renewal dates
  • Payment Events - Audit logs of subscription changes processed through our payment provider

This data is stored securely in our Supabase database and is used solely for account management, billing, and service delivery.

What We Store Locally (On Your Device Only)

The following data is stored in your browser's local storage and never transmitted:

  • User preferences - Your settings and category customizations
  • Activity history - Stored locally on your device
  • Scan results - Risk scores and detection logs remain on your device
  • Authentication tokens - If you create an account for Premium features, authentication tokens are stored locally

You can clear all locally stored data at any time through the extension settings or browser storage management.

How Local Processing Works

IronCrux Shield uses WebAssembly and local AI models to analyze content directly in your browser. When you use our extension:

  • AI prompt analysis runs on your device using local machine learning models
  • Email scanning checks headers and content in your browser's memory
  • Website risk scoring analyzes URLs and page content locally
  • Extension monitoring tracks permissions without external API calls

No data is ever sent to IronCrux servers for processing.

Third-Party Services

IronCrux Shield integrates with the following third-party services for account management and payment processing:

Authentication and Database (Supabase)

When you create a premium account, we use Supabase to store your email address, user ID, and subscription information. Supabase is our database and authentication provider. Your account data is encrypted and stored securely in Supabase's infrastructure. Supabase processes this data according to their privacy policy: https://supabase.com/privacy

Payment Processing (Polar.sh)

Subscription payments are processed through Polar.sh. We do not store your payment card information. Polar.sh handles billing and payment processing according to their privacy policy: https://polar.sh/legal/privacy

PInfrastructure (Cloudflare)

We use Cloudflare to deliver the service and verify subscription status. Cloudflare may process basic network logs (such as IP addresses) to prevent fraud and ensure service stability.

No Analytics or Tracking

We do not use Google Analytics, Mixpanel, Segment, or any other analytics platforms. We do not embed tracking pixels, cookies (except essential authentication), or fingerprinting scripts.

Data Retention and Deletion

Local data stays on your device until you clear it. Account/Billing data is kept only as long as your account is active or as required by law for tax purposes. You can request deletion of your account data at any time by contacting us.

Your Data Rights

You have the following rights regarding your data:

  • Access - Request a copy of your account data stored in our Supabase database
  • Rectification - Request correction of inaccurate account information
  • Erasure - Request deletion of your account and associated data (subject to legal retention requirements)
  • Data Portability - Request your account data in a machine-readable format
  • Withdraw Consent - You can delete your account at any time
  • Object to Processing - Contact us if you object to how we process your data

GDPR Compliance (European Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR). We process your account data based on:

  • Contract - Processing necessary to provide premium services you requested
  • Legal Obligation - Retention of billing records for tax compliance
  • Legitimate Interest - Account security and fraud prevention

You have the right to lodge a complaint with your local data protection authority.

CCPA Compliance (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

  • Right to Know - What personal information we collect and how it's used
  • Right to Delete - Request deletion of your personal information
  • Right to Opt-Out - You can delete your account to stop data collection
  • Non-Discrimination - We won't discriminate against you for exercising your rights

We do not sell your personal information to third parties.

Chrome Permissions

IronCrux Shield utilizes the following permissions to provide a secure browsing environment. All security analysis is performed locally on your device, and no personal browsing data is transmitted to our servers.:

  • storage - Used to securely persist your security preferences, encrypted authentication tokens, and local-only activity logs
  • tabs - Accessed only when Web Protection is enabled. This allows the extension to analyze active URLs in real-time to warn you about phishing and malicious sites before you interact with them
  • alarms - Facilitates low-resource background synchronization to verify subscription status and ensure your security definitions are up to date
  • management - Accessed only when Extension Protection is enabled. This allows the extension to audit your installed browser extensions locally to identify and alert you to potential security risks or "bad actor" extensions
  • declarativeNetRequest - Utilized only when Web Protection is enabled. This provides high-performance, privacy-preserving blocking of known malicious domains and trackers using industry-standard filter lists
  • host_permissions - ChatGPT and Gemini: This permission allows IronCrux Shield to access ChatGPT and Gemini web pages to perform local analysis of user-entered prompts and reduce exposure of sensitive personal information, as part of browser-based threat protection. Gmail: This permission allows IronCrux Shield to access Gmail pages to analyze email content locally for browser-based threats, including phishing attempts, malicious links, and sender impersonation. No content is transmitted externally.

Children's Privacy

IronCrux Shield does not knowingly collect information from children under 13. The extension is designed for general audience use and processes all data locally without collection.

Changes to This Policy

We may update this privacy policy to reflect changes in our practices or legal requirements. We will notify users of material changes through the extension interface and update the "Last Updated" date above.

Contact Us

For privacy-related questions or concerns, contact us at:
Email: [email protected]

Terms of Service

Last Updated: January 2026

Agreement to Terms

By installing and using IronCrux Shield ("the Extension"), you agree to be bound by these Terms of Service. If you do not agree, do not use the Extension.

Description of Service

IronCrux Shield provides browser-based security protection through four layers: AI Privacy Protection, Email Security, Web Protection, and Extension Security. All processing occurs locally on your device.

User Accounts

Free tier usage requires no account. Premium and Enterprise subscriptions require account creation for billing and feature access. You are responsible for maintaining account security and all activities under your account. We are not liable for any unauthorized access to your account resulting from your failure to keep your login credentials safe.

Acceptable Use

You agree to use IronCrux Shield lawfully and NOT:

  • Reverse engineer, decompile, or attempt to extract source code
  • Use the Extension to violate any laws or regulations
  • Attempt to bypass, disable, or interfere with security features
  • Resell or redistribute the Extension without authorization
  • Use the Extension to harm others or engage in malicious activity

Subscription Terms

  • Billing: Premium features are billed via Polar.sh. By subscribing, you agree to their billing terms.
  • Renewals: Subscriptions renew automatically unless canceled.
  • Changes: We may change the price of the service with 30 days' notice.

Service

“Service” means any and all products, software, browser extensions, web applications, websites, APIs, features, tools, content, and services provided by or on behalf of Ironcrux, whether currently offered or introduced in the future, including beta, trial, or experimental features.

Disclaimer of Warranties

THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE." TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IRONCRUX DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT. IRONCRUX DOES NOT GUARANTEE THAT THE SERVICE WILL BE ERROR-FREE OR WILL DETECT EVERY SECURITY THREAT.

Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL IRONCRUX, ITS OWNER, OPERATOR, OR ANY FUTURE AFFILIATED ENTITY BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF PROFITS, LOSS OF DATA, BUSINESS INTERRUPTION, OR SECURITY-RELATED DAMAGES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

TO THE EXTENT LIABILITY CANNOT BE EXCLUDED, IRONCRUX’S TOTAL AGGREGATE LIABILITY FOR ALL CLAIMS ARISING OUT OF OR RELATING TO THE SERVICE—WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, OR OTHERWISE—SHALL NOT EXCEED THE GREATER OF:
(A) THE TOTAL AMOUNT PAID BY YOU TO IRONCRUX FOR THE SERVICE IN THE TWELVE (12) MONTHS IMMEDIATELY PRECEDING THE EVENT GIVING RISE TO THE CLAIM; OR
(B) TEN U.S. DOLLARS (USD $10.00).

NOTHING IN THESE TERMS SHALL LIMIT OR EXCLUDE LIABILITY FOR FRAUD, WILLFUL MISCONDUCT, OR GROSS NEGLIGENCE, OR ANY LIABILITY THAT CANNOT BE LAWFULLY LIMITED UNDER APPLICABLE LAW.

Modifications to Service

We reserve the right to modify, suspend, or discontinue the Extension or any features at any time with or without notice. We are not liable for any modification, suspension, or discontinuation.

Termination

We may terminate or suspend your access immediately, without prior notice, for any violation of these Terms. Upon termination, your right to use the Extension ceases immediately.

Governing Law

These Terms are governed by and construed in accordance with the laws of the Washington, US, without regard to conflict of law principles.

Contact for Legal Matters

For legal inquiries, contact us at:
Email: [email protected]

Questions About Privacy or Security?

We're here to help. Reach out anytime.

Contact Privacy Team