AI Browser Guard - Privacy Policy

Last updated: June 6, 2026

Summary: By default, AI Browser Guard processes all data locally on your device and makes zero network requests. There is no analytics, telemetry, or tracking. The extension also offers optional community-intelligence features (trust lookups and anonymized contribution) that are turned off by default and send data only after you explicitly opt in. When enabled, they transmit only a detected agent type and anonymized detection summaries -- never your URLs, page content, keystrokes, or identity.

1. What This Extension Does

AI Browser Guard is a Chrome extension that detects and monitors AI agents operating in your browser sessions and blocks their scripted navigations, form submissions, and downloads. It provides:

Detection of automated browser control (WebDriver flags, CDP connections, behavioral analysis)
An emergency kill switch to terminate agent access
A delegation wizard to define access boundaries for AI agents
Boundary violation alerts when agents attempt unauthorized actions
A session timeline logging agent activity

2. Data We Process Locally

We do not collect any personal data.

The extension processes the following information entirely on your local device. By default none of it leaves your browser:

Detection signals: Browser automation indicators such as navigator.webdriver flags, CDP markers, and event timing patterns. These are analyzed locally.
Session logs: A chronological record of detected agent actions (timestamps, action types, target URLs, CSS selectors, and outcomes). The last 5 sessions are stored locally.
Delegation rules: Access control rules you configure (presets, site patterns, time bounds). Stored locally in chrome.storage.local.
Violation records: Logs of boundary violations (what was attempted, which rule blocked it). Stored locally, limited to the 100 most recent entries.

2a. Optional Community-Intelligence Features (Off by Default)

The extension includes three optional features that communicate with OpenA2A servers. All three are disabled by default. A fresh install makes zero network requests. Each feature only sends data after you explicitly enable it, and you can turn it off again at any time with one click.

AIM identity lookup (setting aimLookupEnabled, default off): when an agent is detected, the extension can query aim.opena2a.org for a published identity and trust score for that agent type. The request contains only the detected agent type string (for example playwright). The page origin is used only as a local cache key and is never sent.
Registry trust lookup (setting registryLookupEnabled, default off): the extension can query api.oa2a.org for a registry trust score for the detected agent type. The request contains only the detected agent type string.
Anonymized contribution (consent default off, with a one-time tip after 5 detections that you can dismiss): if you opt in, the extension can send anonymized detection and behavior summaries to api.oa2a.org to improve community threat intelligence. Each contribution contains an anonymous contributor token (a per-install random identifier generated once and stored locally, for deduplication only -- it does not identify you), the detected framework name, detection summaries (agents found, framework types), behavior summaries (interaction count, success rate, anomaly count), the extension version, and timestamps.

These features never transmit your URLs, page content, form data, keystrokes, cookies, authentication tokens, personal identity, or browsing history. To enable or disable them, use the extension settings. Disabling a feature stops all outbound requests for it immediately; disabling contribution also clears any queued events.

3. How Data Is Stored

All data is stored in chrome.storage.local, which is a browser-provided storage mechanism that keeps data on your device only. Data is not synced across devices.

Session history: Last 5 sessions retained
Detection log: Last 100 entries retained
Delegation rules: Retained until you change or remove them
User settings: Retained until you change them or uninstall the extension

Uninstalling the extension deletes all stored data.

4. Data We NEVER Collect or Transmit

Regardless of which optional features you enable, the extension never collects or transmits:

No personal information (name, email, account credentials)
No browsing history, full URLs, or page content
No form data, keystrokes, or user input
No cookies, authentication tokens, or session identifiers
No usage analytics, behavioral telemetry, or tracking
No crash reports or error telemetry

5. Network Communication

By default, this extension makes zero network requests. All detection, analysis, and enforcement happens locally in your browser, and there are no update checks beyond Chrome's built-in extension update mechanism.

The only outbound network requests the extension can make are the three optional, off-by-default community-intelligence features described in section 2a (AIM identity lookup to aim.opena2a.org, registry trust lookup to api.oa2a.org, and anonymized contribution to api.oa2a.org). None of these run unless you explicitly enable them, and each can be turned off again at any time. There is no analytics or telemetry of any kind.

6. Permissions Explained

The extension requests the following Chrome permissions:

storage: Store session logs, delegation rules, and settings locally on your device.
alarms: Schedule periodic checks for delegation rule expiration and detection sweeps.
notifications: Display boundary violation alerts when an agent attempts unauthorized actions.
debugger: Detect when an automation framework (Playwright, Puppeteer) attaches a Chrome DevTools Protocol debugger to the browser -- a core detection signal -- and, for tabs you have delegated to an agent with restricted boundaries, attach a CDP session to block network requests that violate those boundaries. The extension does not use the debugger to read page content or inject code, and detaches when delegation ends.
downloads: Monitor downloads created while an AI agent is active so agent-initiated downloads can be detected and cancelled per your delegation rules (your own downloads are never flagged), and save a session report as a JSON file when you choose to export it.
host_permissions (<all_urls>): The content script must run on all pages to detect automation frameworks, since AI agents can operate on any website. Detection cannot be limited to specific domains without losing coverage. Page content is analyzed locally and is never transmitted.

7. Third-Party Services

This extension does not use or integrate with any third-party analytics platforms, advertising networks, or trackers. The only servers it can contact -- and only when you opt into the features in section 2a -- are OpenA2A's own aim.opena2a.org and api.oa2a.org.

8. Children's Privacy

This extension does not knowingly collect any information from anyone, including children under 13. Since no personal data is collected, COPPA considerations do not apply.

9. Changes to This Policy

If this privacy policy changes, the updated version will be published at this URL with a new "Last updated" date. Material changes affecting data collection would require a new extension version review by the Chrome Web Store.

10. Contact

For questions about this privacy policy or the extension, contact:

GitHub: github.com/opena2a-org/AI-BrowserGuard/issues
Organization: OpenA2A