Privacy Policy

Effective date: June 25, 2026
This policy applies to the Redact Chrome extension (the "Extension") and any associated web pages served from the same origin.

The short version: Redact collects no personal data, creates no accounts, and sends nothing personal off your device. The only outbound network request is a license-verification call to Gumroad when you activate a Pro key. OCR runs entirely on-device using bundled worker, WASM, and language-data assets — no image pixels or personal data ever leave your device.

1. What data we collect

We collect no personal data. The Extension does not collect, store, or transmit:

2. How redaction works — on-device, always

All PII detection and redaction — for both text and images — happens entirely inside your browser using local JavaScript. No text, image data, or pixel buffers are transmitted to any server at any point during normal use.

OCR (the Pro feature that scans images for text) uses Tesseract.js. The OCR engine, WASM core, and English language model are all bundled inside the extension package — no image data, pixel buffers, or model files are fetched from any remote server. OCR runs entirely on-device from the moment the extension is installed.

3. Network requests

The Extension makes outbound network requests only in the situations described below:

When Destination What is sent What is returned
User clicks "Activate" and enters a license key https://api.gumroad.com/v2/licenses/verify Your license key and the Redact product ID (no personal identifiers) Valid / invalid response. On success, result is cached locally so no repeat request is needed.

After a successful license verification, the result is stored in chrome.storage.local on your device. Subsequent launches read the local cache — no repeat Gumroad request is made. The Extension functions fully offline after the first activation.

OCR (the Pro "Auto-detect text" feature) uses Tesseract.js with a bundled WASM engine and English language model. No network request is made at any point during OCR — not on first use, not on any subsequent use. All image processing happens locally inside the browser.

Gumroad's own privacy policy governs their handling of the license key. We do not control or receive any personal data from them.

There are no other network requests. No analytics, no telemetry, no error reporting, no WebSocket connections, no sendBeacon calls.

4. Local storage

The Extension writes up to three keys to chrome.storage.local:

None of these keys contain personally identifiable information. All are readable only within the Extension's own origin and are never synced via chrome.storage.sync.

5. No accounts

Redact has no user accounts, no sign-up, and no login. You do not need to provide your name, email address, or any other personal information to install or use the Extension, including the free tier.

6. Third-party services

The Extension has no tracking pixels, advertising SDKs, or third-party analytics libraries. It contacts exactly one third-party service, described in Section 3:

The OCR engine (Tesseract.js), its WASM core, and the English language model are all bundled inside the extension package. No CDN or external service is contacted for OCR assets at any point.

7. Children

The Extension is a general-purpose privacy tool. It does not knowingly collect information from children under 13, and by design it collects no information from anyone.

8. Changes to this policy

If we make material changes, the effective date above will be updated and we will note the change in the Extension's changelog. Continued use after an update constitutes acceptance of the revised policy.

9. Contact

Questions about this policy? Email bearman.derek@gmail.com.