Privacy Policy
Last updated: May 18, 2026 · Effective date: May 18, 2026
1. Introduction
This Privacy Policy describes how Ethira AB ("Ethira", "we", "us", or "our") collects, uses, shares, and protects personal data when you use the Ethira platform and related services (the "Service"), including when you visit the ethira.dev marketing website.
This policy applies to all users of the Ethira product, including workspace administrators, team members, and external parties who interact with features such as the Trust Center, as well as visitors to the ethira.dev marketing website.
We are committed to protecting your privacy and processing your personal data in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the Brazilian General Data Protection Law (LGPD), and other relevant frameworks.
2. Data Controller
Ethira AB acts as the data controller for the personal data described in this policy.
- Registered address: Luntmakargatan 26, 111 37 Stockholm, Sweden
- Registration number: 559531-1480
- Data Protection Officer (DPO): Lucas de Araujo (privacy@ethira.dev)
- Contact email: privacy@ethira.dev
If you are a user within a workspace managed by an organization, that organization may also act as a data controller or joint controller for data processed within their workspace.
3. Personal Data We Collect
3.1 Data you provide directly
| Category | Data elements | When collected |
|---|---|---|
| Account information | Full name, email address, profile picture | Registration and profile setup |
| Authentication credentials | Password (stored as a cryptographic hash, never in plaintext) | Account creation and updates |
| Single sign-on identifiers | Google account ID, SAML attributes, SCIM identifiers | When SSO or directory sync is configured |
| Physical location | Street address, city, country, postal code | When optionally provided by users or administrators |
| Chat messages | Message content, conversation titles | When using the in-app AI assistant |
| Trust Center requests | Requester name, email, organization name | When external parties request access to your Trust Center |
| Uploaded documents | Files and documents uploaded to the platform | When using document management features |
3.2 Data collected automatically
| Category | Data elements | Purpose |
|---|---|---|
| Session data | Authentication cookies, session tokens | Maintaining your authenticated session |
| Product analytics | Page views, feature usage, session recordings (including console log capture and cross-origin iframe content), UI interactions, user email address and name (sent to PostHog on login for user-level analytics) | Product improvement and user experience optimization |
| Error and performance data | Browser information, error stack traces, session replays, user context at time of error | Diagnosing and resolving technical issues |
| AI usage logs | User identifier, model used, token counts, request metadata | Usage metering, billing, and service optimization |
| Activity logs | Actions performed within a workspace, actor user ID, timestamps | Audit trail and security monitoring |
| Marketing website analytics | Page views, clicked links and buttons (autocaptured), approximate IP geolocation (country/city), browser type, referrer URL — only collected with your consent via the cookie banner on ethira.dev | Understanding how visitors find and navigate the marketing website |
| Advertising analytics | Conversion events, ad interaction signals, approximate IP geolocation (country/city), browser type — only collected with your consent via the cookie banner on ethira.dev | Measuring the effectiveness of paid advertising campaigns |
3.3 Data collected through third-party integrations
When you connect third-party services to Ethira, we collect and store the following data with your explicit authorization:
| Integration | Data collected |
|---|---|
| Google Workspace / Calendar / Drive | Google account email, OAuth access and refresh tokens (encrypted at rest) |
| Microsoft 365 | Microsoft account email, Microsoft user ID, OAuth access and refresh tokens (encrypted at rest) |
| Jira | OAuth access and refresh tokens (encrypted at rest) |
| Linear | OAuth access and refresh tokens (encrypted at rest) |
| Slack | Webhook and notification configuration; Slack user ID, email, and profile data when Slack Sign-In (OpenID) is used for authentication |
| Vanta | Client ID and encrypted client secret (configured by workspace administrator via OAuth2 client credentials) |
| Claude (Anthropic) | Encrypted API key (configured by workspace administrator) |
| Cursor | Encrypted API key (configured by workspace administrator) |
| Wordsmith | Encrypted API key, encrypted webhook signing secret (optional), and repository metadata (repository ID, repository name) (configured by workspace administrator) |
All OAuth tokens are encrypted at rest before storage. You can revoke integration access at any time through your workspace settings.
3.4 Data managed on behalf of your organization
As part of the platform's compliance and governance features, workspace administrators may store the following categories of data about third parties:
- Vendor/third-party records: Name, legal name, passport number, national identity number, VAT number, Legal Entity Identifier (LEI), European Unique Identifier (EUID), corporate registration number
- Device inventory: Device owner and custodian assignments, IP addresses, MAC addresses, network and physical location
- Deployment metadata: Commit author email addresses
- Contractual relationships: Business owner, security owner, account manager names
Your organization acts as the data controller for this data. Ethira processes it on your behalf as a data processor.
3.5 Data collected through the Browser Extension
The Ethira Security browser extension ("Extension") is an enterprise tool that requires explicit user acknowledgment before any monitoring begins. When the Extension is active and the user has acknowledged monitoring, it collects the following categories of data:
Browsing activity and provider classification (hostname-level)
The Extension records the domain/hostname of websites you visit, not full URLs or page content. For each site session the Extension records: hostname, time of visit, active time on site, and coarse interaction counts (number of clicks, form inputs, page navigations, and scrolls). The Extension also derives a provider classification for each site — a risk score, a category label (e.g. "cloud storage", "social media"), and the signal evidence that triggered the classification. Full page URLs, page titles, and page DOM content are never sent to Ethira servers.
Third-party service signals
The Extension observes the distinct third-party hostnames that web pages contact (e.g. analytics, cloud services). This helps your organization discover unauthorized or shadow IT services. Only hostnames are recorded, not full request URLs or response content.
Outbound PII detection results (category-only)
The Extension intercepts outgoing network requests (POST, PUT, PATCH, DELETE) made by web pages to scan for potential outbound PII submissions. This scanning happens entirely on your device; raw request body content is never transmitted to Ethira. An on-device AI model (bundled with the Extension, running locally) may be used for verification. Only the result of that scan is sent to Ethira: the destination hostname, the detected PII category (e.g. "email address", "credit card number"), the HTTP method, and a timestamp. The actual values detected are never uploaded.
Provider and OAuth signals
The Extension detects patterns consistent with OAuth authorization flows and cloud service API calls to support shadow IT discovery. Reported signals include: the initiating page origin, the destination domain, flow type classification, and timestamp.
Identity and authentication
The Extension stores authentication credentials (ingest token or OAuth access/refresh tokens) in the browser's secure extension storage (browser.storage) to authenticate API calls. User email and workspace ID are stored locally and sent with activity payloads to associate records with your Ethira workspace.
When an ingest token (non-OAuth) is used and no email is available in storage or extension policy, the Extension may read the user's email from the Chrome browser profile via chrome.identity.getProfileUserInfo. This requires the user to be signed into Chrome with a Google account. No password or other Google account data is accessed.
Categories of PII the Extension can detect (on-device scanning)
The Extension scans outbound request bodies on-device for the following PII categories. Only the category label is sent to Ethira — the actual value is never transmitted:
- Email address
- Phone number
- Credit card number
- National identity number (e.g. SSN, BSN, NIF)
- Physical address
- Passport number
- Bank account number
- Health data (GDPR Art. 9 special category)
- Biometric data (GDPR Art. 9 special category)
- Genetic data (GDPR Art. 9 special category)
- Racial or ethnic origin (GDPR Art. 9 special category)
- Political opinion (GDPR Art. 9 special category)
- Religious or philosophical belief (GDPR Art. 9 special category)
- Trade union membership (GDPR Art. 9 special category)
- Sexual orientation (GDPR Art. 9 special category)
What the Extension does NOT collect
- Browsing history from the browser's built-in history API
- Full page URLs, page titles, or page content
- Password field values
- Raw request or response body content (on-device only; categories sent, not values)
- Content of web page cookies, localStorage, or IndexedDB
- Any data from websites when monitoring is paused or before acknowledgment is given
Crash and error reporting (optional)
If error reporting is enabled in your organization's deployment, crash reports and diagnostic data may be sent to Sentry (see section 6.1). This is controlled by whether a Sentry DSN is configured in the build your organization deploys; personal browsing data is never included in error reports.
Enterprise deployment
Enterprise administrators can pre-configure the Extension via browser managed storage policies (e.g. ingest token, API base URL, user email). In this mode, settings are pushed from your IT administrator and individual users cannot modify them.
4. Purposes and Legal Bases for Processing
| Purpose | Legal basis (GDPR Art. 6) | CCPA category |
|---|---|---|
| Providing and operating the Service | Performance of contract (Art. 6(1)(b)) | Business purpose |
| User authentication and session management | Performance of contract (Art. 6(1)(b)) | Business purpose |
| Sending transactional emails (verification, notifications) | Performance of contract (Art. 6(1)(b)) | Business purpose |
| Product analytics and improvement | Legitimate interest (Art. 6(1)(f)) | Business purpose |
| Marketing website analytics (ethira.dev) | Consent (Art. 6(1)(a)) — via the cookie consent banner on ethira.dev | Business purpose |
| Marketing website advertising analytics (ethira.dev) | Consent (Art. 6(1)(a)) — via the cookie consent banner on ethira.dev | Business purpose |
| Error tracking and performance monitoring | Legitimate interest (Art. 6(1)(f)) | Business purpose |
| AI-powered features (chat, enrichment, analysis) | Performance of contract (Art. 6(1)(b)) | Business purpose |
| AI usage metering and billing | Performance of contract (Art. 6(1)(b)) | Business purpose |
| Security monitoring and audit logging | Legitimate interest (Art. 6(1)(f)) | Business purpose |
| Compliance with legal obligations | Legal obligation (Art. 6(1)(c)) | Business purpose |
| Third-party integrations | Consent (Art. 6(1)(a)) | Business purpose |
| Browser Extension: monitoring website visits and third-party service discovery (hostname-level) | Performance of contract (Art. 6(1)(b)) — monitoring is a core feature of the Service agreed to by the workspace | Business purpose |
| Browser Extension: on-device PII detection and sending category-only results to Ethira | Performance of contract (Art. 6(1)(b)); Legitimate interest (Art. 6(1)(f)) — helping your organization prevent data loss | Business purpose |
| Browser Extension: domain risk scoring (per-domain risk lookup) | Performance of contract (Art. 6(1)(b)) | Business purpose |
| Browser Extension: on-device detection of GDPR Art. 9 special-category data — category labels only transmitted | Substantial public interest (Art. 9(2)(g)) and/or employer's legitimate interest in data loss prevention, subject to the employer's own GDPR legal basis as data controller; Ethira processes as data processor under the workspace DPA | Business purpose |
5. Cookies and Tracking Technologies
We use the following cookies and tracking technologies:
5.1 Essential cookies
| Cookie name | Purpose | Duration | Type |
|---|---|---|---|
__Host-ethira_session | Authenticated session management | 24 hours | HttpOnly, Secure, SameSite=Lax |
ethira_session | Session management (development environments) | 24 hours | HttpOnly, SameSite=Lax |
ethira_external_session | Trust Center external access session | Session-based | HttpOnly, Secure, SameSite=Lax |
5.2 Analytics and monitoring
| Technology | Provider | Purpose | Data collected |
|---|---|---|---|
| PostHog | PostHog, Inc. | Product analytics, session recording | Page views, feature usage, autocapture UI events, session recordings (including console log output and cross-origin iframe content where present), user email and name (set at login via identify()), user ID; hosted at eu.posthog.com |
| Sentry | Functional Software, Inc. | Error tracking and performance monitoring | Error reports, performance traces, session replays (10% of sessions; 100% on error), user ID and workspace ID (email is not sent); API ingest via EU endpoint (de.sentry.io) |
| Featurebase | Featurebase | In-product feedback widget, changelog announcements, and product roadmap | User ID, name, email, and organization name (via a signed JWT issued by the Ethira backend); JavaScript SDK loaded at runtime into the web app |
5.3 Browser Extension local storage
The Extension uses the browser's own extension storage APIs (browser.storage.local and browser.storage.session) to persist data on your device. No web-page localStorage, cookies, or IndexedDB are read or modified by the Extension.
| Storage key | Contents | Scope |
|---|---|---|
ethira_ingest_token | Ingest token for API authentication | local (persisted) |
ethira_refresh_token | OAuth refresh token | local (persisted) |
ethira_access_token | OAuth access token | session (cleared on browser close) |
ethira_workspace_id | Ethira workspace identifier | local (persisted) |
ethira_user_email | Authenticated user email | local (persisted) |
ethira_buffer | Queue of buffered activity and PII events awaiting upload | local (persisted) |
ethira_acknowledgment_given_at | Timestamp of user monitoring acknowledgment | local (persisted) |
ethira_monitoring_paused | Whether the user has paused monitoring | local (persisted) |
ethira_risk_dot_enabled | Whether the domain risk indicator badge is enabled | local (persisted) |
All data stored in extension storage is local to your browser. Buffered data is uploaded to Ethira and then cleared.
5.4 Web application local storage
The Ethira web application (app.ethira.dev) uses the browser's localStorage and sessionStorage to persist user preferences and session state on your device. Representative keys that may contain personal data:
| Key | Contents | Scope |
|---|---|---|
user | Cached user JSON (name, email, ID) | localStorage |
token | Authentication token | localStorage |
selectedWorkspace | Selected workspace metadata | localStorage |
lastEmail | Last email used on the login screen (UX convenience) | localStorage |
ai_helper_input_* | Draft text typed into the AI assistant input | localStorage |
ethira_dpa_cache, dpa_personal_data_categories_cache | Cached DPA and personal data category data | localStorage |
extension_redirect_uri | Browser extension OAuth return URL | sessionStorage (cleared on tab close) |
| UI preference keys (sidebar state, theme, column widths, filter state) | Layout and display preferences — no personal data | localStorage / sessionStorage |
This data is stored locally in your browser and is not transmitted to third parties. Clearing your browser storage removes this data immediately.
5.5 Marketing website (ethira.dev) — analytics cookies (consent-based)
Analytics on the ethira.dev marketing website are loaded only after you accept cookies via the cookie consent banner. If you decline or ignore the banner, no analytics cookies are set and no tracking occurs.
| Cookie / storage key | Provider | Purpose | Duration | Activated |
|---|---|---|---|---|
ph_* (PostHog cookies and localStorage) | PostHog, Inc. | Visitor analytics: page views, autocaptured UI interactions, approximate geolocation (country/city derived from IP), browser type, referrer URL; no user identity is sent | Session cookie + persistent localStorage up to 1 year | Only after consent |
_gcl_* (Google click ID), _ga, _gid | Google LLC | Conversion tracking and advertising campaign performance measurement; no individual identity is sent | _gcl_*: 90 days; _ga: 2 years; _gid: 24 hours | Only after consent |
ethira_website_consent | Ethira AB | Stores your cookie consent preference for this website | Persistent (localStorage) | Always (contains only your consent choice — no tracking data) |
You can withdraw your consent at any time by clearing your browser's localStorage for ethira.dev. No identify() call is ever made on the marketing website — your email or name is never sent to PostHog from ethira.dev.
Google Ads data is processed by Google LLC under their standard terms. Data may be transferred to the United States under Standard Contractual Clauses as described in section 7.
6. Data Sharing and Third-Party Processors
We share personal data with the following categories of third-party service providers who process data on our behalf:
6.1 Sub-processors
A complete, up-to-date list of all sub-processors engaged by Ethira AB — including their purpose, data location, personal data types, and retention periods — is maintained on our dedicated Subprocessors page.
All sub-processors are bound by data processing agreements (DPAs) that require them to protect your data in accordance with applicable law.
6.2 Other disclosures
We may also disclose personal data:
- To comply with applicable laws, regulations, or legal process
- To protect the rights, property, or safety of Ethira, our users, or others
- In connection with a merger, acquisition, or sale of assets (with prior notice where required)
We do not sell personal data to third parties. We do not share personal data for cross-context behavioral advertising.
7. International Data Transfers
Your personal data may be transferred to and processed in countries outside your country of residence, including the United States. When we transfer data outside the European Economic Area (EEA), United Kingdom, or Brazil, we rely on the following safeguards:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions where the destination country has been deemed to provide adequate protection
- Contractual protections with our sub-processors
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required by law.
| Data category | Retention period |
|---|---|
| Account information | Duration of account existence; deleted upon account closure |
| Authentication session data | 24 hours (cookie and JWT expiry) |
| Email verification codes | 30 minutes |
| Activity and audit logs | Up to 90 days (per-workspace configurable; automatically purged daily) |
| AI usage logs (Ethira) | Duration of workspace existence |
| AI data at OpenAI | Zero Data Retention enabled — prompts and responses are not stored at rest |
| AI data at Requesty | Zero data retention — requests and responses are discarded immediately after routing and not stored by Requesty |
| Product analytics (PostHog) | Session replays: 90 days; analytics data: up to 7 years |
| Error tracking (Sentry) | Errors and replays: 90 days; spans and transactions: 30 days; logs: 30 days |
| Continuous monitoring data | 90 days (automatically purged daily) |
| Uploaded documents | Duration of workspace existence, or until deleted by user |
| Document cache | 7 days |
| Integration tokens | Until integration is disconnected or token is revoked |
| Workspace-managed data (vendors, devices, etc.) | Duration of workspace existence, managed by workspace administrators |
When data is deleted, we remove it from our active systems. Backups may retain data for a limited additional period before being overwritten.
9. Your Rights
9.1 Rights under the GDPR (EEA/UK residents)
If you are located in the European Economic Area or the United Kingdom, you have the following rights:
- Right of access — Request a copy of the personal data we hold about you
- Right to rectification — Request correction of inaccurate or incomplete data
- Right to erasure — Request deletion of your personal data ("right to be forgotten")
- Right to restriction — Request that we limit processing of your data
- Right to data portability — Receive your data in a structured, machine-readable format
- Right to object — Object to processing based on legitimate interests, including profiling
- Right to withdraw consent — Withdraw consent at any time where processing is based on consent
- Right to lodge a complaint — File a complaint with your local data protection authority
9.2 Rights under the CCPA (California residents)
If you are a California resident, you have the following rights under the CCPA/CPRA:
- Right to know — Request disclosure of the categories and specific pieces of personal information we have collected
- Right to delete — Request deletion of your personal information
- Right to correct — Request correction of inaccurate personal information
- Right to opt-out of sale/sharing — We do not sell or share your personal information for cross-context behavioral advertising
- Right to non-discrimination — We will not discriminate against you for exercising your rights
Categories of personal information collected (per CCPA categories): Identifiers (name, email), Internet activity (usage data, session recordings), geolocation data (if provided), professional information (organization name), and inferences drawn from the above.
9.3 Rights under the LGPD (Brazilian residents)
If you are located in Brazil, you have the following rights under the LGPD:
- Confirmation of the existence of data processing
- Access to your personal data
- Correction of incomplete, inaccurate, or outdated data
- Anonymization, blocking, or deletion of unnecessary or excessive data
- Data portability to another service provider
- Deletion of data processed with your consent
- Information about public and private entities with which your data has been shared
- Information about the possibility of denying consent and its consequences
- Revocation of consent
9.4 Exercising your rights
To exercise any of the rights described above, contact us at privacy@ethira.dev.
We will respond to your request within the timeframes required by applicable law (generally 30 days under GDPR, 45 days under CCPA). We may need to verify your identity before processing your request.
Workspace administrators can manage certain data directly through the platform, including user deprovisioning via SCIM directory synchronization.
10. Children's Privacy
The Service is not directed to individuals under the age of 16 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without appropriate consent, we will take steps to delete that data promptly.
If you believe that a child has provided personal data to us, please contact us at privacy@ethira.dev.
11. Security Measures
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encryption at rest — All third-party OAuth tokens are encrypted before storage
- Password hashing — User passwords are stored using cryptographic hashing; plaintext passwords are never stored or logged
- Workspace isolation — Data is logically separated between workspaces to prevent unauthorized cross-workspace access
- Secure session management — Authentication cookies use HttpOnly, Secure, and SameSite attributes
- Access controls — Role-based access controls within workspaces
- Transport encryption — All data in transit is encrypted using TLS
- Audit logging — User actions within workspaces are logged for security monitoring
No method of transmission or storage is completely secure. If you discover a security vulnerability, please report it to security@ethira.dev.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
- Update the "Last updated" date at the top of this policy
- Notify you through the Service or by email where required by applicable law
- Where required, obtain your consent to material changes
We encourage you to review this policy periodically.
13. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
- Email: privacy@ethira.dev
- Data Protection Officer: Lucas de Araujo (privacy@ethira.dev)
- Postal address: Luntmakargatan 26, 111 37 Stockholm, Sweden
If you are in the EEA and are not satisfied with our response, you have the right to lodge a complaint with your local Data Protection Authority. A list of EU DPAs can be found at https://edpb.europa.eu/about-edpb/about-edpb/members_en.
14. Browser Extension — Additional Disclosures
This section provides additional disclosures specifically for the Ethira Security browser extension, required by browser vendors (Google Chrome Web Store, Mozilla Firefox Add-ons, etc.) and applicable privacy regulations.
14.1 Extension overview and purpose
The Ethira Security extension is an enterprise security tool designed to help organizations:
- Discover unauthorized or shadow IT services used by employees (third-party service discovery)
- Detect when employees submit sensitive data containing PII to external services
- Monitor website usage at the domain level for security governance purposes
The Extension is intended for use by employees in corporate environments with the knowledge of both the employer (Ethira workspace administrator) and the employee (who must explicitly acknowledge monitoring before it begins).
14.2 Permissions justification
| Browser permission | Why it is required |
|---|---|
storage | Store authentication tokens, user preferences, and the activity buffer between sessions |
tabs | Detect tab navigation events and associate activity with the correct website domain |
idle | Distinguish active browsing time from idle time for accurate session duration measurements |
alarms | Schedule periodic upload of buffered activity data to the Ethira API |
identity | Support OAuth-based sign-in via the browser's identity API; retrieve user email for account association |
webNavigation | Declared in the extension manifest. This permission is currently not actively used for navigation event listening; OAuth redirect handling uses the identity API instead. The permission is retained for potential future use and is listed here for full transparency. |
webRequest | Observe completed outbound network requests from web pages to detect third-party service hostnames |
offscreen (Chrome/Edge only) | Run the on-device AI model (ONNX) for PII verification in a background context |
host_permissions: <all_urls> | Inject content scripts and observe network activity on all HTTP/HTTPS pages; required for universal shadow IT discovery |
14.3 Data minimization principles
The Extension is built around data minimization:
- Hostnames, not full URLs. Browsing activity is reported at the domain/hostname level (e.g.
google.com), never the full URL or query string. - On-device scanning for PII. Request body content is scanned locally, first by regex patterns and then — where available — by a bundled on-device ONNX AI model (Piiranha NER) for second-pass verification. The AI model runs with
local_files_only: true; if it cannot load, the regex-based detection still runs and PII category results are still sent to the server. In either case, only the PII category label is transmitted — raw request body content is never sent to Ethira. - Monitoring gate. No data is collected or sent before the user clicks "I acknowledge" in the extension popup. Users can pause monitoring at any time.
- Explicit user control. Users can pause monitoring, revoke the ingest token, or uninstall the extension at any time to stop all data collection.
14.4 Data collected by the Extension (summary)
| Data type | Sent to Ethira servers? | Notes |
|---|---|---|
| Website hostname | Yes | Not full URL; excludes Ethira's own domain and known analytics/CDN domains |
| Time on site / active time | Yes | Aggregated session metrics |
| Interaction counts | Yes | Coarse counts (clicks, scrolls, form inputs); not content |
| Third-party hostnames on page | Yes | Distinct hostnames of third-party resources loaded by the page |
| Provider risk score and classification | Yes | A numerical score, category label, and subcategory label derived by the extension (e.g. "cloud storage", "AI tool"); sent per session record |
| Provider signal evidence (fired signals) | Yes | The signal types that triggered the provider classification (e.g. "detected OAuth-like URL pattern", "detected SSE stream"); no raw URL paths or content transmitted |
| PII category detected | Yes | Category label only (e.g. "email_address", "health_data"); not the actual value. Detected by on-device regex and/or ONNX AI model |
| Destination domain (PII event) | Yes | Hostname of the endpoint the outbound request was sent to |
| HTTP method (PII event) | Yes | Method of the request that triggered detection (POST, PUT, PATCH, or DELETE) |
| User email (sent with each batch) | Yes | Used to associate activity records with the correct workspace member |
| Raw request body content | No | Scanned on-device only (up to 1 MB per request); never transmitted to Ethira |
| Full page URLs | No | Only the hostname (domain) is extracted and used |
| Page content / DOM | No | Not accessed or transmitted |
| Password field values | No | Not recorded or transmitted (presence of a password field is used only as a provider classification signal) |
| Browser history (history API) | No | The browser history API is not accessed |
| Web page cookies / localStorage | No | Web page storage is not accessed |
14.5 Data retention for Extension data
| Data category | Retention |
|---|---|
| Browsing activity records | 90 days, then automatically purged |
| PII submission detection events | 90 days, then automatically purged |
| Provider / shadow IT signals | 90 days, then automatically purged |
| Extension local storage (device) | Until user uninstalls the Extension or clears extension data |
14.6 Uninstalling or disabling the Extension
If you uninstall the Extension:
- All locally stored data (tokens, buffered activity, settings) is cleared from your browser immediately
- No further data will be collected or uploaded
- Historical activity data already uploaded to Ethira will be retained according to section 8 above
- You can request deletion of your activity data by contacting privacy@ethira.dev
If your administrator has deployed the Extension via enterprise policy, contact your IT administrator to manage the installation.
14.7 Enterprise deployment
When deployed via managed browser policies, the Extension may receive configuration (ingest token, API endpoint, user email, privacy policy URL) pushed by your IT administrator. In this mode, the Extension operates within the configuration your organization has established.