id4pii

Privacy policy

Last updated: 2026-05-31

id4pii is a local privacy tool. Its entire reason to exist is to keep your text on your own machine during normal use. This document spells out exactly what that means for the Chrome extension, the desktop application, optional diagnostics, and any logs they produce.

Short version

If that’s all you wanted to know, you can stop reading.

What data the extension can see

To do its job, the Chrome extension reads:

It then forwards that text to the local id4pii daemon application running on your own machine, gets back a redacted version, and lets the browser submit that redacted version instead of the original.

The extension does not access cookies, browsing history, other tabs’ contents, downloads, the file system, the clipboard, or anything else during normal anonymization. If you choose to send diagnostics, the extension can collect a report from the currently active tab, as described below.

Optional diagnostics

If id4pii does not work as expected, you can click the extension icon and send a diagnostic report for analysis and bug fixing. This is opt-in and requires an explicit send action plus a confirmation dialog.

A diagnostic report may include:

A diagnostic report does not include:

Because diagnostics can include page text, form text, and your own issue description, they may contain sensitive information. The popup warns you before sending.

Diagnostic reports are sent to id4pii-operated infrastructure and used only for debugging, reliability analysis, and bug fixing. Access is limited to maintainers who need it for that purpose.

Where data is processed

All detection and substitution happens on your computer in the id4pii daemon process:

The extension and the local application communicate over the loopback interface (127.0.0.1) for normal anonymization and restoration. Outbound network traffic generated by id4pii is limited to the one-time model download from Hugging Face during installation and any optional diagnostic report you explicitly send.

What is logged

The id4pii daemon application writes a rolling log file to %LOCALAPPDATA%\id4pii\logs\daemon.log (7 days retained). The log is structured and deliberately omits everything sensitive:

You can open the log yourself at any time via the system-tray icon → Open log file.

Third-party data flow

Data retention and deletion

Normal anonymization data is not stored on any server we operate. Optional diagnostic reports that you explicitly send are stored long enough to analyze and fix the reported issue, then deleted when they are no longer needed for that purpose.

On your own machine:

Running the Windows uninstaller (Settings → Apps & features → id4pii → Uninstall) or id4pii.exe uninstall removes the entire %LOCALAPPDATA%\id4pii\ tree in one step — model, vault, and logs are all gone.

Updates to this policy

If this policy changes, the new version is committed to the same docs/privacy.md file in the public repository. The git history is the changelog.

Contact

id4pii is open source under the MIT License. The source, the issue tracker, and the responsible-disclosure contact instructions live at https://github.com/TBLgGamin/id4pii.