Privacy policy
Last updated: 2026-05-31
id4pii is a local privacy tool. Its entire reason to exist is to keep your text on your own machine during normal use. This document spells out exactly what that means for the Chrome extension, the desktop application, optional diagnostics, and any logs they produce.
Short version
- We do not collect passive telemetry, analytics, usage pings, or account data.
- Normal anonymization and restoration stay on your own computer. The Chrome extension talks to a local companion application (id4pii daemon) over a loopback WebSocket (
ws://127.0.0.1:7878) — a connection to your own machine that cannot leave it.
- The only product feature that can send data to an id4pii-operated server is optional diagnostics. It runs only after you click the extension icon, choose Send diagnostics, and confirm the warning dialog.
- We do not silently transmit the contents of your messages, the assistant’s replies, your real names, your emails, or any vault mapping anywhere outside your computer.
If that’s all you wanted to know, you can stop reading.
What data the extension can see
To do its job, the Chrome extension reads:
- The text you type into the input field on the supported sites (ChatGPT, Claude, Gemini) at the moment you submit it.
- The text of the assistant’s reply as it streams into the page, so it can restore your real values in place of the stand-ins.
It then forwards that text to the local id4pii daemon application running on your own machine, gets back a redacted version, and lets the browser submit that redacted version instead of the original.
The extension does not access cookies, browsing history, other tabs’ contents, downloads, the file system, the clipboard, or anything else during normal anonymization. If you choose to send diagnostics, the extension can collect a report from the currently active tab, as described below.
Optional diagnostics
If id4pii does not work as expected, you can click the extension icon and send a diagnostic report for analysis and bug fixing. This is opt-in and requires an explicit send action plus a confirmation dialog.
A diagnostic report may include:
- The current tab URL, title, host, browser language, viewport size, and user agent.
- Any issue description you type into the optional report field.
- Visible text from the current page.
- Text from visible form fields, chat composers, textareas, and contenteditable fields on the current page.
- Recent extension logs from the background script, isolated content script, and main-world interceptor.
- Local engine connection status, request IDs, operation names, counts, timings, and error messages.
- Upload metadata needed to debug file handling, such as MIME type, extension, and byte counts.
A diagnostic report does not include:
- The encrypted vault file.
- Vault entries or real-value-to-surrogate mappings.
- Cookies, browser history, downloads, files from disk, or clipboard contents.
- Data from tabs other than the active tab you are reporting from.
Because diagnostics can include page text, form text, and your own issue description, they may contain sensitive information. The popup warns you before sending.
Diagnostic reports are sent to id4pii-operated infrastructure and used only for debugging, reliability analysis, and bug fixing. Access is limited to maintainers who need it for that purpose.
Where data is processed
All detection and substitution happens on your computer in the id4pii daemon process:
- The PII detection model (openai/privacy-filter) is downloaded once at install time and runs offline through ONNX Runtime. The model never talks to a server while it’s running — it only loads weights from disk and produces token-level predictions in-process.
- The mapping of “real value ↔ fictional surrogate” is held in memory and persisted between sessions in
%LOCALAPPDATA%\id4pii\vault.bin, encrypted via the Windows Data Protection API (DPAPI) so that only the same Windows user on the same machine can read it back.
The extension and the local application communicate over the loopback interface (127.0.0.1) for normal anonymization and restoration. Outbound network traffic generated by id4pii is limited to the one-time model download from Hugging Face during installation and any optional diagnostic report you explicitly send.
What is logged
The id4pii daemon application writes a rolling log file to %LOCALAPPDATA%\id4pii\logs\daemon.log (7 days retained). The log is structured and deliberately omits everything sensitive:
- Logged: request IDs, operation kinds (anonymize / restore / undo), counts (e.g. “5 spans detected”), durations, error messages, the source of the request (hotkey vs. browser tab).
- Not logged, anywhere, at any verbosity level: the original text, the anonymized text, surrogate values, vault entries, the contents of any input field, the contents of any LLM reply.
You can open the log yourself at any time via the system-tray icon → Open log file.
Third-party data flow
- The LLM site you visit (ChatGPT, Claude, Gemini, etc.) receives the anonymized version of your message — the version with real PII swapped for fictional stand-ins. That is by design: the entire purpose of id4pii is to put a privacy barrier in front of that submission. We have no control over what the LLM provider does with the text they receive; we only control what we hand them.
- Hugging Face is contacted exactly once, during install, to download the openai/privacy-filter model files. After download, the model lives on your disk and is never re-fetched. If you would prefer to vet or supply your own model file, you can point id4pii at any compatible model directory via the
--model flag or the ID4PII_MODEL environment variable.
- id4pii diagnostics infrastructure is contacted only if you explicitly send a diagnostic report from the extension popup. The report may contain sensitive current-tab content, as described above.
- No other third party is involved by id4pii itself.
Data retention and deletion
Normal anonymization data is not stored on any server we operate. Optional diagnostic reports that you explicitly send are stored long enough to analyze and fix the reported issue, then deleted when they are no longer needed for that purpose.
On your own machine:
- The model weights live under
%LOCALAPPDATA%\id4pii\model\.
- The encrypted vault and rotating logs live under
%LOCALAPPDATA%\id4pii\.
Running the Windows uninstaller (Settings → Apps & features → id4pii → Uninstall) or id4pii.exe uninstall removes the entire %LOCALAPPDATA%\id4pii\ tree in one step — model, vault, and logs are all gone.
Updates to this policy
If this policy changes, the new version is committed to the same docs/privacy.md file in the public repository. The git history is the changelog.
id4pii is open source under the MIT License. The source, the issue tracker, and the responsible-disclosure contact instructions live at https://github.com/TBLgGamin/id4pii.