Local AI governance for managed enterprise environments.
This Trust-Prompt Enterprise Privacy Policy explains how Trust-Prompt Enterprise handles data as a managed, local-first AI governance layer for organizations using supported AI tools in controlled browser environments.
The extension runs local rule-based checks in the browser. It does not read uploaded files, does not perform OCR, and does not transmit prompt text to Trust-Prompt servers for analysis.
Most important privacy principles
- Local pre-send checks: prompt text is evaluated locally before submission.
- No remote prompt analysis by Trust-Prompt: prompt content is not sent to Trust-Prompt servers for analysis, scoring, advertising or unrelated profiling.
- No OCR / no file-content inspection: Trust-Prompt Enterprise does not read uploaded documents, scan files or extract file contents.
- Managed enterprise control: organizations can deploy policies through Google Admin, Chrome managed storage or Windows registry policies.
- Role-based permissions: IT decides what users may view or change locally.
Privacy and governance explained for every enterprise stakeholder
Different teams care about different risks. Trust-Prompt Enterprise uses one local governance architecture, but the privacy and governance value is best understood from the perspective of each department.
Managed deployment and local enforcement.
IT and security teams can deploy Trust-Prompt Enterprise through managed browser policies, control supported AI scopes, define whether users may override specific settings, and verify deployment through Chrome policy visibility.
How prompt checks work
Trust-Prompt Enterprise is designed to check prompt text locally before users submit content to supported AI tools. The purpose is to reduce accidental exposure of personal data, secrets, financial information, internal records or regulated content.
Local rule engine
Prompt text may be evaluated locally for rule-based risk signals such as personal data, identifiers, financial data, secrets, structured records and sensitive categories.
No Trust-Prompt prompt server
Trust-Prompt Enterprise is not designed to send prompt text to Trust-Prompt servers for remote analysis, scoring, advertising or unrelated profiling.
Third-party AI tools
If a user submits content to a third-party AI service, that content is then processed by that third party under its own terms and privacy practices.
Why browser permissions are used
Browser permissions are used only to provide the extension’s visible product functionality: detecting supported AI interfaces, applying local pre-send checks, displaying warnings or blocks, handling policy-controlled upload workflows, and enforcing organization-managed settings.
Supported AI interface detection
The extension needs access to supported AI pages so it can detect prompt input areas and apply the local pre-send governance layer before submission.
Local warning and blocking UI
The extension may show local warnings, blocks or redacted previews depending on the active policy and risk signals detected in the browser.
Managed enterprise settings
In managed deployments, the extension reads organization-controlled settings from Chrome managed storage or registry-based policies where applicable.
Permissions are not intended to create unrelated browsing surveillance, advertising profiles or a remote prompt analytics dataset. Trust-Prompt Enterprise is designed around explicit supported AI scopes and organization-managed policies.
Organization-controlled deployment and permissions
Trust-Prompt Enterprise can be configured through organization-managed policies. These policies may define protection status, upload behavior, supported AI sites, role permissions, rule behavior, category behavior, word policies and local override permissions.
| Policy area | What the organization controls | Privacy relevance |
|---|---|---|
| Protection | Whether Trust-Prompt is active and whether users may turn it on or off locally. | Prevents unmanaged user behavior where required by policy. |
| Upload policy | Whether visible upload intent should be allowed, warned or blocked. | Files are not read; the policy controls the visible upload workflow only. |
| AI access | Which AI sites are approved, monitored or blocked for selected targets. | Helps reduce uncontrolled AI usage while keeping scope explicit. |
| Governance rules | Risk categories, rule overrides, word lists and local redaction behavior. | Supports policy-based data minimization before AI submission. |
Managed access is bound to organizational policy
Trust-Prompt Enterprise may use a managed enterprise license supplied through organization-controlled policy. License data should not contain prompt text and is used to determine product access, plan, expiry and tenant state.
Managed license
An organization may deploy a managed enterprise license through policy. The extension may locally read license status, license plan, expiry and tenant information.
Tenant verification
Trust-Prompt Enterprise can compare the managed tenant value with the license tenant to determine whether the workspace is correctly authorized.
Access state
The popup may show whether enterprise access is active, restricted or controlled by organization-managed licensing and policies.
Categories of data and purpose
Website data
When visiting trust-prompt.com, standard website operation data may be processed by hosting or infrastructure providers, such as IP address, browser information, request logs and security logs.
Extension data
The extension may locally process prompt text before send, rule matches, product state, local preferences, managed policy values and local override settings.
Policy data
Managed configuration may include organization name, tenant ID, policy version, role, group, allowed AI sites, governance rules and local edit permissions.
Governance visibility without prompt collection
Depending on configuration, Trust-Prompt Enterprise may support local audit visibility such as rule counters, decision counts, changed settings or policy-state indicators. The purpose is governance transparency, not advertising or unrelated employee profiling.
Trust-Prompt Enterprise should not be understood as a central prompt surveillance system. Its core privacy model is local pre-send governance with organization-controlled policies.
No OCR and no file-content inspection
What Trust-Prompt does
Trust-Prompt Enterprise may react to visible upload intent or attachment workflows according to the active upload policy: allow, warn or block.
What Trust-Prompt does not do
Trust-Prompt Enterprise does not read uploaded files, does not perform OCR and does not extract document contents for prompt analysis.
Explicitly managed AI scope
Trust-Prompt Enterprise is designed to operate on supported AI websites defined by product configuration and managed policies. This explicit scope model helps reduce false positives and avoids broad behavioral surveillance across unrelated websites.
- Supported AI hosts may include services such as ChatGPT, Claude, Gemini, Copilot, Perplexity, Grok, DeepSeek, Bing or x.ai, depending on configuration.
- Organizations may define whether supported sites are allowed, blocked, locked or checked.
- Custom hosts may be added for planning or managed enterprise use where supported.
When data may be shared
Trust-Prompt Enterprise does not intend to share prompt text with third parties for advertising, resale or unrelated analytics. Data may be shared only where needed for legitimate service operation, website hosting, licensing, legal compliance, security or support.
Website infrastructure
Hosting and infrastructure providers may process limited operational data required to operate and secure the website.
Commercial administration
If licensing, payments or account administration are used, relevant providers may process the minimum necessary data for that purpose.
Legal and security reasons
Data may be disclosed if required by law, legal process, fraud prevention, incident response or protection of rights.
Website-only cookies and similar technologies
The website may use technically necessary cookies or similar technologies required for site operation, security, performance or lawful administration. If analytics or marketing technologies are used on the website, they should be disclosed separately and, where required, used only with appropriate consent.
Retention, local storage and security measures
Retention
Website logs and administrative records should be retained only for as long as necessary. Locally stored extension data remains in the browser environment until removed, reset, overwritten or controlled by organization-managed policy.
Security
Trust-Prompt Enterprise uses reasonable technical and organizational measures to protect service and website data. No system can guarantee absolute security in all circumstances.
Privacy rights and contact
Depending on applicable law, including GDPR where relevant, users may have rights such as access, rectification, deletion, restriction, objection and data portability. In managed enterprise environments, some requests may need to be directed to the user’s organization as the administrator of the managed environment.
Trust-Prompt contact
Email: service@trust-prompt.com
Website: trust-prompt.com
Managed organization
If Trust-Prompt Enterprise is deployed by your organization, your organization may control policy settings, access status, role permissions and local override rights.
Updates to this policy
This privacy policy may be updated to reflect product changes, legal requirements or operational improvements. The current version should remain available on this page with the latest update date.