Blur

Privacy Policy

How Blur handles user data, browser storage, and account data across the marketing site and browser extension.

Blur is designed so prompt content stays local to the browser. This page covers what is and is not stored when teams use Blur, and provides full transparency into how data flows through the product.

What Blur does not collect

Blur does not collect, store, or transmit the text your team types into ChatGPT, Claude, or Gemini.

Detection and masking run entirely in-browser using local pattern matching and entity detection. Prompt content is never shipped to Blur servers for scanning, analysis, or any other purpose. There is no server-side processing step that touches your team's prompt text at any point.

This means:

  • No prompt content is logged, cached, or stored on any Blur-owned infrastructure
  • No prompt content is sent to third-party analytics, monitoring, or machine learning services
  • No prompt content is accessible to Blur employees, contractors, or partners

The extension operates as a purely client-side privacy layer. The detection engine runs locally, and masked output is generated before any content leaves the browser.

Data stored in the browser

Blur stores only the data required to make the product usable across sessions. This data lives in Chrome's built-in chrome.storage API and never leaves your device unless Chrome Sync is enabled in your browser profile.

The following data is persisted locally:

  • Detection preferences and category toggles. Which detection categories (contact info, names, financial identifiers, sensitive traits) are enabled or disabled for the current user.
  • Theme preference. Whether the user has selected light mode, dark mode, or system default for both the extension popup and the marketing website.
  • Authenticated session state. When a user signs into a team workspace, the session token and basic user metadata are stored locally to maintain the signed-in state across browser restarts.

No browsing history, no keystroke data, and no prompt content is ever persisted in local storage.

Account and billing data

Team accounts store user email address, organization membership, and billing metadata through Supabase (authentication) and Stripe (payments). That data is used only for the following purposes:

  • Access control. Determining which users belong to which organization and what role they hold (owner, admin, or member).
  • Billing and invoicing. Managing subscription state, seat counts, and payment methods through Stripe's PCI-compliant infrastructure.
  • Team administration. Enabling owners and admins to invite, remove, and manage teammates from the Blur dashboard.

Blur does not sell customer data and does not use account data for advertising, audience profiling, or third-party enrichment of any kind.

Data retention

Account data is retained for as long as the account remains active. If a team cancels their subscription, billing data is retained by Stripe in accordance with their data retention policies. Users may request deletion of their account data by contacting maya@blurprivacy.app.

Local browser data can be cleared at any time by uninstalling the extension or clearing Chrome storage for the Blur extension.

Changes to this policy

We may update this policy from time to time. Changes will be posted on this page with an updated effective date. For material changes that affect how customer data is handled, we will make reasonable efforts to notify active team accounts via email.

Contact

Questions about this policy or data handling practices can be directed to maya@blurprivacy.app.

Security Overview

Operational boundaries, extension permissions, and product-level controls that reduce prompt exposure risk.

On this page

What Blur does not collectData stored in the browserAccount and billing dataData retentionChanges to this policyContact