Privacy Policy

Core Principle

All AI conversation data is processed locally on your device. Your prompts, AI responses, agency scores, anomaly data, and audit records are never transmitted to Vigil servers.

What We Do Not Collect

• Conversation content, prompts, or AI responses
• Agency scores or anomaly detection data
• VOAF audit records
• Browsing history

What We Collect

• Email address — for magic link authentication via Supabase
• License key and device ID — for subscription management
• Subscription tier and payment status — to determine feature access
• Anonymous web analytics — PostHog analytics on runvigil.ai only. No analytics in the desktop app or Chrome extension.

Payment Processing

Payments are processed by Stripe. We never see, store, or have access to your credit card numbers or payment details. Stripe's privacy policy governs payment data handling.

Chrome Extension

The Vigil Chrome extension reads AI provider pages (ChatGPT, Claude, Gemini) to extract conversation content for local analysis. All extracted data is sent to localhost:8080 only. No conversation data is transmitted to any external server.

Desktop Application

The Vigil desktop app operates a local HTTPS proxy and stores all data in a local SQLite database. All analysis, anomaly detection, and policy enforcement happens on your device. The only outbound network calls are:

• License key validation
• Subscription status checks

Third-Party Services

• Supabase — authentication
• Stripe — payment processing
• PostHog — web analytics (runvigil.ai only)
• Resend — transactional email
• Vercel — website hosting
• Fly.io — API hosting

Contact

For privacy-related inquiries: privacy@vigilsec.ai