Privacy Policy
// Last updated: April 2026 · Effective: April 2026
// overview
Our Commitment
PhishGuard is an AI-powered phishing email detection Chrome extension. This privacy policy explains exactly what personal data we collect, how we handle and use it, how long we store it, and who we share it with.
// key principle
PhishGuard does not store, log, or share the content of any email you analyze. Email text is processed in real time and immediately discarded after analysis is complete.
// data_collection
What Data We Collect
When you open an email in Gmail, the PhishGuard extension accesses the following data from that email:
- The subject line of the email you are currently viewing
- The sender's name and email address
- The body text of the email you are currently viewing
We do not collect any of the following:
- Your Gmail username, password, or authentication tokens
- Emails you have not opened
- Your browsing history or activity outside of Gmail
- Any personally identifiable information beyond what appears in the email being analyzed
- Location data, device identifiers, or IP addresses
// data_handling
How We Handle Your Data
Email content is handled as follows:
- When you open an email, the extension reads the subject, sender, and body text
- This text is sent over an encrypted HTTPS connection to the PhishGuard API hosted on Hugging Face Spaces
- The API analyzes the email using rule-based checks, a machine learning classifier, and the Llama 3.3-70B AI model via Groq API
- A risk score, verdict, and explanation are returned to your browser
- The email text is discarded immediately after analysis — it is never written to any database or log file
The most recent analysis result (verdict, score, signals) is temporarily stored in your browser's local extension storage (chrome.storage.local) so the popup can display it. This data never leaves your device.
// data_storage
How We Store Your Data
PhishGuard uses two types of storage:
- Local browser storage (chrome.storage.local) — stores only the most recent analysis result on your device. This includes the verdict, risk score, and signal list. It does not include the original email text. This data is cleared when you uninstall the extension.
- API server (Hugging Face Spaces) — email text is sent to the API for analysis only. It is processed in memory and never persisted to disk, a database, or any logging system.
We retain no email content, no user identifiers, and no analysis history on our servers.
// data_sharing
How We Share Your Data
We share data with the following third-party services strictly for the purpose of providing phishing analysis:
- Groq API — email text is sent to Groq's API to run the Llama 3.3-70B AI model for contextual reasoning. Groq processes this data solely for inference. See Groq's privacy policy: groq.com/privacy-policy
- Hugging Face Spaces — our API is hosted on Hugging Face's infrastructure. Email text passes through their servers during analysis but is not stored. See Hugging Face's privacy policy: huggingface.co/privacy
We do not share your data with any other third parties. We do not sell, rent, or transfer your data to advertisers, data brokers, or any other parties.
// data_we_never_collect
What We Never Do
- We never store or log the content of your emails on our servers
- We never store your Gmail credentials or authentication tokens
- We never share your email content with third parties for advertising purposes
- We never build user profiles or track your behavior across sessions
- We never sell your data to any third party
- We never access emails you have not opened
- We never use your data for any purpose unrelated to phishing detection
// extension_permissions
Why We Need These Permissions
- Access to mail.google.com — required to read the subject, sender, and body of the email you are currently viewing in Gmail for phishing analysis
- Access to sac-red-phishguard.hf.space — required to send email content to the PhishGuard API hosted on Hugging Face Spaces for AI-powered phishing detection
- Storage — stores the most recent analysis result (verdict and risk score) locally in your browser so the extension popup can display it
// policy_updates
Changes to This Policy
We may update this privacy policy from time to time. Any changes will be reflected on this page with an updated effective date. Continued use of PhishGuard after changes constitutes acceptance of the updated policy.
// contact
Contact
If you have any questions about this privacy policy or how PhishGuard handles your data, please reach out:
← Back to PhishGuard