Privacy Policy
1. Introduction
This Privacy Policy describes how the SOVR Browser Extension and VS Code Extension ("Extensions") collect, use, and protect information when you install and use the Extensions. SOVR Inc. ("we," "us," or "our") is committed to protecting your privacy and ensuring transparency about our data practices.
The SOVR Extensions are an AI Responsibility Layer that provides gate check, audit trail, trust bundle, and kill-switch capabilities for AI agents operating in your browser and editor environment.
2. Information We Collect
2.1 Information You Provide
When you configure the Extension, you voluntarily provide the following information, which is stored locally:
| Data Type | Purpose | Storage Location |
|---|---|---|
| API Key | Authenticate requests to the SOVR platform | Local storage only |
| Base URL | Connect to your SOVR instance | Local storage only |
| Tenant ID | Identify your organization | Local storage only |
| Display preferences | Theme, language, notification settings | Local storage only |
2.2 Information Generated During Use
When you perform gate checks or interact with the SOVR platform, the following data is transmitted to the SOVR API server:
| Data Type | Purpose | Retention |
|---|---|---|
| Action names | Evaluate against your security policies | Per plan retention |
| Resource identifiers | Contextual policy evaluation | Per plan retention |
| Decision results | Audit trail and compliance records | Per plan retention |
| Trust scores | System health monitoring | Aggregated, no PII |
2.3 Information We Do NOT Collect
The Extensions do not collect, transmit, or store: browsing history or visited URLs, page content or screenshots, personal identification information (name, email, address), cookies or session tokens from other websites, keystrokes or passwords, file system contents, location data or device identifiers, or data from other extensions.
3. How We Use Information
Service Operation. API keys and configuration settings are used solely to authenticate your requests to the SOVR platform and deliver gate check, audit, trust bundle, and kill-switch functionality.
Audit Trail. Decision records (action names, results, timestamps) are stored on the SOVR platform to maintain a verifiable audit chain, which is a core feature of the product that you explicitly opt into by performing gate checks.
Billing. Usage counts (number of gate checks, irreversible action allows, trust bundles generated) are tracked to enforce plan quotas and calculate overage charges, if applicable.
4. Data Sharing
We do not sell, rent, or share your data with third parties for advertising or marketing purposes. Data is shared only in the following limited circumstances:
With the SOVR Platform: Configuration and gate check requests are sent to the SOVR API (default: https://sovr.inc) to deliver the service. This is the core functionality of the Extensions.
Legal Requirements: We may disclose information if required by law, regulation, or valid legal process.
5. Data Storage and Security
Local Storage. All Extension settings (API key, preferences) are stored in your browser's built-in extension storage or VS Code's settings storage, which is sandboxed and inaccessible to other extensions or websites.
Transit Security. All communications between the Extensions and the SOVR API are encrypted using TLS 1.2 or higher.
API Key Security. Your API key is never exposed to web page content scripts. It is stored in the Extension's background service worker and used only for authenticated API calls.
6. Data Retention
Local extension data persists until you uninstall the Extension or manually clear it. Server-side audit data is retained according to your subscription plan:
| Plan | Log Retention |
|---|---|
| Free | 30 days |
| Personal | 30 days |
| Starter | 90 days |
| Pro | 90 days |
| Enterprise | 365 days |
7. Your Rights and Choices
Access and Export. You can export your full audit log at any time through the Extension's Audit tab (CSV or JSON format) or through the SOVR web dashboard.
Deletion. You can delete your local Extension data by uninstalling the Extension. To request deletion of server-side data, contact [email protected].
Opt-Out. You can disable notifications, enable silent mode, or disconnect the Extension at any time through the Settings tab.
8. Permissions Explained
Browser Extension Permissions
| Permission | Reason |
|---|---|
| storage | Store your API key and preferences locally |
| notifications | Display gate check results and alerts |
| activeTab | Enable context menu gate checks on the current tab |
| sidePanel | Provide the SOVR side panel interface |
| contextMenus | Add "SOVR Gate Check" to the right-click menu |
| tabs | (Optional) Enable cross-tab audit monitoring |
The Extension requests host permissions for https://sovr.inc/* and https://*.sovr.inc/* exclusively to communicate with the SOVR API. No other domains are accessed.
9. Children's Privacy
The Extensions are not directed at children under the age of 13. We do not knowingly collect personal information from children.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated through the Extension's update notes and on our website. Continued use of the Extensions after changes constitutes acceptance of the updated policy.
11. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, please contact us:
© 2026 SOVR Inc. All rights reserved.
Privacy Policy · Terms of Service