Aegis — Privacy Policy

Last updated: April 9, 2026

1. Overview

Aegis is a Chrome extension that provides email categorization, email security analysis, domain trust checking, and browsing analytics. This policy explains in detail what data the extension collects, how it is processed, where it is stored, who it is shared with, and how you can control it.

We are committed to transparency and minimal data collection. The extension is designed with a privacy-first approach: all core functionality works locally in your browser without sending data to any server.

2. Prominent Disclosure

Aegis collects the following user data only when you explicitly opt in to anonymous data feedback during initial setup or in Settings:

• Email sender domains (e.g. notifications.amazon.com) — never full email addresses
• URL domains from email links (e.g. amazon.com) — never full URLs or page content
• URLs submitted via the feedback widget (when you manually correct a URL's category)
• Company names associated with email senders (if available)
• Extension version for compatibility tracking

This data is transmitted securely over HTTPS to aegis.penrose.services and is used solely to improve the community URL category database that all users can benefit from. No feedback data is collected unless you explicitly consent by accepting the EULA and enabling "Anonymous Data Feedback" in Settings.

Additionally, if you choose to enable AI Mode and configure your own API key, email metadata (subject line and sender name) is sent to your chosen third-party AI provider for classification. This requires your explicit configuration and is entirely optional.

The extension also uses Google Analytics 4 (GA4) to collect anonymous usage metrics (see Section 3.3 for details). This uses a randomly generated client ID — no personal information is included.

Email body content, full email addresses, passwords, and personal identification information are never collected or transmitted.

3. Data We Collect

3.1 Data stored locally (never transmitted to Aegis servers)

The following data is stored only in your browser using Chrome's storage.sync and storage.local APIs and is never sent to Aegis servers:

• Email categorization results and user settings (analysis mode, custom categories, keywords)
• Email security analysis scores and phishing detection results
• Browsing history for URL analytics (page URLs, domains, page titles, timestamps) — automatically deleted after 30 days
• Active browsing time per website category (domain, category, duration per day)
• User-defined URL category labels
• AI model configuration (API endpoint, API key, model name) — stored in Chrome's encrypted sync storage
• EULA acceptance status and timestamp
• Data feedback opt-in preference
• Domain security analysis cache (RDAP registration data, IP geolocation results) — cached locally with expiration
• GA4 analytics client ID and session ID (randomly generated, not linked to any personal identity)

3.2 Data transmitted to Aegis servers (opt-in only)

When anonymous data feedback is enabled (opt-in, disabled by default, requires both EULA acceptance and explicit toggle in Settings), the extension sends the following to aegis.penrose.services via HTTPS:

Data field	Example	Purpose	Storage
Sender email domain	notifications.amazon.com	Build sender-to-domain mappings	DynamoDB (AWS ap-northeast-1)
URL domains from email links	amazon.com	Improve URL categorization	DynamoDB (AWS ap-northeast-1)
Company name (if available)	Amazon	Associate domains with companies	DynamoDB (AWS ap-northeast-1)
URL and suggested category (feedback widget)	https://shop.example.com → shopping	Community-driven category corrections	DynamoDB (AWS ap-northeast-1)
Extension version	1.6.0	Compatibility tracking	DynamoDB (AWS ap-northeast-1)

How this data is processed:

• URL domains are validated, deduplicated, and capped at 50 entries per submission
• Sender domains are validated against a strict domain format (alphanumeric, hyphens, dots only)
• Feedback records are stored with a random UUID and timestamp — no user identifier is attached
• Sender-domain mappings are aggregated: submission counts and URL domain frequency counts are maintained to determine consensus
• URL category feedback is aggregated by domain to determine the community-voted category via majority vote
• Aggregated results are served back to all users as the community URL category database

3.3 Analytics data (Google Analytics 4)

Aegis uses Google Analytics 4 (GA4) via the Measurement Protocol to collect anonymous usage metrics. This data is sent directly to Google's analytics servers (google-analytics.com). The following events are tracked:

Event	Data included	Purpose
Extension install	Extension version	Track adoption
Email classified	Analysis mode, email count, category count	Measure feature usage
Security scan	Safety score (0–100), safety level	Monitor analysis quality
Domain analysis	Domain name, domain score, domain level	Monitor domain checking
URL page view	URL category (e.g. "shopping")	Understand browsing patterns
Category action	Action type, category ID	Track feature engagement
Settings change	Setting name, setting value	Understand preferences

Each analytics request includes a randomly generated client ID and session ID. These are not linked to any Google account, email address, or personal identity. No personally identifiable information (PII) is included in analytics events. GA4 data is subject to Google's Privacy Policy.

3.4 Data transmitted to third-party AI services (optional, user-configured)

If you enable AI mode and configure an API key in Settings, the extension sends the following to your chosen AI provider (e.g. OpenAI, Google Gemini) for email classification:

• Email subject line
• Email sender name
• Your configured category names and keywords (as classification context)

This is entirely optional and requires you to explicitly: (1) select AI mode in Settings, (2) enter your own API endpoint, and (3) provide your own API key. The extension does not provide a default API key. Your API key is stored locally in Chrome's encrypted sync storage and is never transmitted to Aegis servers. Data sent to AI providers is subject to the respective provider's privacy policy.

3.5 Domain security analysis (automatic, external lookups)

When you visit a website, Aegis performs domain trust analysis by querying the following public services:

• RDAP (Registration Data Access Protocol) — queries rdap.org to retrieve domain registration date and registrar information
• DNS resolution — queries dns.google to resolve the domain's IP address
• IP geolocation — queries ip-api.com to determine the server's country of origin

These lookups transmit only the domain name or IP address to the respective services. Results are cached locally to minimize repeated requests. No personal data is sent. These services are subject to their own privacy policies.

3.6 Server-side access logs

When the extension communicates with aegis.penrose.services, standard HTTP access logs are recorded by the API gateway. These logs may include:

• IP address
• HTTP method and request path
• Response status code and latency
• User agent string
• Request ID

Access logs are stored in encrypted S3 storage (AWS ap-northeast-1) and are automatically deleted after 90 days. They are used solely for operational monitoring, debugging, and abuse prevention. They are not linked to feedback data or any user identity.

3.7 Data we NEVER collect

• Email body content or message text
• Full email addresses (only the domain portion, e.g. example.com not user@example.com)
• Email recipient information
• Email attachments or attachment metadata
• Passwords, form data, or authentication tokens
• Personal identification information (name, phone number, physical address)
• Browsing history (stays local, never transmitted to Aegis servers)
• Financial or payment information
• Health information
• Authentication credentials for any service

4. How We Use Your Data

Data type	Purpose	Legal basis
Anonymous feedback (sender domains, URL domains, categories)	Improve the community URL category database that all users can sync	User consent (opt-in)
Sender-domain mappings	Build a shared knowledge base of which domains are associated with which email senders	User consent (opt-in)
GA4 analytics events	Understand feature usage and improve the extension	Legitimate interest (anonymous, non-identifying metrics)
Server access logs	Operational monitoring, debugging, abuse prevention	Legitimate interest (infrastructure security)
AI provider requests	Email classification when user enables AI mode	User consent (explicit configuration)
Domain security lookups	Provide domain trust scores to protect users	Legitimate interest (security feature)

We do not:

• Sell, rent, or trade any user data to third parties
• Use data for advertising, profiling, or targeted marketing
• Use data for purposes unrelated to the extension's functionality
• Combine feedback data with any personally identifiable information

5. Data Sharing with Third Parties

We share data with third parties only in the following limited circumstances:

Third party	Data shared	Purpose	Condition
Google Analytics (GA4)	Anonymous usage events, random client ID	Usage analytics	Automatic (no PII)
User-configured AI provider (e.g. OpenAI, Google Gemini)	Email subject line, sender name	AI-powered email classification	Only when user explicitly enables AI mode and provides their own API key
RDAP registries (rdap.org)	Domain name	Domain registration lookup	Automatic for domain trust analysis
Google DNS (dns.google)	Domain name	DNS resolution	Automatic for domain trust analysis
ip-api.com	IP address	IP geolocation	Automatic for domain trust analysis

We do not share any data with advertisers, data brokers, or any other third parties not listed above. Community feedback data (aggregated URL categories and sender-domain mappings) is served back to extension users as a shared public database — this data contains only domain names and category labels, with no user-identifying information.

6. Data Storage and Security

6.1 Local storage

• All local data is stored using Chrome's storage.sync and storage.local APIs
• AI API keys are stored in Chrome's encrypted sync storage
• Local data is protected by Chrome's built-in security model and your operating system's user account

6.2 Server-side storage

• Feedback data is stored in Amazon DynamoDB tables in the AWS ap-northeast-1 (Tokyo) region
• All data is encrypted at rest using DynamoDB default encryption (AWS owned keys)
• Access logs are stored in S3 with AES-256 server-side encryption and public access blocked
• All API communication uses HTTPS (TLS 1.2+)
• No user credentials or authentication tokens are stored on our servers
• The extension does not execute any remote code — only JSON data is fetched from servers
• Request payloads are validated and size-limited (max 10 KB) to prevent abuse

7. Data Retention

Data type	Retention period	Deletion method
Local browsing history	30 days (auto-cleanup)	Automatic daily cleanup by the extension
Local domain analysis cache	24 hours	Automatic expiration
Local settings and preferences	Until uninstall	Uninstall extension or clear Chrome storage
Server-side feedback data	Indefinite	Contact us for deletion (see Section 11)
Server-side access logs	90 days	Automatic expiration via S3 lifecycle policy
GA4 analytics data	Per Google's retention policy	Managed by Google

8. Your Controls and Rights

Control	How
Disable anonymous feedback	Settings page → toggle off "Anonymous Data Feedback" (disabled by default — only enabled if you opted in)
Disable AI mode	Settings page → select "Local Rules" analysis engine
Export your data	URL Analytics page → Export button (JSON labels or CSV history)
Delete all local data	Uninstall the extension, or clear site data for the extension in Chrome settings
Decline the EULA	Click "Decline" on the EULA dialog — the extension remains inactive and collects no data
Request server-side data deletion	Email us at kaija.chang@gmail.com — since feedback data is anonymous (no user ID), provide the sender domains or URLs you submitted so we can locate and remove the records

Because feedback data does not contain any user identifier, we cannot automatically associate server-side records with a specific user. If you wish to have specific feedback records removed, please contact us with the domain names you submitted.

9. Permissions Explained

Permission	Why it's needed
storage	Save settings, categories, browsing history, domain cache, and EULA state locally
activeTab	Read the current tab's URL for browsing categorization and domain analysis
scripting	Inject the URL feedback widget on uncategorized pages and content scripts
alarms	Schedule weekly category sync, daily history cleanup, whitelist refresh, and time tracking flush
webNavigation	Detect page navigations for browsing analytics and domain security analysis
idle	Pause active time tracking when the user is away from the computer
tabs	Get active tab info for accurate browsing time attribution and domain analysis
Host permissions (<all_urls>)	Content scripts on Gmail/Outlook for email analysis; webNavigation across all sites for browsing analytics; domain security lookups; API calls to aegis.penrose.services

10. Children's Privacy

Aegis is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child under 13 has provided data through the extension, please contact us and we will promptly delete it.

11. Changes to This Policy

We may update this privacy policy from time to time. Changes will be reflected in the "Last updated" date at the top of this page. For significant changes that affect how your data is collected or used, we will notify users through the extension's update notes. Continued use of the extension after changes constitutes acceptance of the updated policy.

12. Contact

If you have questions about this privacy policy, want to request data deletion, or have concerns about the extension's data practices, please contact us at:

Email: kaija.chang@gmail.com