Compliq

Privacy Policy — Compliq Browser Extension

Last updated: June 3, 2026

1. Overview

Compliq is an enterprise AI Compliance Monitoring and Enforcement tool deployed by your employer or organization. The Compliq browser extension inspects the text you send to — and receive from — supported AI chat services and, according to your organization’s security policy, redacts sensitive data or blocks the message before it leaves your browser. This policy explains what the extension accesses, how that information is used, and who it is shared with.

Enterprise deployment. The extension is configured and deployed by your organization, which acts as the data controller for information processed through it. Compliq acts as a data processor on your organization’s behalf. Your organization determines which AI services are monitored, what policies apply, and how long records are retained. For questions about your specific environment, contact your organization’s IT or security team.

2. What the extension accesses and collects

Prompt and response text (“website content”). On the AI-integrated domains listed in the extension’s permissions, the extension reads the text you are about to send to the AI service (and the responses you receive) so it can be scanned against your organization’s security policy. This text is transmitted to your organization’s Compliq backend (api.compliq.io) to produce a verdict: allow, redact, or block.
Work email / account identity. With your permission, the extension reads the email address of the signed-in Chrome profile (via Chrome’s identity API) to attribute scans to you in your organization’s audit log and to authenticate your Compliq session.
Session data. The extension stores, locally in your browser, your Compliq session token and a per-session scan identifier so you stay signed in and scan activity can be correlated. No browsing history is stored.

The extension only reads request content on the specific AI-assistant domains listed in its host permissions. It does not read, modify, or track your activity on any other website.

3. What the extension does not do

It does not collect your general browsing history.
It does not sell or rent your data, or share it with third parties for advertising or any unrelated purpose.
It does not fetch or execute remote code. All scanning logic ships in the extension package; the backend returns a verdict (data), never executable code.
It contacts no network destination other than your organization’s own Compliq backend (api.compliq.io).

4. How the information is used

Information is used solely for the extension’s single purpose: enforcing your organization’s data-security policy on supported AI services — detecting and redacting sensitive data (such as secrets or personal information), or blocking a message before it is sent, and recording the action in your organization’s audit log.

5. Sharing and disclosure

With your organization. Scan results, the action taken, and the associated user identity are made available to your organization in its Compliq audit log.
Service providers. Data is processed on infrastructure operated for Compliq solely to provide the service, and not for any unrelated purpose.
Not sold. We do not sell your data or transfer it to third parties for purposes unrelated to the service, and we do not use it to determine creditworthiness or for lending.
Legal. We may disclose information where required by law.

6. Data retention

Prompt and response text is processed to generate a policy verdict. Scan records and audit data are retained according to your organization’s configured retention policy. Locally stored session data persists in your browser only until you sign out, the session expires, or you remove the extension. For retention specifics in your environment, contact your organization.

7. Security

Data in transit to api.compliq.io is encrypted using HTTPS/TLS. Access to audit data is restricted to your organization and to authorized Compliq personnel as needed to operate the service.

8. Your rights

Because the extension is deployed by your organization as data controller, requests to access, correct, or delete data processed through it should be directed to your organization. Depending on your jurisdiction, you may have rights under laws such as the GDPR or CCPA; your organization can facilitate these requests.

9. Children

The extension is an enterprise tool, is not directed to children, and is not intended for use by anyone under 16.

10. Changes to this policy

We may update this policy from time to time. Material changes will be reflected by updating the “Last updated” date at the top of this page.

11. Contact

Compliq Support
Email: support@compliq.ai