On supported sites such as ChatGPT and Gemini, the extension processes prompt text that a user types, pastes, or edits in the page composer so Sanctuary can decide whether the request should be allowed, redacted, or blocked.

When connected to a Sanctuary deployment, the extension may send the destination app name, page host, page URL, policy scope, and request identifiers along with the prompt preview request so the configured deployment can apply policy and audit controls.

The extension stores the Sanctuary base URL, client API key, project key, policy scope, and UI preferences such as auto-send behavior in browser extension storage on the user device until the user changes, resets, or removes the extension.

Preview requests are sent over HTTPS to either the Sanctuary-hosted demo service at api.sanctuaryproxy.com or the customer-configured Sanctuary deployment. The extension does not download or execute remote code.

If Sanctuary returns a protected prompt, the protected prompt is what remains in the page composer and can be sent to ChatGPT or Gemini. If Sanctuary returns an allow decision and auto-send is enabled, the original prompt may be submitted to the destination site because no sensitive match was detected.

The extension is designed for prompt protection, policy enforcement, and audit workflows. It does not sell user data and is not intended for unrelated advertising, profiling, credit scoring, or data brokerage use.

Prompt text is processed so Sanctuary can detect sensitive data, generate a protected version, and render the decision panel back to the user. In demo mode, prompt text is sent to the Sanctuary-hosted demo endpoint for that preview. In connected mode, prompt text is sent to the user's configured Sanctuary deployment.

The client API key and project key are stored locally in the extension and are transmitted only to the configured Sanctuary deployment to authenticate and scope preview requests. They are not sent to ChatGPT or Gemini.

Customer-configured Sanctuary deployments may store audit records about preview requests, including timestamps, policy decisions, detection categories, request hashes, selected page metadata, and prompt or response samples according to that deployment's configuration. Sanctuary-hosted public demo mode records aggregated proof metrics and marketing events used to operate the demo.

The extension does not scrape unrelated pages, does not operate on sites outside its supported host permissions, does not sell browsing history, and does not download executable code from remote servers.

Data may be shared with: 1) Launchdesk LLC when the user chooses the Sanctuary-hosted public demo; 2) the customer-selected Sanctuary deployment operator when the extension is connected to a customer-managed or customer-configured Sanctuary instance; 3) infrastructure and security providers used by that operator to host the Sanctuary service, such as compute, storage, database, content delivery, and key-management services; and 4) the destination AI site only for the content that remains in the composer and is actually submitted there by the user or by the extension's send action.

We do not sell user data, license user data to data brokers, or share user data for unrelated advertising purposes.

Extension settings remain in local browser extension storage until the user changes them, resets the extension settings, clears extension storage, or uninstalls the extension.

Retention on a Sanctuary backend depends on the operator of that deployment. A customer-managed deployment controls its own audit, identity, retention, and deletion settings. The Sanctuary-hosted public demo keeps service-level proof and marketing telemetry needed to operate the demo, monitor abuse, and troubleshoot the service.

To delete locally stored extension settings, reset or uninstall the extension. To request deletion or access for data processed by a Sanctuary backend, contact the operator of that Sanctuary deployment. For Sanctuary-hosted demo questions, contact Krishn2427@gmail.com.

Sanctuary preview traffic is sent over HTTPS. Customer-configured Sanctuary deployments may additionally use encrypted vaulting, audit integrity controls, and tenant-scoped credentials according to their configuration.