PII means Personally Identifiable Information — data that can identify a natural person directly or together with other data.
Design goal. GriGsi is built hash-first for public trust and Trust Check flows: we avoid collecting account-style profiles for normal browsing use, and we minimise PII where we can.
Extension and website (typical use). Many checks use one-way hashes of the value you entered (domain, email, phone, IBAN, text) so we do not need your raw input for the core trust layer. The extension may send hashes and minimal metadata to our servers for verification, voting, or operational limits. That does not mean “zero server traffic” — see Spaces/WebSocket flows below.
Spaces and real-time features. Chat, video, and screen sharing often use direct peer-to-peer connections when networks allow, but our servers still take part in signaling, join, configuration, APIs (for example ICE/TURN discovery). Trust Check inside an organisation Space uses our WebSocket service to distribute claim text and merged results between participants — that content passes through our server for coordination.
Telemetry and retention. We may store operational and anti-abuse signals (for example rate limits, hashed IP, extension tab/mode counters, install heartbeats) with automatic deletion after a configured period (operator setting DATA_RETENTION_DAYS, default 90 days, minimum 7). Contact form and uninstall feedback rows use the same default window unless the operator sets CONTACT_SUBMISSIONS_RETENTION_DAYS. These are not marketing profiles, but some records can be PII depending on content and jurisdiction.
Voluntary PII — contact form. If you use “Get in Touch” or similar, anything you type (name, email in the message, meeting preference) is PII you chose to send. We use it only to respond or operate that request.
Payments. Paid checkout (for example PayPal) is processed by the payment provider. We receive payment status and what is needed to issue a licence key. If we store a PayPal payer reference in our database, we keep a one-way hash of that identifier (not the raw value from the provider), for internal reconciliation only.
Admin. Operator login to the admin panel creates normal server-side session/auth records — that is PII for those accounts.
No sale of personal data. We do not sell personal data as a product. Service providers (hosting, email delivery, payments) process data only to run the service.
Host access. The extension may request broad host access so trust checks and warning UI can run on pages where the user types or navigates. This access is used only for GriGsi trust and safety features.
Permissions used. The extension uses browser APIs such as storage, activeTab, tabs, webNavigation, alarms, notifications, clipboardWrite (user-triggered), and optional text-to-speech for accessibility-like prompts.
No remote executable code. The extension package contains its executable logic. Network responses are treated as data (for example JSON/API responses), not downloaded scripts to execute.
User control. Users can disable features in extension settings or uninstall the extension at any time.
For engineering boundaries and a change checklist, operators use the internal document PRIVACY-BOUNDARIES-ZERO-PII.md in the GriGsi source tree (not shipped as a public URL on this site).