We value your privacy

We use necessary cookies to run the site and, with your consent, analytics and marketing cookies to improve it. You can change your choice anytime. Privacy Policy

  • Security
  • Pricing
  • Blog
Book a scoping call

Browser extension disclosure

Shield Web — Browser Extension Privacy

Shield Web is an enterprise security and DLP tool deployed by an organization to discover and govern its members' use of third-party AI services. Data is associated with the organization's Shield Control workspace.

Data we collect through the extension

  • Account data: your email and the organization/user identifiers from your Shield Control account, to authenticate you. The session is stored locally in the browser.
  • AI-service usage (discovery): when you visit a supported AI service (e.g. ChatGPT, Claude, Gemini, Copilot and others), we record the service's domain, a timestamp, and your organization/user identifiers.
  • Policy-enforcement events (audit): when you take a monitored action (submitting a prompt, pasting text, uploading a file), we record the action type, the outcome (allowed / warned / blocked / redacted), the policy applied, the redaction count, and the category labels of any sensitive data detected (e.g. "pii", "secrets", "source_code").
  • Error diagnostics: technical error reports without personal content (Sentry).

Data we do NOT collect

The content of your prompts, pasted text, uploaded files, or AI responses. Sensitive-data detection and redaction run entirely on your device — only category labels (never the values) are transmitted. When a redaction policy applies, detected values are replaced with placeholders locally and never leave your device.

How we use it

To provide the service your organization deployed: an inventory of AI tools in use, enforcement of your organization's DLP policies, and a compliance audit trail.

Storage & retention

Locally (chrome.storage): your session, a short-lived policy cache, and settings. Backend: discovery and audit events are stored in Qadar AI's Supabase database (EU region), scoped to your organization via row-level security; retention follows your organization's agreement (see the Data Processing Agreement).

Sharing

We do not sell personal data. Data is processed on our behalf by sub-processors under data processing agreements: Supabase (database & authentication), Cloudflare (hosting & API gateway), and Sentry (error monitoring). Your organization's administrators can access the data in Shield Control.

Permissions

We request only what the purpose requires: local storage; alarms (session refresh); the side panel; the active tab's URL on click; access to your Shield Control workspace and our backend; and content scripts on the supported AI services it monitors.

Controller & contact

Qadar AI Limited, DIFC Innovation Hub, Dubai (see the Legal Notice). First-run consent is shown in the extension.

Other legal documents

Privacy PolicyQadar AI Standard TermsLegal NoticeQadar AI Data Processing Agreement

Subscribe to our newsletter

Product and governance updates — see our privacy policy.

AI security and control for every model your team uses.

Built in Dubai. Designed for teams operating across regions, models, and regulatory environments.

  • Product

    • Shield Web
    • Shield Control
    • Shield Desktop
    • Shield Mobile
    • Pricing

  • Solutions

    • For CISOs
    • For Operations
    • For AI Teams

  • Use Cases

    • AI Governance
    • AI Agent Security
    • LLM Access Control
    • Secure AI Deployment
    • Enterprise Operations
    • Financial Services

  • Resources

    • Blog
    • Guides
    • Glossary
    • AI Risk Calculator
    • Compare
    • FAQ

  • Company

    • About
    • Careers
    • Security & Trust
    • Contact

  • Legal

    • Legal
    • Privacy
    • Terms
    • GDPR / DPA

© 2026 Qadar AI. All rights reserved. EU data residency available for Enterprise customers.