Privacy Policy

SafePaste Enterprise · Published by LogicGrid AI, LLC
Effective date: April 1, 2026 · Last updated: April 1, 2026

1. Who we are

SafePaste Enterprise is a browser extension published by LogicGrid AI, LLC, a registered limited liability company. Our contact email is [email protected].

2. What data we collect

SafePaste Enterprise collects and processes the following data:

• Clipboard content (local only) — When you paste text into an AI tool, SafePaste reads the clipboard event to detect and redact sensitive patterns. This data never leaves your browser and is never transmitted anywhere.
• Vault data (local only) — Redacted values are stored in a RAM-only vault that exists only in your browser tab's memory. It is destroyed when the tab is closed. It is never written to disk and never transmitted.
• License key — When you activate Pro, your Gumroad license key is sent to our Cloudflare Worker at api.safepaste.app for verification. The key is also stored locally in chrome.storage.local.
• Device fingerprint (hashed) — A one-way SHA-256 hash derived from your browser language, screen resolution, timezone, and CPU core count. This hash is used to enforce per-device license limits (maximum 3 devices per key). The raw values are never stored or transmitted — only the hash.
• Extension settings — Your toggle preferences and custom NDA keywords are stored locally in chrome.storage.local and never transmitted.
• Audit log (local only) — Exfiltration Shield events are logged locally to chrome.storage.local with a rolling limit of 500 entries. Never transmitted.

3. What data we do NOT collect

• We do not collect browsing history or URLs visited
• We do not collect clipboard contents — they are processed locally and discarded
• We do not collect the actual sensitive values that are redacted
• We do not use cookies or tracking pixels
• We do not sell data to any third party
• We do not display advertisements
• We do not use analytics services (Google Analytics, Mixpanel, etc.)

4. License verification

When you click "Unlock Pro" and enter a license key, SafePaste sends a POST request to api.safepaste.app/license (a Cloudflare Worker operated by LogicGrid AI, LLC). This request contains:

• Your Gumroad license key
• A one-way SHA-256 hashed device fingerprint

Our Worker verifies the key against Gumroad's API and enforces device limits. The Worker does not log your license key or device fingerprint beyond what is required for rate limiting. Verification responses are cached for 24 hours in Cloudflare KV to support offline use.

5. Third-party services

SafePaste uses the following third-party services:

• Gumroad — Payment processing and license key issuance. Gumroad's privacy policy applies to purchases made on their platform.
• Cloudflare Workers — Hosts our license verification endpoint at api.safepaste.app. Cloudflare may log request metadata (IP address, timestamp) per their standard practices.

6. Data retention

• Vault data — Destroyed when the browser tab is closed. Zero retention.
• Extension settings and audit log — Stored in chrome.storage.local until you uninstall the extension or manually clear it.
• License activation records — Device activation records are stored in Cloudflare KV for up to 1 year to enforce device limits.

7. Your rights

You may at any time:

• Reset your stats and clear your audit log using the "Reset Stats" button in the extension popup
• Clear your vault using the "Clear vault" button
• Request deletion of your device activation records by emailing [email protected] with your license key
• Uninstall the extension, which removes all locally stored data

8. Children's privacy

SafePaste Enterprise is intended for professional and enterprise use. We do not knowingly collect information from users under the age of 18.

9. Changes to this policy

We may update this policy when we add new features. The effective date at the top of this page will reflect any changes. Continued use of the extension after changes constitutes acceptance of the updated policy.

10. Contact

Questions about this policy or data handling? Email us at [email protected] or visit logicgrid.ai.

11. Disclaimer of Limitations

SafePaste Enterprise uses pattern-based regex detection to identify and redact sensitive data. Users should be aware of the following limitations:

• Format dependency — Detection relies on standard data formatting. Non-standard, abbreviated, or custom formats may not be detected. For example, an SSN written as "123456789" (without dashes) will not be caught by the SSN pattern.
• No guarantee of completeness — SafePaste is designed to significantly reduce the risk of accidental data exposure. It does not guarantee that 100% of sensitive data will be intercepted in all formats or all contexts.
• Not a compliance guarantee — SafePaste is a supplementary DLP tool. It is not a substitute for your organisation's full security policy, legal compliance programme, or obligations under HIPAA, GDPR, PCI-DSS, NDPR, or any other applicable regulation. Using SafePaste does not automatically make your AI workflows compliant with any regulatory framework.
• AI tool dependency — SafePaste intercepts clipboard events in the browser. It does not control what happens to data once it reaches an AI provider's servers. Users remain responsible for reviewing the terms of service and data processing agreements of any AI tools they use.
• Browser limitations — SafePaste operates as a browser extension and is subject to browser security policies. Certain iframe-heavy applications or sandboxed environments may limit detection capability.
• Custom patterns — Enterprise customers requiring detection of custom or proprietary data formats should contact [email protected] to discuss custom pattern library options.