SUMMARY
The short version
Everything stays on your device. The iWroteThat browser extension records evidence that you wrote your own work in Google Docs. It does this entirely inside your own browser. We never send your document text — or any copy of it — anywhere. There is no account, no login, no server, no analytics, and nothing is sold.
If you uninstall the extension or clear your browser data, the evidence it kept is gone. It was only ever on your computer.
The sections below describe exactly what the extension reads, what it stores, and what it never does. A final section, "Future features (not yet active)", describes a planned optional notarization/receipt service. Those features are not part of the version you have today — they are listed in advance so that this policy stays honest when they ship, and so you can see where the lines are drawn before anything changes.
§ 01 // WHO THIS COVERS
Who this policy covers
This policy covers the iWroteThat Chrome extension (the "Extension").
It is published by the developer of the Extension (the "we"/"us"/"developer"; contact details in Section 12). A separate, optional instructor tool is mentioned in Section 11 with its own, minimal data posture; it is not the Extension and does not change anything described here.
§ 02 // WHAT IT DOES
What the Extension does (single purpose)
The Extension records the factual origin of the text in your Google Docs — for example, which words you typed, which were pasted, and (when detectable) whether pasted text came from an AI assistant site. Its purpose is to let you show that your work is your own. It produces a record of facts, displayed to you in a side panel. It does not produce a grade, an accusation, or a verdict.
To do this it observes activity on:
- Google Docs (
docs.google.com) — the documents you are writing in; and - A fixed list of AI assistant sites (
chatgpt.com,chat.openai.com,claude.ai,gemini.google.com) — only to fingerprint copy events so that a later paste into your doc can be correctly labeled.
It does nothing on any other website.
§ 03 // DATA — LOCAL ONLY
Data the Extension processes — locally only
Everything in this section happens inside your browser and is stored only in your browser's local/session storage on your own device. None of it is transmitted to us or to any third party.
3.1 In Google Docs
| What is processed | Why | How it is stored |
|---|---|---|
| Keystroke and editing events (that a keypress/input happened, and the text of small edits) used to reconstruct what you typed | To credit text as "typed by you" | Held in your browser's per-tab session storage while you work; cleared when the tab closes |
| The document's own save data and revision history — the Extension watches your Doc's normal "save" network traffic that the page itself sends, and reads your Doc's revision log, to reconstruct which session/author produced each change | To attribute each change to the right author | Same per-tab session storage; used to compute the on-screen counts |
| Pasted text (the content of a paste, including its plain text and any HTML), and the position of the paste | To classify pasted text and, where possible, identify its source | Held in per-tab session storage while you work; used by the analysis and then cleared with the tab. A short-lived fingerprint (SHA-256 hash) of copied/pasted text is also kept in memory to match a copy to its later paste. |
| The document owner's Google account id (the "ogi" value that Google already embeds in the Docs page) | To tell your document apart from a collaborator's or shared document, so the Extension never falsely credits you for someone else's text | Read from the page; used during analysis; not transmitted |
| A small rolling activity log (the last ~100 events: event type, source website name such as "chatgpt.com", word count, timestamp, and an opaque content hash — never the text itself) | To show you a live feed of recent activity in the side panel | In-memory only; lost when the extension's background worker restarts |
| Resolved "origin evidence" per document (for each reconstructed edit: a session id, a position index, the small text fragment, and its computed origin label) | To keep your evidence stable across browser restarts within a document | Saved in your browser's local storage, keyed by document id, until you clear it or uninstall |
Because reconstructing authorship requires comparing what was typed against what was saved, the Extension does handle the content of your edits and pastes while it computes the result, and it persists the small per-edit text fragments and their origin labels in local storage so your evidence survives a restart. All of this stays on your device. It is never uploaded.
3.2 On AI assistant sites (chatgpt.com, chat.openai.com, claude.ai, gemini.google.com)
| What is processed | Why | How it is stored |
|---|---|---|
| Copy/cut events — when you copy text on one of these sites, the Extension computes a SHA-256 hash of the copied text | So that if you later paste that text into your Doc, the paste can be labeled as coming from that site | Only the hash leaves the page. The copied text itself is hashed in memory and never stored and never transmitted. The hash is kept in memory to match a later paste |
On these sites the Extension reads only what is needed to fingerprint a copy. It does not read your conversations, your prompts, your account, or your browsing.
§ 04 // WHERE DATA GOES
Where data is transmitted — nowhere off your device
iWroteThat transmits no document content, no hashes, no identifiers, and no analytics to us or to any third party. It has no server.
The only network activity the Extension is involved in is with Google's own Google Docs servers, and only in these two ways, both of which stay between your browser and Google (the same servers your Doc already talks to):
- The Extension reads the normal "save" request that the Google Docs page itself sends — it observes existing traffic; it does not create new uploads.
- The Extension fetches your document's own revision history from
docs.google.com, using your existing Google session, to reconstruct authorship.
We — the developer — receive none of this. We operate no endpoint that the Extension talks to.
§ 05 // WHAT WE NEVER COLLECT
What we never collect
- We never send your document text off your device.
- We never send your raw clipboard contents off your device.
- We never collect your browsing history or activity on sites other than Google Docs and the four listed AI assistant sites.
- We use no analytics, no telemetry, no tracking pixels, no advertising IDs, no fingerprinting for tracking purposes.
- We do not sell your data, and we do not share it with data brokers.
- We do not use your data to determine creditworthiness or for any lending purpose.
- We do not use your data for any purpose unrelated to showing you the writing evidence described above.
§ 06 // PERMISSIONS
Permissions and why we need them
| Permission | What it lets the Extension do | Why it is needed |
|---|---|---|
storage | Save data in your browser's local/session storage | To keep your origin evidence on your device across restarts (Section 3) |
clipboardRead | Read clipboard text in the page | Google Docs is a canvas editor; the selected/clipboard text is only recoverable via the clipboard. On copy, the text is hashed in memory and only the hash is kept. On paste, the pasted text is read and held in per-tab session storage on your device to classify it, then cleared when the tab closes — it is never transmitted (see Section 3.1) |
sidePanel | Show the side-panel UI | To display your evidence next to your document |
Host access to docs.google.com | Observe and analyze your Google Docs | The core function (Section 2) |
Host access to chatgpt.com, chat.openai.com, claude.ai, gemini.google.com | Fingerprint copy events on these sites | To label pasted text by source (Section 3.2) |
No permission is used for any purpose beyond the one stated here.
§ 07 // RETENTION
Data retention
- Per-tab working data (keystrokes, pastes, save/revision data) lives in your browser's session storage and is cleared when you close the tab (and when the browsing session ends).
- Per-document origin evidence lives in your browser's local storage and remains until you delete it, clear your browser's site/extension data, or uninstall the Extension.
- In-memory data (the activity log and copy-hash cache) is discarded whenever the Extension's background worker restarts.
Because all of this is on your device, you are in control of retention at all times.
§ 08 // YOUR RIGHTS
Your rights and choices
Because iWroteThat stores everything locally on your own device, exercising data rights is direct and immediate:
- Access: open the side panel to see your evidence; the underlying data lives in your browser's extension storage.
- Deletion: clear the Extension's storage, clear your browser data for the site, or uninstall the Extension — this removes the data entirely.
- Portability / correction: since the data never leaves your device, you control it directly.
If you are in a jurisdiction with data-protection laws such as the EU/UK GDPR or the CCPA/CPRA (California): because the Extension is local-only, we do not act as a remote controller or processor of your personal data — we never receive it. Where any processing on your device involves personal data, the lawful basis is your consent (you choose to install and run the Extension) and our legitimate interest in providing the single, transparent function you installed it for. You can withdraw at any time by removing the Extension. If and when the optional service in Section 10 is activated, the rights and lawful bases described there will apply to the limited data that service receives.
§ 09 // STUDENTS & MINORS
Children's and students' data (education context)
This Extension is built for students, including those in secondary and higher education. iWroteThat stores writing evidence only on the student's own device and transmits nothing to us, so we hold no student records.
Where the Extension is used by minors or in a school context, education-privacy rules such as FERPA (US) and applicable children's-privacy laws may apply to the institution deploying it. Because no student data leaves the device, we do not collect, store, or have access to any student "education record."
Forward-looking note: the optional service described in Section 10 would, if activated, receive a document hash and minimal metadata (never document content, never the student's text). Before enabling such a service for any user under 16 or in a school context, we will follow the change process in Section 13 — advance notice, strictly opt-in activation, verifiable parental consent for users under 13 and the lawful consent standard for users 13–15, and the institution-facing terms (FERPA "school official" controls) appropriate to a school deployment. Until then, this section is informational.
§ 10 // FUTURE FEATURES
Future features (NOT yet active in this version)
Everything in this section is planned and is NOT part of the version you have installed today. The current Extension does not contain or use any of it, and the guarantees in Sections 3–5 (nothing leaves your device) remain true for the release you have. This section is published in advance so the policy is already accurate when these features ship; at that time the only change here will be the removal of the "not yet active" wording and the addition of the activation date.
10.1 Optional notarization / timestamping service (planned)
We plan to offer an optional way to obtain a tamper-evident, time-stamped receipt for a document's writing evidence. If you choose to use it:
- The Extension would send a cryptographic hash digest of your document evidence (on the order of 32 bytes) plus minimal metadata (such as a document reference and a timestamp) to our own service endpoint. The document reference would be a salted/derived identifier, not your bare Google document id, so a stored receipt cannot be linked back to a specific Google Docs document by anyone holding the receipt.
- It would never send your document text or your clipboard contents. The receipt is computed from a one-way hash; the original text cannot be recovered from it.
- Our service would store only the hash and that minimal metadata, issue a signed (HMAC) receipt, and anchor the hash to an independent timestamping system (for example OpenTimestamps and/or an eIDAS-qualified Time-Stamping Authority).
- The side panel would then show a simple two-state status: "recorded locally" (today's behavior) vs "anchored" (a receipt exists).
This feature would be opt-in per use. Until it is activated, no hash or metadata is sent anywhere.
10.2 Accounts and paid receipts (planned)
A future paid tier may let you save and manage anchored receipts. If activated:
- We would collect an account email address to identify your account and send receipts/notifications.
- We would store receipt records (hashes, timestamps, receipt ids, and account association) — again, never document content.
- The lawful basis for this processing would be performance of a contract (the service you sign up for) and your consent.
10.3 Payment processing (planned)
If a paid tier is offered, payment would be handled by a third-party payment processor (for example, Stripe). In that case:
- You would provide payment details directly to the payment processor, under the processor's own privacy policy and security controls.
- We (and our notarization service) would not store your raw card/payment-card data. We would retain only what is needed to confirm a payment (such as a processor transaction/customer reference and the fact that a subscription is active).
10.4 What stays the same
Even after these features launch, the student-facing local analysis remains local: typing/paste reconstruction and the per-document evidence continue to be computed and stored on your device. The notarization features add an optional, explicitly chosen path that transmits only a hash and minimal metadata — never your text.
§ 11 // INSTRUCTOR TOOL
Related, separate product: instructor policy generator (informational)
We also develop a separate web tool for instructors that helps generate AI-use policies and assignment language. That tool is a different property with its own posture: no sign-up and no student data. It is mentioned here only so you know it exists and is not connected to the Extension's data. It does not receive anything from the Extension, and the Extension does not send anything to it.
§ 12 // CONTACT
Contact
Questions, requests, or concerns about this policy or your data:
§ 13 // CHANGES
Changes to this policy
We may update this policy as the Extension evolves (for example, when the optional features in Section 10 are activated, or to reflect legal requirements). For minor or clarifying edits we will update the "Effective" date at the top.
Before any future feature (such as a paid notarization or settlement tier) collects or transmits any new personal data, we will:
- Publish an updated privacy policy and an in-product disclosure describing exactly what is collected, why, and with whom it is shared, and give at least 30 days' advance notice of the change before the feature is activated. The updated Chrome Web Store data-use disclosure will ship with (not after) the version that introduces the change, so the disclosure always matches the Extension's actual behavior.
- Make every such transmission strictly opt-in — activated only by your explicit, affirmative choice, which you can withdraw at any time. Nothing leaves your device unless you turn it on.
- For users we know or believe to be under 16, obtain consent in the manner required by law for that age — including verifiable parental consent for users under 13 — before any of their data is collected or transmitted.
We will never apply new data practices retroactively to information held under a prior version of this policy. Because today's Extension is local-only, there is no collected data to re-purpose — and the free local analysis will stay that way (see Section 10.4).
If you do not agree with a future change, you do not have to enable the new feature; the local-only function continues to work, and you can uninstall the Extension at any time, which removes all locally stored data.