1. Introduction
This Privacy Policy describes how ACEBRIDGE LLC ("we," "us," or "our") collects, uses, and protects information when you use the ACEBRIDGE Customs Compliance Chrome Extension ("the Extension"). We are committed to protecting your privacy and ensuring transparency about our data practices.
2. Information We Collect
2.1 Account Information
When you sign in to the Extension, we collect:
- Email address - Used for authentication and account identification
- Name (first name, last name) - Used for personalization
- Organization/Tenant membership - Used to provide organization-specific features
This information is provided through our authentication partner, Clerk, when you create an account or sign in.
2.2 Query Data
When you use the Extension to ask questions:
- Text queries - Your questions about customs compliance topics
- Conversation context - Recent conversation history (last 5 exchanges) to provide contextual responses
Important: Query data is processed in real-time to generate responses and is NOT permanently stored in our systems. We do not log, retain, or analyze your queries after the response is delivered.
2.3 Screenshot Data
When you use the screenshot capture feature:
- Screenshots - Images captured from your browser for OCR (Optical Character Recognition) text extraction
Important: Screenshots are processed in memory only for text extraction and are NOT stored on our servers. The extracted text is used solely to help answer your query and is not retained.
2.4 Technical Data
We automatically collect certain technical information:
- API request logs - Standard server logs for debugging and security (retained for 30 days)
- Error logs - Information about errors for troubleshooting purposes
We do NOT collect:
- Browsing history
- Personal documents or files
- Keystrokes or form data
- Analytics or behavioral tracking data
3. How We Use Your Information
We use the collected information for the following purposes:
| Data Type |
Purpose |
| Account information |
Authentication, authorization, and organization membership |
| Text queries |
Processing your compliance questions and generating responses |
| Screenshots |
Extracting text (OCR) to assist with error message analysis |
| Technical logs |
Security monitoring, debugging, and service improvement |
4. Third-Party Services
We use the following third-party services to provide the Extension's functionality:
4.1 Clerk (Authentication)
- Purpose: User authentication and account management
- Data shared: Email, name, password (hashed)
- Privacy policy: https://clerk.com/privacy
4.2 Google Gemini (AI Query Processing)
- Purpose: Processing compliance queries and searching our document database
- Data shared: User queries, conversation context
- Data retention: None - processed in real-time only
- Training policy: Your data is NOT used to train Google's AI models (per Google Cloud API terms)
- Privacy policy: https://cloud.google.com/terms/cloud-privacy-notice
4.3 Anthropic Claude (Screenshot OCR)
- Purpose: Extracting text from screenshots for error analysis
- Data shared: Screenshot images
- Data retention: None - processed ephemerally
- Training policy: Your data is NOT used to train Anthropic's AI models (per Anthropic API terms)
- Privacy policy: https://www.anthropic.com/privacy
4.4 Google Cloud Platform
5. Data Storage and Security
5.1 Local Storage
The Extension stores the following data locally on your device:
- Authentication token - Stored in Chrome's secure storage (
chrome.storage.local)
- User information - Email and name for display purposes
- Selected organization - Your current organization context
This data remains on your device and is cleared when you log out.
5.2 Server-Side Storage
Our servers store:
- CSMS database - Publicly available CBP (Customs and Border Protection) regulatory messages
- Compliance documents - Publicly available regulatory guides and reference materials
We do NOT store:
- User queries or conversation history
- Screenshots or images
- Personal user data beyond authentication records
5.3 Security Measures
We implement the following security measures:
- Encryption in transit - All data transmitted using TLS/HTTPS
- JWT authentication - Secure token-based authentication
- Content Security Policy - Protection against XSS attacks
- Rate limiting - Protection against abuse and brute-force attacks
- Secure logging - Sensitive data redacted from server logs
6. Data Retention
| Data Type |
Retention Period |
| Authentication tokens |
Until logout or expiration (24 hours) |
| Local user data |
Until logout |
| Server logs |
30 days |
| Query data |
Not retained (processed in real-time only) |
| Screenshots |
Not retained (processed in memory only) |
7. Your Rights and Choices
7.1 Access and Control
You have the right to:
- Access your data - View your account information in the Extension
- Delete your data - Log out to clear local data; contact us to delete your account
- Opt out - Uninstall the Extension to stop all data collection
7.2 How to Exercise Your Rights
- Logout: Click the logout button in the Extension to clear local credentials
- Account deletion: Contact us at support@acebridge.io to request account deletion
- Data export: Contact us at support@acebridge.io to request a copy of your data
8. Children's Privacy
The Extension is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.
9. International Data Transfers
Our servers are located in the United States (Google Cloud - us-central1 region). If you access the Extension from outside the United States, your data will be transferred to and processed in the United States.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by:
- Updating the "Last Updated" date at the top of this policy
- Displaying a notice in the Extension (for significant changes)
Your continued use of the Extension after changes constitutes acceptance of the updated policy.
11. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
ACEBRIDGE
Email: support@acebridge.io
Website: https://acebridge.io
12. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to know - Request information about data collection practices
- Right to delete - Request deletion of your personal information
- Right to opt-out - Opt out of the sale of personal information (we do not sell personal information)
- Non-discrimination - Exercise your rights without discrimination
To exercise these rights, contact us at support@acebridge.io.
13. European Privacy Rights (GDPR)
If you are in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):
- Right of access - Obtain a copy of your personal data
- Right to rectification - Correct inaccurate personal data
- Right to erasure - Request deletion of your personal data
- Right to restrict processing - Limit how we use your data
- Right to data portability - Receive your data in a portable format
- Right to object - Object to processing based on legitimate interests
Legal Basis for Processing:
- Consent - For optional features
- Contract - To provide the Extension's services
- Legitimate interests - For security and service improvement
To exercise these rights or lodge a complaint, contact us at support@acebridge.io.
Summary
| Question |
Answer |
| Do you store my queries? |
No - Processed in real-time only |
| Do you store my screenshots? |
No - Processed in memory for OCR only |
| Is my data used to train AI? |
No - Per Google and Anthropic API terms |
| What data is stored locally? |
Auth token, email, name, organization |
| How do I delete my data? |
Logout clears local data; contact us for account deletion |
| Who has access to my data? |
Only you and authorized ACEBRIDGE personnel |