Legal
Privacy Policy
Last updated: July 8, 2026
Peach Security (“we,” “us”) provides enterprise AI security services, including the Peach Security Chrome extension (the “Extension”). This policy explains how we collect, use, store, and share information.
If your employer deployed Peach Security, your organization is typically the data controller; Peach Security processes data on their instructions.
1. Information we collect
Extension. When you use supported AI websites, the Extension may collect and transmit:
- Prompt text and uploaded files you submit
- Page URL, AI service name, and timestamp
- Sign-in status, account type, and email domain or email address when available from the AI session
- A device identifier configured by your organization
- Policy results and security metadata
Our servers may also record your IP address.
Platform & website. If you use our dashboard or website, we may collect account information (name, email, role), usage logs, and standard web/server logs.
User accounts. Dashboard access uses Google or Microsoft single sign-on (SSO). We do not collect, store, or process user passwords.
2. How we use information
We use information only to:
- Enforce your organization's AI and data-security policies (allow, warn, or block)
- Provide audit logs and alerts to authorized administrators
- Operate, secure, and improve our services
- Comply with law
We do not sell personal information or use Extension data for advertising.
Chrome Web Store Limited Use: The Extension uses personal and sensitive data only to provide its security and policy-enforcement features. We comply with the Chrome Web Store User Data Policy, including Limited Use requirements.
3. How we store information
On your device: Organization configuration (tenant ID, API token, device ID) may be stored via enterprise browser policy. Prompt content is not stored long-term in the Extension during normal operation.
On our servers: Event data is stored in MongoDB (cloud-hosted database). Processing and hosting use Google Cloud Platform (GCP). Data is transmitted over HTTPS/TLS and protected at rest by our infrastructure providers.
Retention: Data is kept for as long as needed to provide the service to your organization, as configured in your contract or admin settings, unless a different period is required by law.
4. How we share information
We do not sell personal information. We share information only:
- With your organization — authorized admins via the dashboard, email alerts, and webhooks they configure
- With service providers — including GCP (hosting and automated security analysis) and MongoDB (database storage), plus email delivery providers for alert notifications
- For legal or safety reasons — when required by law or to protect rights and security
- In a business transfer — if we merge or are acquired, with notice where required
5. Your rights & contact
Contact your employer/IT administrator first if the Extension was deployed by your organization.
Peach Security
Email: privacy@peachsecurity.io