Privacy Policy

Overview

Accountability Shield is an AI-powered distraction blocker available as a Chrome extension and Android app. We help you stay accountable by blocking distracting websites, providing AI-driven analytics and insights, and notifying your accountability partners. To provide this service, we collect and process certain information about you and your browsing activity.

We are committed to:

Transparency: Being clear about what data we collect and why
Minimal data collection: Only collecting what's necessary to provide our service
User control: Giving you full control over your data
No selling: Never selling your data to third parties
AI privacy: We use your data to provide your features and insights, not to sell personal profiles
Security: Protecting your data with industry-standard security measures

Data We Collect

1. Account Information

When you create an account, we collect:

Email address: Used for account authentication, password recovery, and sending accountability notifications
Name: First name, last name, or display name you choose to provide
Password: Stored securely using bcrypt hashing (we never store passwords in plain text)
Authentication identifiers: Social sign-in identifiers such as Google ID or Apple user ID if you choose those login methods
Profile image: Profile picture URL if provided by a social login provider or added by you
Extension or device identifiers: Extension user ID and device ID used to associate your account with installed clients and sync activity

2. Blocking Configuration Data

To provide the blocking functionality, we store:

Accountability groups: Names and descriptions of groups you create
Blocked websites and apps: Domain patterns, keywords, app identifiers, and app names you choose to block or limit
Group settings: Blocking schedules, time limits, exceptions, and custom rules you configure
Accountability partners: Names and email addresses of people you invite to receive notifications

3. Browsing Analytics Data (For AI Insights)

To provide AI-powered analytics, risk scoring, and personalized insights, we collect:

Domain visits: Websites you visit (domain names only, not full URLs or page content)
Visit frequency: How often you visit specific domains
Timestamps: When you visit domains (used for pattern detection)
Categories: Automatic categorization of domains (e.g., social media, streaming, productivity)
Hourly aggregates: Data is aggregated by hour and uploaded to our AI analysis system
Block attempts: When you attempt to access blocked sites
Notification history: Record of which partners were notified and when
Platform and device context: Platform, device ID, browser/app version, and related client metadata needed to process synced analytics
Mobile app usage data: On supported mobile clients, app package names, app names, open counts, usage duration, and blocked attempts

Important: What We Track vs. What We Don't

We DO track: Domain names (e.g., "twitter.com"), visit counts, timestamps, and categories for AI analysis
We DON'T track: Full URLs, page content, page text, search queries, form field contents, passwords, or screenshots of the websites you visit
Privacy filter: Browser infrastructure domains (updates, telemetry, CDNs) are automatically filtered out
Shared only with you: Analytics insights are only visible to you and your chosen accountability partners (via weekly summaries)

4. AI Coach Conversations

When you use the AI Coach feature, we collect:

Chat messages: Your questions and the AI's responses
Chat history: Stored to provide context in ongoing conversations
Actions taken: When the AI creates/modifies blocking groups or settings on your behalf

AI Coach Privacy:

Your conversations are private and only accessible to you
Chat data is NOT used to train AI models
Messages are processed via secure WebSocket connections
Deletion or account closure requests can be submitted through available product controls or by emailing us

5. Technical Data

Device information: Platform (Chrome extension, Android, iOS), device ID for sync
Browser/app version: To ensure compatibility and provide updates
Session and authentication data: API keys, access tokens, refresh tokens, and session identifiers used to securely sync data across devices
Timezone: For accurate schedule-based blocking
Operational logs: IP address, user agent, request metadata, and limited request or error logs used for security, abuse prevention, troubleshooting, and reliability

6. Billing, Website, and Voluntary Feedback Data

Subscription and billing data: Plan, billing cycle, purchase state, Stripe customer or subscription IDs, RevenueCat app user ID, product identifiers, store, and renewal/cancellation status
Website analytics data: When you visit our marketing website, we may collect page views and basic browser/device information through Google Analytics
Uninstall or support feedback: Reason for uninstalling, optional email address, extension version, plan, and related client identifiers if you choose to submit feedback

What We DON'T Collect:

Page content, text, images, or videos from websites you visit
Full URLs (only domain names)
Search queries, form data, or passwords
Personal information beyond what you provide or what is needed to operate the service
Advertising identifiers for cross-site ad targeting inside the extension product
Incognito/private browsing activity (extension doesn't run there)

🤖 How AI Analyzes Your Data

Accountability Shield's AI features are designed to help you understand and improve your digital habits. Here's exactly how the AI processes your data:

Data Collection & Aggregation

Hourly batches: Your browsing data is aggregated every hour (domain names, visit counts, categories, timestamps)
Automatic filtering: Browser infrastructure (updates, telemetry) is automatically excluded
Upload to secure API: Encrypted hourly batches are sent to our backend for analysis
Local buffering: If offline, data is stored locally and synced when connection resumes

AI Analysis Process

Pattern detection: AI identifies behavioral patterns, peak vulnerability times, and trigger domains
Risk scoring: Calculates a daily risk score (0-100) based on frequency, timing, and deviation from your baseline
Trend analysis: Tracks improvements or regressions over time (7-day, 30-day trends)
Personalized insights: Generates actionable recommendations specific to your patterns

What the AI Coach Can Do

Answer questions: "What are my biggest triggers?" "How did I do this week?"
Manage blocking: "Block Twitter from 9-5" "Add reddit.com to my Work Focus group"
Provide insights: Proactive notifications about patterns and progress
Weekly summaries: Automatically generates and sends reports to your accountability partners

AI Privacy Guarantees:

AI analyzes aggregated patterns, never individual page content
Your data is processed for YOUR insights only—never pooled or used for other users
We use AI providers to process requests for service delivery, not to build advertising profiles
Insights are visible only to you and your chosen accountability partners
If AI features are disabled in your product version, new AI-generated insights stop and existing data remains subject to this policy's retention and deletion rules

How We Use Your Data

We use the data we collect for these specific purposes:

Account Management

Create and maintain your user account
Authenticate your login sessions
Send password reset emails when requested
Provide customer support
Support Google and Apple sign-in if you choose those options

Core Blocking Functionality

Enforce website blocking rules you configure
Sync your blocking groups across devices where you're logged in
Apply blocking schedules and exceptions
Maintain pre-loaded blocklists (adult content, gambling, etc.)

Accountability Notifications

Send email alerts to your designated accountability partners when you attempt to access blocked sites
Include relevant context in notifications (which site, which group, when)
Send partner invitation emails

AI-Powered Features

Risk scoring: Generate daily risk scores (0-100) based on your browsing patterns and block attempts
Pattern detection: Identify vulnerability windows, triggers, and behavioral trends
Personalized insights: Provide actionable recommendations through the AI Coach
Weekly summaries: Generate comprehensive reports sent to your accountability partners
Conversational AI: Enable natural language management of blocking groups and settings

Cross-Platform Sync

Sync blocking groups, settings, and schedules across all your devices (Chrome, Android, iOS)
Maintain consistent AI insights across platforms
Enable seamless experience when switching devices

Billing and Subscription Management

Process purchases, renewals, cancellations, and entitlement checks
Sync subscription status across web and mobile billing systems
Prevent duplicate billing and provide subscription support

Security, Website Analytics, and Operations

Detect abuse, fraud, service misuse, and technical failures
Maintain audit trails and debugging logs needed to keep the service reliable and secure
Measure marketing website traffic and conversion performance using Google Analytics

Service Improvement

Use aggregated or de-identified product usage statistics to improve the service
Identify and fix bugs
Develop new features based on user needs

Important: We use your data ONLY for the purposes listed above. Your browsing data is used exclusively to generate your personal AI insights. We never:

Use your data for advertising or profiling
Train external AI models with your personal data
Share your browsing patterns with anyone except your chosen accountability partners
Sell or monetize your data in any way

Data Sharing and Disclosure

Who We Share Data With

Accountability Partners (By Your Explicit Choice):

We send email notifications to people you designate as accountability partners
Notifications include: your name, the blocked site domain, the group name, and timestamp
Weekly AI summaries: Partners receive automated weekly reports with your risk score trends, progress metrics, identified triggers, and success factors
You have full control over who receives notifications and can remove partners at any time

Service Providers:

Email delivery providers: We use transactional email providers such as Resend or other configured SMTP/email relay providers to send accountability notifications and account emails. They receive email addresses, message content, and delivery metadata.
Hosting and infrastructure providers: Our API, database, and supporting infrastructure are hosted on cloud platforms such as Railway and related infrastructure providers. They store or process data on our behalf so the service works.
AI providers: We use OpenAI and Google AI services for AI Coach conversations and analytics processing. They receive chat messages and aggregated browsing or app-usage patterns needed to generate responses and insights.
Authentication providers: If you sign in with Google or Apple, those providers process your login request and we receive account information needed to authenticate you.
Billing providers: We use Stripe for web billing and RevenueCat for mobile subscription management. They process subscription and purchase information needed to activate and maintain your paid plan.
Website analytics provider: Our website may use Google Analytics to measure page visits, traffic sources, and site performance.

When We Share Data

With your consent: When you explicitly choose to share (e.g., adding accountability partners)
Legal requirements: If required by law, court order, or government regulation (we will notify you unless legally prohibited)
Security threats: To prevent fraud, security threats, or illegal activity
Business transfers: If Accountability Shield is acquired, your data may transfer to the new owner (you will be notified)

We DO NOT:

Sell your data to third parties
Share data with advertisers or marketing companies
Use your data for purposes unrelated to accountability
Share your browsing activity publicly

Data Storage and Security

How We Store Your Data

Local storage: Your blocking groups and settings are stored locally in your browser using Chrome's storage API
Cloud storage: Data is also stored on our secure servers to enable syncing across devices
Encryption in transit: All data transmission uses HTTPS/TLS encryption
Encryption at rest: Database is encrypted using industry-standard encryption

Security Measures

We implement multiple layers of security:

Password hashing: Passwords are hashed using bcrypt with salt
API authentication: Secure token-based authentication for all API requests
Access controls: Strict role-based access to data and systems
Regular audits: Periodic security reviews and vulnerability assessments
Secure infrastructure: Hosted on reputable cloud providers with strong security track records

Data Retention

Account data: Retained while your account is active
Browsing analytics: Hourly aggregates stored for 90 days to enable trend analysis and AI insights
AI Coach conversations: Chat history retained for up to 90 days unless a shorter retention or deletion period applies in your product version or we must keep records for security or legal reasons
Block attempt logs: Retained for 90 days for accountability reporting
Subscription and billing records: Retained as long as needed to manage your subscription, maintain financial records, resolve disputes, and comply with legal obligations
Operational and security logs: Retained only as long as reasonably necessary for troubleshooting, abuse prevention, security review, and reliability monitoring
Uninstall or support feedback: Retained as long as reasonably needed to review feedback, improve the product, and provide support
Deleted accounts: When your account deletion request is processed, we delete or de-identify associated data subject to backup retention, fraud prevention, dispute handling, and legal obligations
Backup retention: Encrypted backups are retained for 30 days for disaster recovery

Your Rights and Controls

You have the following rights regarding your data:

Access Your Data

Request information about the personal data we hold about you
Request a copy of the data we can provide in a reasonably portable format

Correct Your Data

Update your account information (name, email) at any time
Modify your blocking groups and settings
Correct any inaccurate information

Delete Your Data

Delete blocking groups or remove accountability partners using available product controls
Request deletion of analytics, chat history, uninstall feedback, or your full account by contacting us
Use any in-product account deletion controls we make available in current or future versions of the service

Export Your Data

Request export of account, blocking, analytics, and chat data that we can reasonably provide
Ask us for a machine-readable copy where applicable

Control Notifications

Add or remove accountability partners at any time
Disable notifications for specific groups
Opt out of system emails (except critical security notices)

How to Exercise Your Rights:

Some rights can be exercised directly through available product settings. For access, export, correction, deletion, or privacy questions, contact us at [email protected]. We aim to respond within 30 days.

Third-Party Services

Accountability Shield uses the following third-party services:

Email Service Provider

Purpose: Sending accountability notifications, invitations, password resets, and service emails
Data shared: Email addresses, notification content, timestamps, and delivery metadata
Examples: Resend or another configured transactional email or SMTP relay provider

Cloud Hosting Provider

Purpose: Hosting our backend API and database
Data shared: All data stored on our servers
Examples: Railway and related infrastructure providers we use to operate the service

AI Processing

OpenAI: Powers AI Coach conversations and related AI assistance features
Google AI services: Provide analytics classification and related AI capabilities
Purpose: Natural language processing, pattern analysis, insight generation
Data shared: Chat messages, aggregated browsing patterns, and aggregated app-usage patterns needed to provide your features
We configure these providers to process data for service delivery and not for advertising. Their handling is also governed by their own terms, privacy policies, and any applicable data processing commitments.

Authentication and Billing Providers

Google and Apple: Used only if you choose social login
Stripe and RevenueCat: Used to process billing, subscriptions, entitlement checks, and renewals
Data shared: The identifiers and subscription details needed to authenticate you or maintain your paid plan

Website Analytics

Google Analytics: Used on our marketing website to measure visits, traffic sources, and page performance
Data shared: Cookie or tag-based website analytics data such as page views, browser information, and referral information

What We DON'T Use

                Advertising networks in the extension product: No ads and no third-party ad targeting inside the extension
Data brokers: We never share data with data brokers
Sale of personal data: We do not sell your personal data
AI model training: Your data is never used to train commercial AI models

            

Children's Privacy

Accountability Shield is not intended for use by children under 13 years of age. We do not knowingly collect personal information from children under 13.

If we discover that we have collected data from a child under 13, we will delete that information immediately. If you believe we have collected data from a child under 13, please contact us at [email protected].

International Data Transfers

Accountability Shield operates globally with servers hosted in multiple regions. Your data may be transferred to, stored, and processed in the United States and other countries where our service providers (hosting, email, AI processing) operate.

By using Accountability Shield, you consent to the transfer of your data to these locations. We ensure that all data transfers comply with applicable data protection laws, including GDPR for European users and CCPA for California residents.

Your Legal Rights (GDPR & CCPA)

For European Users (GDPR)

If you are in the European Economic Area (EEA), you have additional rights under GDPR:

Right to access: Obtain confirmation of data processing and a copy of your data
Right to rectification: Correct inaccurate or incomplete data
Right to erasure ("right to be forgotten"): Request deletion of your data
Right to restrict processing: Limit how we use your data
Right to data portability: Receive your data in a machine-readable format
Right to object: Object to certain types of data processing
Right to withdraw consent: Withdraw consent for data processing at any time

For California Users (CCPA)

If you are a California resident, you have rights under the California Consumer Privacy Act:

Right to know: What personal information we collect and how it's used
Right to delete: Request deletion of your personal information
Right to opt-out: Opt out of sale of personal information (we don't sell data)
Right to non-discrimination: We won't discriminate against you for exercising your rights

Common AI Privacy Questions

"Does the AI see what I'm looking at on websites?"

No. The AI only sees domain names (e.g., "youtube.com"), visit counts, and timestamps. It never sees page titles, URLs, content, images, or anything you type or view on websites.

"Is my data used to train ChatGPT or other AI models?"

No, not by us. We do not use your personal data to train our own commercial AI models, and we use third-party AI providers to process requests for service delivery rather than for advertising. Their handling is also subject to their own contractual and policy commitments.

"Can other users see my browsing patterns or risk scores?"

No. Your analytics and AI insights are completely private to you. The only people who can see any information are your explicitly chosen accountability partners, and they only receive weekly summary emails (not raw browsing data).

"What happens if I disable AI features?"

You can disable AI Analytics and the AI Coach at any time. When disabled:

We stop using new analytics data for AI-generated insights where that control is available in your version of the product
No new risk scores or insights are generated
The AI Coach becomes unavailable
Website blocking continues to work normally
Existing analytics data remains subject to this policy's retention and deletion rules

"Can I delete my analytics and chat history?"

Yes. You can request deletion of your analytics, chat history, uninstall feedback, or full account through available product controls or by contacting [email protected]. We will process deletion requests subject to backup retention, fraud prevention, dispute handling, and legal obligations.

"Does Accountability Shield sell my data to AI companies?"

Never. We do not sell or rent your data to AI companies. When we use AI providers such as OpenAI or Google, they process data to deliver the features you use, subject to their terms, privacy policies, and any applicable data processing commitments.

Cookies, Local Storage, and Tracking

Accountability Shield uses a combination of browser storage, local app storage, and limited website analytics technologies:

Extension and App Storage

Authentication tokens: To keep you logged in and sync your account
Settings and cached data: To store blocking groups, schedules, and temporary offline sync data on your device

Website Analytics Cookies or Tags

Google Analytics: Our website may use analytics cookies, tags, or similar technologies to understand site traffic and conversions
Scope: This website analytics usage applies to our marketing website, not to the extension's browsing-blocking function

What We Don't Use in the Extension Product

Third-party advertising cookies for ad targeting
Sale of browsing activity to advertisers or brokers
Social media tracking pixels inside the core blocking product

You can clear browser cookies and local storage through your browser settings, and you can log out of the service to invalidate active sessions.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.

How we notify you:

Material changes: Email notification to all users
Minor changes: Updated "Last Updated" date at the top of this page
Extension notification: In-app notification for significant changes

Your continued use of Accountability Shield after changes become effective constitutes acceptance of the updated policy. If you disagree with changes, you may delete your account.