Enterprise-Grade Security

Privacy & Security
Built Into Our DNA

AIChemy operates as a secure middleware layer. We enhance your prompts without storing them. Your data flows through us encrypted, processed in memory, and immediately discarded.

TLS 1.3 Encryption
AES-256 at Rest
SOC 2 Compliant
Zero Knowledge

Security Architecture

AIChemy acts as a secure bridge between you and AI providers. Your data is encrypted end-to-end, processed in isolated memory, and never persisted.

Your DeviceLocal Storage
TLS 1.3 + AES-256
AIChemy

AIChemy

Secure Middleware
Zero Knowledge Architecture
Stateless Processing
No Prompt Storage
Encrypted API
AI ProvidersOpenAI, Anthropic, Google
Your Data (Encrypted)
Enhanced Prompt
AI Response
The Middleman Principle

We Enhance, Not Store

AIChemy operates on a fundamental principle: we are a processing layer, not a storage layer. Your prompts pass through our systems like water through a filter - improved and purified, but never retained.

Real-Time Processing

Prompts are enhanced in memory and immediately returned to you.

Stateless Architecture

Each request is independent. No session data is stored between requests.

Direct AI Connection

Your enhanced prompts go directly to your chosen AI provider.

Data Lifecycle

1
SubmitYour prompt is encrypted on your device
2
TransitTLS 1.3 encrypted transmission
3
ProcessEnhanced in isolated memory
4
ReturnImproved prompt sent back encrypted
5
DiscardOriginal data immediately purged

Multi-Layer Security

Your data is protected by multiple overlapping security layers, each designed to prevent unauthorized access and ensure privacy.

Transport Security

All data in transit is protected with industry-leading encryption.

  • TLS 1.3 with perfect forward secrecy
  • Certificate pinning for mobile/extension
  • HSTS enabled with long max-age
  • Secure WebSocket connections

Data Protection

Minimal data collection with maximum protection.

  • AES-256-GCM encryption at rest
  • Encrypted database fields
  • Automatic data expiration
  • Secure key management (HSM)

Authentication

Secure identity verification and access control.

  • OAuth 2.0 with PKCE flow
  • JWT tokens with short expiry
  • Role-based access control (RBAC)
  • Session invalidation on logout

API Security

Hardened API endpoints with multiple protections.

  • Rate limiting per user/IP
  • Request validation & sanitization
  • CORS with strict origin checking
  • SQL injection & XSS prevention

Infrastructure

Secure cloud infrastructure with best practices.

  • SOC 2 Type II compliant hosting
  • Isolated compute environments
  • Regular security audits
  • DDoS protection enabled

Monitoring

Continuous monitoring and incident response.

  • Real-time threat detection
  • Anomaly detection algorithms
  • Security event logging
  • Incident response procedures
Browser Extension

Extension Security Architecture

Our Chrome extension follows the principle of least privilege with a secure multi-layer architecture that isolates sensitive operations.

Content Script

  • Isolated Context
  • No Direct API Access
  • UI Only

Background Script

  • Cryptographic Operations
  • Sender Validation
  • Secure Key Storage

AIChemy Server

  • Origin Validation
  • Rate Limiting
  • HTTPS Only
ContentBackground (Encrypt)Server (Validate)AI Provider

Security Features

  • Manifest V3: Latest Chrome extension security model
  • Isolated Worlds: Content scripts run in isolated contexts
  • Background Encryption: All crypto ops in secure service worker
  • Sender Validation: Every message verified by extension ID
  • Origin Restriction: Only communicates with aichemy.one

What the Extension Cannot Do

  • Read your browsing history or bookmarks
  • Access your passwords or form data
  • Modify pages except for our UI overlay
  • Run in the background when not in use
  • Send data to any domain except aichemy.one

What We Never Do

Transparency is key. Here's our commitment to what we will never do with your data.

Store your prompts on our servers
Sell or share your data with third parties
Track your browsing activity
Use your data to train AI models
Access your AI provider credentials
Keep logs of your conversations
Data Collection

Information We Collect

We collect only the minimum data necessary to provide our service.

Information You Provide

  • Account Info:Name, email, profile picture from Google Sign-In
  • Preferences:Your settings, selected AI providers, and customizations
  • Templates:Custom templates you create and save
  • Feedback:Support requests and feedback you submit

Automatic Collection

  • Usage Analytics:Feature usage, prompt count (not content), agent selections
  • Device Info:Browser type, OS for compatibility and support
  • Security Logs:IP addresses and access times for security monitoring
  • Error Reports:Anonymous crash reports to improve stability
GDPR Compliant

Your Rights

Under GDPR and other data protection laws, you have the following rights regarding your personal data.

Right to Access

Request a copy of all personal data we hold about you.

Right to Rectification

Request correction of any inaccurate personal data.

Right to Erasure

Request deletion of your personal data ("right to be forgotten").

Right to Portability

Receive your data in a structured, machine-readable format.

Right to Object

Object to processing of your personal data for certain purposes.

Right to Restrict

Request restriction of processing your personal data.

Data Lifecycle

Data Retention

Account Data

Active while account exists

Deleted within 30 days of account deletion request

Prompt History

User-controlled retention

Delete anytime from your dashboard

Security Logs

90-day retention

Automatically purged after security period

Questions About Privacy?

If you have any questions about this Privacy Policy, your data, or how to exercise your rights, please don't hesitate to contact us.

aichemy@proton.meaichemy.one