Privacy Policy for BYPASS

1. Information We Collect

We only collect the data you explicitly provide to store in your vault:

• Identity details (first name, last name, company name)
• Contact information (email address, phone number)
• Shipping and billing addresses
• Procurement data (cost center, department, PO numbers)

We do not collect browsing history, keystrokes, or any data beyond what you voluntarily enter. BYPASS explicitly does not collect, process, or store credit card numbers, CVVs, or payment data.

2. How Data Is Stored

Local Storage: Your vault data is stored locally on your device using Chrome's built-in extension storage (chrome.storage.local). This data is sandboxed by Chrome and inaccessible to other extensions or websites.

Cloud Sync (B2B Mode): If you join a company workspace using an invite code, your vault data is synchronized to your company's dedicated cloud instance via Google Firebase Firestore. This data is protected by Firebase Authentication, HTTPS encryption in transit, and Firestore security rules that block all direct client access.

3. AI Processing and Screenshots

To detect form fields on checkout pages, BYPASS captures ephemeral screenshots of the active browser tab. These screenshots are securely transmitted to our backend server (Google Cloud Functions), processed via the Google Gemini API to identify form field labels and positions, and are immediately discarded after processing. We do not retain, log, or cache these screenshots after the API response is returned. Screenshots are never stored in any database, and your data is not used to train third-party AI models.

No personal vault data is sent to the AI. The AI only receives visual representations of web page layouts and form field labels.

4. Data Sharing

We do not sell, rent, or trade your personal data to any third parties. We do not use your data for advertising, analytics, or any purpose beyond providing the BYPASS auto-fill service.

5. Chrome Web Store Compliance

Bypass Labs LLC's use and transfer to any other app of information received from Google APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements.

6. Third-Party Services

We use the following third-party services solely to operate BYPASS:

• Google Firebase (Authentication, Firestore database) — for secure account management and cloud vault storage
• Google Gemini API (AI Vision) — for form field detection via ephemeral screenshot analysis

We do not use any advertising networks, analytics trackers, or data brokers.

7. User Control and Data Deletion

You have full control over your data:

• Edit or delete any vault entry at any time through the extension interface
• Uninstalling the extension permanently removes all locally stored data
• For cloud-synced accounts, use the “Delete Account” option in Settings to permanently remove all server-side data
• Request manual deletion by contacting us at the email below

8. CCPA Compliance (California Residents)

Under the California Consumer Privacy Act, California residents have the right to:

• Know what personal information is collected
• Request deletion of personal information
• Opt out of the sale of personal information (we do not sell your data)

We will not discriminate against you for exercising any of these rights.

9. GDPR Compliance (EU Residents)

If you are in the European Economic Area, you have the right to access, correct, delete, and restrict the processing of your personal data. For locally stored data, you can exercise these rights directly by editing or deleting your vault. For cloud-synced data, contact us or use the Delete Account feature.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the extension or our website. Continued use of BYPASS after changes constitutes acceptance.

11. Contact Us

If you have questions about this Privacy Policy, contact us at:

Email: bypasssupport@gmail.com
Bypass Labs LLC, Sacramento, CA