Local-First Storage
DefaultBy default, all analysis results and provider settings are stored within the extension. Clausewize servers never see this data in BYOK mode.
Our Trust Mandate
Clausewize reads legal text to surface risk. A product with that access should be explicit about what it stores, what it never stores, and how BYOK differs from hosted analysis.
Data Residency
Where Your Data Lives
Privacy is the structural foundation, not a feature toggle. Your data is stored according to the mode you choose.
Optional Cloud Sync
OptionalSign in to synchronize final analysis results across devices. Only analysis results are synced — never raw HTML, DOM snapshots, or extracted legal packets.
Architecture
BYOK Architecture
Bring Your Own Key. The extension calls your provider directly from the browser. We never see your API key or the raw legal text.
01Extension extracts legal packet locally
02Browser calls your provider directly
03Results stay in extension storage
SYSTEM_DIAGRAM_V2
Privacy Guarantees
What We Commit To
Your provider keys never leave your browser
BYOK keys are stored in the extension only. They are never proxied through our backend.
No background monitoring
Analysis happens only when you trigger it. The extension does not watch pages you have not chosen to review.
No raw legal text in sync storage
If you sign in to sync, only final analysis results are stored. We do not sync raw HTML, DOM snapshots, or extracted legal packets.
Hosted mode is explicit
Hosted mode is a planned path separate from BYOK. When it launches, extracted legal text will be sent to our backend for analysis.
Data Flow
Mode-by-Mode Comparison
BYOK Mode
DefaultThe extension extracts the legal packet locally and sends the request directly to your chosen provider from the browser.
- Provider key stays in the extension.
- Results remain local unless you enable sync.
- Best fit if you want maximum control over credentials and routing.
Hosted Mode
ConvenienceHosted mode is planned. When available, the extracted legal packet will be sent to our backend so we can run the hosted provider path on your behalf.
- No provider key management on your side.
- Hosted usage is account-gated and metered.
- The convenience trade-off is that the legal packet leaves the browser for processing.
Live Ledger
Example Local Audit Events
Demo-only examples of the kinds of events Clausewize can record locally in your browser, such as extraction, analysis, and provider calls.
| Timestamp | Event | Target | Detail | Status |
|---|---|---|---|---|
| 2026-03-22 14:02:11 | ANALYSIS_RUN | dropbox.com/terms | Verdict: Accept — no elevated risks detected | safe |
| 2026-03-22 13:58:45 | PROVIDER_CALL | openai/gpt-4o-mini | BYOK direct call from browser, 1.2s latency | neutral |
| 2026-03-22 12:44:01 | RISK_FLAGGED | socialapp.io/tos | Verdict: Proceed with Caution — 3 critical issues | critical |
| 2026-03-22 12:43:50 | EXTRACTION | socialapp.io/tos | Legal packet extracted from page DOM, 4.2 KB | neutral |
| 2026-03-22 11:20:19 | HISTORY_CLEARED | Local extension storage | User cleared local analysis history | neutral |
These example events illustrate local browser logging only. This data is never transmitted to Clausewize servers unless you sign in to sync, in which case only final analysis results are synced.
What we store
Mode-by-Mode Storage Boundaries
The table below is intentionally plain. It should be easy to scan and hard to misunderstand.
| Data Type | BYOK | BYOK + Sync | Hosted |
|---|---|---|---|
| Provider API keys | Stored locally in the extension only | Never synced | Not required |
| Raw page HTML / DOM | Not stored | Not synced | Not retained in sync storage |
| Extracted legal packet | Used locally for analysis | Not synced | Processed server-side for hosted mode |
| Final analysis result | Stored locally | Structured analysis results synced up to 5 MB | Can be stored in your account history |
| Account metadata | Not required | Required for sign-in and ownership | Required for entitlement and usage metering |
Permissions Explained
Why the Extension Asks for Browser Permissions
Active tab
Lets the extension access the page you explicitly asked it to analyze, instead of every page by default.
Scripting
Used to extract the normalized legal packet from the current page or modal when you trigger analysis.
Side panel
Provides the persistent review surface where results, provider settings, and history are shown.
Storage
Stores local settings, BYOK configuration, and analysis history inside the browser.
Cookies
Required for the Clerk-based extension sign-in flow so account sessions can persist correctly inside the extension.
Context menus
Adds the browser right-click entry that opens Clausewize from the current page.
Clausewize backend host
Allows signed-in sync requests between the extension and your Clausewize account.
Clerk auth host
Allows the extension to complete account sign-in and session management through Clerk.
Site access
OptionalOptional site access is requested only for the page you choose to review so the extension can extract the legal content from that site.
Provider API hosts
OptionalOptional host access is used for direct BYOK calls to OpenAI, Anthropic, and Gemini from the extension.
Tabs
OptionalOptional permission requested at runtime. Enables the extension to read the current tab URL for smarter page detection. You can deny without losing core functionality.
Red Lines
What We Will Never Do
These are not aspirational goals. They are structural constraints baked into the architecture.
Sell your analysis data
Your analysis results are yours. We do not sell, share, or monetize them.
Train models on your BYOK inputs
Nothing from your BYOK sessions enters any training pipeline, period.
Store your provider keys on our servers
BYOK credentials never leave the extension's local storage.
Monitor pages you did not ask to review
Analysis only runs when you trigger it. No background scanning.
Sync raw page content
Only final analysis results are synced. Raw HTML and DOM stay local.