What CyberXrai Collects — And What It Doesn't
When you install a browser extension that runs on every website you visit, you're placing significant trust in it. This is our complete answer to what CyberXrai does with that access.
The complete data table
| Data | Leaves device? | Retention |
|---|---|---|
| Full URLs | Never | — |
| Hash prefixes (8 hex chars) | Yes — prefix only | 24 hours |
| Browsing history | Never | — |
| Form contents / passwords | Never | — |
| Threat event logs (anonymized) | Yes | 90 days |
| Device ID (random UUID) | Yes | Account lifetime |
| Telemetry (opt-in) | Yes, if opted in | Aggregated |
Why we designed it this way
Data we don't collect can't be breached, subpoenaed, or accidentally leaked. The k-anonymity model for URL checking proves that threat detection doesn't require surveillance — you can check a URL against a database without disclosing the URL.
Your rights
To delete all data associated with your device, email privacy@cyberxrai.com with your device ID (found in extension settings). GDPR and CCPA rights apply.
For the full detail on every data point, see the Privacy Transparency Report page.
CyberXrai is a free Chrome extension that detects phishing and malicious scripts without seeing your URLs. Install it free.