← Back

Privacy Policy

Last updated: April 22, 2026

Introduction

NøFishing AI is a browser extension that provides comprehensive online protection by detecting phishing websites in real time and blocking malicious ads and trackers that may deliver threats. This privacy policy explains what data we collect, how we use it, who we share it with, and your rights regarding your information. By using NøFishing AI, you agree to the practices described in this policy.

Information We Collect

Account data: When you create an account, we collect your email address, first name, and last name. This information is provided directly by you during signup.

Payment data: All payment processing is handled entirely by Stripe. We do not store, access, or process your credit card number, expiration date, or CVC. Stripe provides us only with a confirmation of payment status.

Device data: We generate a random device identifier (not personally identifiable) and record your browser type and operating system (for example, "Mac — Chrome"). This is used solely to enforce the 2-device limit included in your subscription.

Local usage data: The extension stores usage statistics locally on your device, including the count of sites scanned, threats blocked, and trackers stopped. These statistics never leave your device and are never sent to our servers.

URL data for grey-zone analysis: When the extension's local heuristic engine produces an ambiguous threat score (30–59 out of 100), the URL alone — with no personal data, cookies, or browsing context — is sent to our server, which forwards it to Anthropic's Claude AI API for additional safety analysis. NøFishing AI does not store these URLs on our servers. Anthropic's data handling practices are governed by their own privacy policy at anthropic.com/privacy.

API communication: The extension communicates with our servers at nofishing.ai/api to register your device (sending email, device ID, and browser/OS info), verify subscription status, and check activation status after payment. All requests are transmitted over HTTPS.

Information We Do NOT Collect

• Browsing history
• Passwords to websites you visit
• Personal data from pages you visit
• Financial information (credit card numbers, bank details)

How We Use Your Information

• Provide and maintain the phishing detection and tracker blocking service
• Process subscription payments via Stripe
• Detect and block phishing websites and online scams
• Communicate about your account, including welcome emails, payment confirmations, and service updates

Why NøFishing AI Needs These Permissions

The extension requests the following browser permissions to function. Each is required for a specific purpose:

• Host permissions (access to all websites): NøFishing AI requires access to all websites because it must analyze every URL you visit to detect phishing threats in real time. Without this permission, the extension cannot protect you.
• storage: To save your subscription status and local protection statistics on your device.
• tabs: To display the protection status icon and warn you on dangerous tabs.
• activeTab: To scan the URL of the currently active tab when you interact with the extension.
• webNavigation: To detect when you navigate to a new page so the extension can scan the URL before the page loads.
• declarativeNetRequest: To efficiently block known malicious domains from loading.
• webRequest: To block third-party tracking and advertising requests that may contain phishing links or malware.

Third-Party Services

We use the following third-party services to operate NøFishing AI. Each has its own privacy policy governing how they handle your data:

• Stripe (payment processing): stripe.com/privacy
• Supabase (authentication and database): supabase.com/privacy
• Anthropic (AI URL analysis): anthropic.com/privacy
• Proton Mail (email delivery): proton.me/legal/privacy
• Vercel (web hosting): vercel.com/legal/privacy-policy

Data Shared with Third Parties

Below is the specific data shared with each third-party service:

• Stripe (payment processing): Payment card data and email address. Stripe handles all payment information; we never see or store your full card details. See stripe.com/privacy.
• Supabase (authentication and database): Email address, first name, last name, device ID, and subscription activation status. See supabase.com/privacy.
• Anthropic (AI URL analysis): URL only, with no personal data attached. Only ambiguous URLs (threat score 30–59) are sent for second-opinion analysis. See anthropic.com/privacy.
• Proton Mail (email delivery): Your email address, used to send welcome and activation emails. See proton.me/legal/privacy.
• Vercel (web hosting): Processes API requests containing email address and device ID. See vercel.com/legal/privacy-policy.

Data Storage and Security

• Account data is stored securely via Supabase with industry-standard encryption
• Passwords are hashed and never stored in plain text
• All connections use HTTPS encryption
• Servers are located in the United States

Data Retention

• Account data: Retained while your subscription is active, plus 30 days after cancellation to allow for reactivation
• Payment records: Retained by Stripe per their policy (typically 7 years for legal compliance)
• Local usage statistics: Stored only on your device and never sent to our servers. Cleared when you uninstall the extension. Logging out also clears local statistics from your device.

We Do Not Sell Your Data

NøFishing AI does not sell, rent, or trade your personal data to any third party for marketing or advertising purposes. Data is only shared with the third-party service providers listed above, solely for the purpose of operating the service.

Your Rights

• Access: Request a copy of your data by emailing hello@nofishing.ai
• Deletion: Request account deletion by emailing hello@nofishing.ai
• Correction: Request corrections by emailing hello@nofishing.ai
• Portability: Request your data in a portable format by emailing hello@nofishing.ai

Cookies and Local Storage

NøFishing AI uses chrome.storage.local (browser extension storage) to store:

• Authentication tokens
• Subscription status
• Local usage statistics (stays on your device)
• Device identifier

No tracking cookies are used. NøFishing AI does not use cookies for advertising, analytics, or any form of cross-site tracking.

Children's Privacy

NøFishing AI is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal data, please contact us at hello@nofishing.ai and we will promptly delete it.

International Users

Our servers are located in the United States. By using NøFishing AI, you consent to the transfer and processing of your data in the United States. We take reasonable steps to ensure your data is treated securely and in accordance with this policy.

Changes to This Policy

We may update this privacy policy from time to time. Material changes will be announced via email to your registered account. The "last updated" date at the top of this page reflects the most recent version.

Contact

Questions about this privacy policy? Contact us at hello@nofishing.ai