ICA Sentinel · Privacy Policy

Effective: May 19, 2026
Publisher: The Schreck Method
Contact: shane@theschreckmethod.com

What this extension does

ICA Sentinel is a browser extension that monitors active AI chat sessions on a defined set of supported AI vendor websites and scores those sessions against the Institutional Control Architecture (ICA) standard. Supported surfaces as of this policy: claude.ai, chatgpt.com / chat.openai.com, gemini.google.com / aistudio.google.com, grok.com / x.com Grok, perplexity.ai, copilot.microsoft.com / m365.cloud.microsoft, meta.ai, character.ai, and chat.mistral.ai. When a session crosses a user-defined risk threshold, the extension displays an alert and writes an incident record to a backend that the user has explicitly configured.

What data we collect

ICA Sentinel reads and transmits the following data to the user-configured backend:

1. Conversation transcripts from the supported AI surfaces. This may include personally identifiable information, authentication tokens, financial details, health information, or other sensitive content if the user has typed such content into the AI session.
2. Session metadata including the surface name (Claude, ChatGPT, Gemini, Grok, Perplexity, Copilot, Meta AI, Character.AI, Mistral), timestamps, and the user's configured threshold and behavior settings.
3. User-provided authentication token for the Command Center backend. This is supplied by the user through the extension's options page and stored in Chrome's local extension storage.

ICA Sentinel does NOT collect:

• Web browsing history outside the supported AI surfaces
• Activity on websites not explicitly listed in the manifest host permissions
• Email content, social media activity, or financial account access
• Location data
• Screen recordings or video

Where the data goes

All transmitted data is sent only to the backend URL configured by the user in the extension's options page. The default backend is https://command.theschreckmethod.com, which is operated by The Schreck Method. Users may configure any other backend they control, including a self-hosted instance.

ICA Sentinel does NOT transmit data to:

• Third-party analytics services (Google Analytics, Mixpanel, Segment, etc.)
• Advertising networks
• Telemetry pipelines outside the user-configured backend
• Vendor APIs other than the user's configured backend

How data is stored

• Authentication token is stored in Chrome's local extension storage (chrome.storage.local) on the user's device only. It is not transmitted anywhere except as a bearer token to the user-configured backend.
• Threshold and behavior settings are stored in Chrome's local extension storage on the user's device only.
• Incident records are stored in the user-configured backend database. The Schreck Method does not maintain a separate copy of any user's incident records unless that user has explicitly chosen The Schreck Method as their Command Center backend, in which case standard Schreck Method backend storage and security policies apply.

How long data is retained

• Local extension storage persists until the user uninstalls the extension or clears their Chrome data.
• Incident records on the user-configured backend are retained according to that backend's policies. If the user is using command.theschreckmethod.com as their backend, records are retained indefinitely or until the user requests deletion.

User rights

Users may:

• Uninstall the extension at any time. All local extension storage is cleared on uninstall.
• Change the configured backend URL at any time through the options page.
• Clear the stored authentication token at any time through the options page.
• Request deletion of any incident records stored on the user's configured backend by contacting the operator of that backend. For the default Schreck Method backend, email shane@theschreckmethod.com.

Data sharing with third parties

The Schreck Method does not sell, rent, or share user data with third parties, including affiliates, except as required by law (subpoena, court order, regulatory requirement).

Security

• All transmission to backends is over HTTPS only.
• Authentication tokens are stored only in Chrome's local extension storage, never in cookies, never in URL parameters, never in server logs.
• The extension does not write data to disk outside Chrome's managed extension storage.

Changes to this policy

If we materially change this policy, we will notify users via the extension's options page on next launch.

Contact

Email: shane@theschreckmethod.com
Full ICA standard and operator documentation: theschreckmethod.com/ica