Skip to main content
Legal · Browser extension

SYBA Shield extension privacy policy

This is the complete and self-contained privacy disclosure for the SYBA Shield browser extension, listed on the Chrome Web Store as “SYBA Cybersecurity Agent”. It covers every category of data the extension can access, how that data is used, where it is stored, how long it is kept, and every party it is shared with. It applies in addition to the general Syba privacy policy; where the two differ for the extension, this page governs.

1. Who we are and how to reach us

The SYBA Shield extension is published by Syba Security Corp, INC. (US headquarters: 2972 Webb Bridge Road, Alpharetta, GA 30009; EU entity: SYBA Inc., Katelijne Business Center, Baron Ruzettelaan 5/1.1, 8000 Brugge, Belgium). For any privacy question about the extension, email customer.service@syba.io or support@sybainsurance.com.

2. Single purpose

SYBA Shield has one purpose: to detect and warn you about phishing pages, lookalike domains, and malicious links while you browse. Every permission it requests and every piece of data it touches exists to serve that purpose. The AI phishing tiers (on-page vision scanning, link-reputation checks, and the optional email scanner) serve this same single purpose; the email scanner and the on-page vision scan are governed by consent toggles that are off by default and revocable at any time. The extension does not sell your data, does not use it for advertising, and does not transfer it to data brokers.

3. Data we collect, and how each type is handled

The table below lists every category of data the extension can access. Most analysis happens on your device and never leaves your browser. The only data sent off your device is the data needed to complete an action you explicitly start (a vision scan or a chat message) plus the account token used to authorize it.

  • Web page URLs and page titles.The address and title of pages you visit, and the URLs of the network requests those pages make, are inspected on your device by the extension’s offline heuristics (lookalike-domain, IDN-homograph, suspicious-TLD, IP-literal, and embedded-credential checks). These URLs are not transmitted to us or to any third party, except the single page URL and title that accompany a vision scan you trigger (see “Website content” below).
  • Website content: page-structure signals.A content script reads passive structural signals from the pages you visit (for example, whether a password field submits to a different domain, or whether a login form is themed for one brand but hosted on another). This runs on your device; only derived true/false signals reach the extension’s own background process. We do not collect keystrokes, passwords, form values, or full page text.
  • Website content: screenshots and DOM signals, on the on-page vision scan. When the on-demand vision scan runs (you click “Scan”, or you enable it as a consent-gated tier that is off by default), the extension captures an image of the currently visible browser tab and sends it, together with that tab’s URL, title, and the derived page-structure (DOM) signals described above, through Syba’s proxy (sybainsurance.com) to OpenRouter, which routes it to a vision-AI model (Google Gemini) to judge whether the page is a phishing page. Screenshots are never captured in the background and never on a schedule: only when you trigger or enable the scan. A screenshot may contain whatever is visible on that page at that moment.
  • Email content: only with your affirmative consent (off by default). SYBA Shield includes an AI email-phishing tier governed by a dedicated consent toggle that is off by defaultand revocable at any time. When, and only when, you turn it on, the content of an email you OPEN in Gmail or Outlook on the web (its sender, subject, body text, and the destination URLs of its links) is sent through Syba’s proxy to OpenRouter, which routes it to an AI model, Google Gemini (model google/gemini-2.5-flash-lite) or Anthropic Claude, to classify whether the message is a phishing attempt. With the toggle off, email analysis runs entirely on your device and nothing about your email leaves your browser.
  • Link and URL destinations: reputation checks. To judge whether a link or page you encounter leads somewhere malicious, the specific URL or hostname being checked (not the page content, and not your full browsing history) is sent through Syba’s proxy to a multi-provider URL-reputation aggregator (Google Web Risk, urlscan.io, VirusTotal, IPQualityScore, AbuseIPDB, and public RDAP for domain-age). These services receive only the URL or host under evaluation.
  • Authentication information.If you choose to sign in with your Syba account, we issue a rolling 30-day opaque access token. It is stored in your browser’s local extension storage and, as a hashed reference, on our servers. It is used only to authorize the extension’s API calls (vision verdicts, the safety co-pilot chat, and subscription-tier lookup) and is revocable at any time.
  • Safety co-pilot chat messages.If you open the side panel and send a message to the SYBA agent, the text you type (and, if you attach the current page for context, that page’s URL and title) are sent to the AI model to generate a reply.
  • Settings and local cache. Your preferences, per-site allowlist, recent verdicts, and scan history are stored locally via chrome.storage.local on your device. They are not synced across devices and are not transmitted to us. An optional OpenRouter API key you enter is stored locally and is never sent to Syba.

We do not collect health, financial, or location data; we do not use analytics SDKs or third-party trackers inside the extension; and we do not maintain a per-page audit trail of your browsing.

4. How we use the data

  • To produce the green / amber / red safety verdict for the page you are on.
  • To run the on-demand vision scan you trigger and return its findings.
  • To classify an email you open as phishing or safe, only if you have turned on the optional, consent-gated AI email-scanning tier (off by default).
  • To check the reputation of the links and URLs you encounter against the multi-provider aggregator listed below.
  • To answer the questions you ask the safety co-pilot chat.
  • To apply the correct rate limits and feature flags for your subscription tier.
  • To notify you when a page is flagged as phishing or a high-severity network request fires (only if you enable notifications).

We do not use your data for advertising, profiling, creditworthiness or lending decisions, or for any purpose unrelated to the security features above.

5. How we store it

  • On your device. Settings, allowlist, recent verdicts, scan history, and any OpenRouter key live only in chrome.storage.local. Removing the extension deletes them.
  • On our servers. Only a hashed reference to your access token and your subscription tier are stored, so we can validate and revoke the token. Vision-scan screenshots are processed to produce the verdict and are not retained on our servers after the verdict is returned.

6. How we share it, and every party it is shared with

We share data only as needed to deliver the scan or chat you request. The full list of parties:

  • Syba’s servers (sybainsurance.com), hosted on Netlify, Inc. When you are signed in, your scan screenshot, page URL/title, and chat messages are sent to our endpoint, which forwards the request to the AI provider below.
  • OpenRouter, Inc. routes vision-scan and chat requests to the AI model selected for your account or in Settings.
  • AI model providers. Depending on the model used, the screenshot and/or text is processed by Google LLC (Gemini), Anthropic, PBC (Claude), or OpenAI, L.L.C. (GPT).
  • Email content (consent-gated, off by default).Only if you turn on the optional AI email-scanning toggle, the content of an email you open (sender, subject, body, link URLs) is sent through Syba’s proxy to OpenRouter and on to Google (Gemini) or Anthropic (Claude) for phishing classification. With the toggle off, no email content is shared.
  • URL-reputation providers.When a link or URL is checked, the URL or host (not page content, not browsing history) is shared with Syba’s proxy and, in turn, with Google Web Risk, urlscan.io, VirusTotal, IPQualityScore, AbuseIPDB, and public RDAP registries (for domain-age). Each receives only the URL or host being evaluated.
  • Your own key path. If you provide your own OpenRouter API key instead of signing in, scan and chat data is sent directly from your browser to OpenRouterand never touches Syba’s servers.
  • Legal authorities, only where disclosure is required by law.

Complete sub-processor list.The third parties that may process extension data on Syba’s behalf are: OpenRouter, Inc. (request routing to the AI models below); Google LLC (Gemini AI models and Google Web Risk); Anthropic, PBC (Claude AI models); urlscan.io GmbH; VirusTotal; IPQualityScore LLC; AbuseIPDB; public RDAP registries (domain-age lookups); and Netlify, Inc. (hosting of sybainsurance.com).

We do not sell extension data and do not share it with any party other than those listed above.

7. Data retention

Local data persists on your device until you clear it or remove the extension. Vision-scan screenshots are not retained on our servers after the verdict returns. The raw payloads sent for AI analysis (page screenshots and, where you have consented, email content) are processed transiently to produce a verdict and are not persisted; any transient copy held at our proxy or by a sub-processor is deleted within 24 to 48 hours at most. We log only aggregate counts and non-reversible verdict hashes, never the raw email content or screenshot itself. URLs submitted for reputation checks are likewise not retained by us beyond the transient lookup. Your hashed token is retained while your account is active and is deleted when you sign out, revoke it, or delete your account. To request deletion of your account and associated data, email customer.service@syba.io; we comply within 30 days, subject to legal retention requirements.

8. Your choices and controls

  • Use it without an account. All on-device protection works with no sign-in. Sign-in is optional and unlocks the cloud vision scan and chat.
  • Trigger scans yourself. Screenshots are only captured when you click “Scan”.
  • Allowlist. Mark sites you trust so they are not flagged.
  • Sign out from the side panel at any time to clear and revoke your token.
  • Bring your own key so scan data bypasses Syba’s servers entirely.
  • Notifications and network monitoring are optional permissions you grant or deny.

9. Children

SYBA Shield is not directed to children under 13 (or the minimum age in your jurisdiction) and we do not knowingly collect their data.

10. Chrome Web Store Limited Use

SYBA Shield’s use of information received from Google APIs, and all user data it handles, adheres to the Chrome Web Store User Data Policy, including its Limited Use requirements. Specifically: we collect and use user data only to provide and improve the single security purpose described above; we do not sell user data; we do not use or transfer it for personalized advertising, creditworthiness, or lending; and we do not allow humans to read user data except (a) with your affirmative consent for a specific message, (b) as necessary for security or to comply with applicable law, or (c) where the data is aggregated and anonymized for internal operations.

11. Security

We use TLS for all network calls, store the access token as a hashed reference, scrub tokens from URLs during the sign-in handoff, and request only the permissions each feature needs. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

12. Changes to this policy

We may update this policy as the extension evolves. Material changes will be posted here with an updated effective date; continued use after changes take effect constitutes acceptance.

Effective date: 2026-06-01 · Chrome Web Store item “SYBA Cybersecurity Agent” · © 2026 Syba Security Corp, INC.