Data Handling Notice

How Your Data Is Processed

The Safer Agentic AI Auto-Assessor runs entirely in your web browser. All document parsing, text extraction, and file handling happen client-side using JavaScript. No files are uploaded to SaferAgenticAI.org or any server we operate.

When you click Evaluate, the evidence text you have loaded or pasted is sent directly from your browser to the Anthropic API (api.anthropic.com) using your own API key. This request goes straight from your browser to Anthropic; it does not pass through any SaferAgenticAI server.

Your data is sent to an external service only when you take an explicit action (for example, clicking Evaluate or sending a message in the Safety Advisor), and the destination depends on the provider you choose. Evaluations go to Anthropic. The Safety Advisor can be pointed at Anthropic, at OpenAI, or at a local on-device model that sends nothing to an inference API. Each destination is described under Third-Party Services below.

What We Do NOT Collect

• No cookies are set by this application
• No analytics or tracking scripts are used
• No user accounts or login systems exist
• No server-side logs of your activity are kept by us
• No files or evidence text are stored on our infrastructure
• Your API key is held in browser session storage (cleared when you close the tab) and is never saved to disk or transmitted to us

Local Browser Storage

This application uses two forms of local browser storage. No data stored locally is ever transmitted to SaferAgenticAI.org.

Session Storage (temporary)

Evaluation scores and justifications are saved to your browser's session storage during an assessment session. This data is automatically cleared when you close the browser tab. Your full uploaded documents are never written to session storage. Note that the scores and justifications stored here may include short verbatim excerpts that the assessor quoted from your evidence to justify a score.

IndexedDB (persistent)

When you click Save Assessment on the assessment dashboard, a summary of your results (scores, justifications, gaps, and metadata such as system name and date) is saved to your browser's IndexedDB. This data persists across browser sessions until you explicitly delete it. Your full uploaded documents are never saved to IndexedDB. The saved justifications may, however, include short verbatim excerpts that the assessor quoted from your evidence to justify a score.

You can delete saved assessments individually from the History page, or clear all site data via your browser's settings (Settings → Privacy → Clear Site Data).

Third-Party Services

Anthropic API

When you run an evaluation, your evidence text and the assessment prompt are sent to Anthropic's Claude API. As of June 2026, Anthropic's published Commercial Terms and API data-usage policy state that inputs and outputs submitted through the API are not used to train Anthropic's models. These terms can change; consult the policies linked below for the current position.

• Anthropic Privacy Policy
• Anthropic API Data Usage Policy

OpenAI API

If you select the OpenAI provider in the Safety Advisor, your conversation is sent directly from your browser to api.openai.com using your own OpenAI API key. This request goes straight from your browser to OpenAI; it does not pass through any SaferAgenticAI server. OpenAI's API data-usage and retention terms may differ from Anthropic's, so review them separately if you use this provider.

• OpenAI Privacy Policy

Local (On-Device) Provider

If you select the local (WebGPU / WebLLM) provider in the Safety Advisor, model inference runs entirely on your own device and your conversation is not sent to any inference API. To make this work, the model weights are downloaded the first time you use it from the Hugging Face / MLC content-delivery network, which exposes your IP address and basic request metadata to that host. Separately, the PDF parser loads its processing worker from the jsDelivr CDN when you upload a PDF. In both cases your document and evidence content is not sent to those hosts; only the standard request metadata involved in fetching a static file is exposed.

GitHub Pages Hosting

This site is hosted on GitHub Pages. GitHub may collect visitor IP addresses and basic request metadata as part of their standard hosting infrastructure. See the GitHub Privacy Statement for details.

Your API Key

Your API key is held in your browser's sessionStorage (under the keys saai-api-key for Anthropic and saai-openai-key for OpenAI), scoped to this browser tab and cleared automatically when the tab closes. It is never written to localStorage or cookies, and it is never transmitted to SaferAgenticAI.org. The key is used solely to authenticate requests sent directly from your browser to the relevant provider's API endpoint.

While your key is not saved by this application, browser extensions or cached network requests may retain data independently.

Your Rights

Right to erasure: We do not store any of your data on our servers, so there is nothing to delete on our side. Closing your browser tab clears all in-memory state (API key, loaded documents, session scores). If you have saved assessments to history, you can delete them individually from the History page or clear all site data in your browser settings.

For data sent to Anthropic via the API during evaluation, refer to Anthropic's privacy policy and their data retention practices.

Contact

If you have questions about how this application handles data, please reach out via the SaferAgenticAI.org contact page.