AssisT Privacy Policy

Adaptive Accessibility Chrome Extension

Last Updated: February 13, 2026
Effective Date: February 13, 2026
Version: 0.1.1

1. Overview

AssisT is a Chrome browser extension that provides accessibility features for students and learners. This privacy policy explains exactly what data AssisT accesses, stores, and (in limited cases) transmits—and what it never does.

We built AssisT with a fundamental principle: your educational data belongs to you. We don't need it, don't want it, and have designed the extension so we never receive it.

2. What Data We Collect

We collect nothing. AssisT operates entirely on your local device and does not collect, store, or transmit any personal information to Fiavaion or any third party we control.

3. What Data Is Stored Locally

AssisT stores the following data on your device only using Chrome's secure storage APIs:

3.1 User Preferences

• Feature toggles (which features are enabled/disabled)
• Text-to-Speech settings (voice, speed, pitch, highlight colors)
• Speech-to-Text settings (language, auto-punctuation mode, confidence threshold)
• Visual settings (font choice, spacing, dark mode preset, overlay colors)
• Keyboard shortcut customizations
• Selected user profile (ADHD, Dyslexia, etc.)

3.2 User-Created Content

• Annotations & Sticky Notes: Notes you create are stored locally in IndexedDB, organized by the webpage URL where you created them
• Citations: Bibliography entries and citation projects you create are stored locally
• Custom Vocabulary: Words you add to your Speech-to-Text dictionary

3.3 Temporary Processing Data

• OCR Results: Text extracted from images is held in memory only during your session and is not persisted
• Translation Cache: Recent translations may be cached briefly (5 minutes) to improve performance; this cache is cleared automatically
• Reading Progress: How far you've scrolled on a page (stored per-domain, locally only)

3.4 Optional API Keys

If you choose to use cloud AI features (Anthropic Claude API), you may provide API keys. These are:

• Stored locally on your device only using AES-256 encryption
• Never transmitted to Fiavaion
• Sent only to the service provider you configured, when you use that feature
• Encrypted at rest using Chrome's secure storage with AES-256-GCM
• Deletable at any time through the extension settings

4. Chrome Permissions Explained

AssisT requests the following Chrome permissions. Here's exactly why each is needed:

4.1 Default Website Access

By default, AssisT only runs on these educational platforms:

• *.instructure.com and *.canvas.com (Canvas LMS)
• *.moodle.org and *.moodlecloud.com (Moodle)
• classroom.google.com (Google Classroom)
• docs.google.com (Google Docs)

On these sites, AssisT can read page content to provide accessibility features. This content is processed locally and is never sent to external servers (except when you explicitly use optional third-party services as described below).

4.2 Optional: Enable Everywhere

You may choose to grant AssisT permission to run on all websites using the optional permissions system. This is:

• Completely optional—AssisT works fully on educational sites without it
• Requested only when you click "Enable Everywhere" in the extension popup—never automatically
• Revocable at any time in Chrome Settings → Extensions → AssisT → Site access
• Chrome Web Store compliant—Uses Chrome's optional_host_permissions API for user control
• No automatic content script injection—Scripts only inject after you grant permission and reload tabs

When enabled, AssisT can provide accessibility features on any website. The same privacy guarantees apply: content is processed locally and never sent to external servers (except when you explicitly use optional cloud features).

4.3 GDPR Compliance: Optional Permissions

AssisT's optional permissions system ensures GDPR compliance:

• Explicit Consent: You must actively choose to enable site access
• Granular Control: Chrome allows per-site permission management
• Right to Withdraw: Revoke permissions anytime without losing your settings
• Transparency: Clear explanation of why permission is needed
• Data Minimization: Only requests permissions needed for functionality you want

5. Third-Party Services (Optional)

AssisT includes optional integrations with third-party services. These are disabled by default and only activated when you explicitly enable and configure them.

5.1 Translation Services

For text translation, you can choose from these providers:

5.2 Dictionary Service

Word definitions are fetched from the Free Dictionary API:

• Data Sent: The single word you look up
• Website: dictionaryapi.dev

5.3 AI Features (Four Privacy Modes)

AssisT offers four distinct AI modes, giving you full control over privacy vs. capability trade-offs:

Model Selection: You choose which mode to use in AssisT settings. You can switch modes anytime without data loss.

6. What AssisT Never Does

• Collect or store personal information
• Track your browsing activity
• Use analytics or tracking services
• Share data with advertisers
• Sell or monetize user data
• Require account creation or login
• Transmit data to Fiavaion servers (we have no servers receiving user data)
• Access pages you don't visit (we don't run in the background on other sites)

7. Educational Privacy Compliance

7.1 FERPA Compliance (United States)

AssisT is designed for use in educational settings and complies with the Family Educational Rights and Privacy Act:

• No student records collected: We never receive or store education records
• Local processing only: Student work is processed in the browser, not on external servers
• No third-party data sharing: We do not share any data with third parties
• Institutional control: Schools can deploy AssisT without creating data-sharing agreements with Fiavaion

7.2 COPPA Compliance (Children Under 13)

AssisT complies with the Children's Online Privacy Protection Act:

• We do not collect personal information from any user, including children
• No account creation required
• Parental consent is not required because no data is collected

7.3 HIPAA Considerations

While AssisT is not a healthcare application, its local-only architecture means it can be safely used:

• No protected health information (PHI) is transmitted externally
• All processing remains on the user's device
• Users in healthcare education settings can use AssisT without HIPAA concerns related to the extension itself

8. GDPR Compliance (European Users)

For users in the European Economic Area, United Kingdom, and Switzerland:

8.1 Lawful Basis

Since AssisT does not collect or process personal data on external servers, most GDPR provisions for data controllers do not apply. For local storage:

• Consent: You explicitly choose to save settings and create content
• Legitimate Interest: Local storage is necessary to provide the accessibility features you request

8.2 Your Rights

• Access: View all stored data via extension settings or Chrome DevTools (Application → Storage)
• Rectification: Edit any stored preferences or content through the extension
• Erasure: Delete all data by clearing extension storage or uninstalling
• Portability: Export your settings, annotations, and citations as JSON files
• Objection: Disable any feature or uninstall at any time

8.3 Data Retention

• Preferences: Retained until you clear them or uninstall
• Annotations/Citations: Retained until you delete them or uninstall
• Temporary data: Cleared when you close the browser or automatically after short periods

8.4 International Transfers

AssisT does not transfer data internationally. If you use third-party translation services, those providers may process data according to their own policies.

9. Data Security

• Local encryption: Chrome's storage APIs use your operating system's encryption
• No network exposure: Since data stays local, there's no risk of interception in transit to our servers
• HTTPS only: Any third-party API calls use secure HTTPS connections
• Content sanitization: AssisT uses DOMPurify to sanitize HTML content and prevent XSS attacks

10. Your Choices

• Disable features: Toggle any feature off in the extension popup
• Clear stored data: Use the "Reset Settings" button in the extension
• Delete annotations: Remove individual notes or clear all via the Annotations panel
• Remove API keys: Delete saved keys in Settings → Translation
• Revoke site access: Change permissions in Chrome Settings → Extensions
• Uninstall: Removing the extension deletes all locally stored data

11. Changes to This Policy

We may update this policy to reflect new features or legal requirements. Changes will be:

• Posted at fiavaion.com/products/assist/privacy
• Noted in the extension's changelog on GitHub
• Indicated by updating the "Last Updated" date above

Material changes that affect your rights will be announced in the extension update notes.

12. Contact Us

Questions about this privacy policy or AssisT's data practices:

• Email: [email protected]
• GitHub: github.com/fiavaion/AssisT/issues
• Documentation: fiavaion.com/docs/assist

13. Complaints

If you believe your data protection rights have been violated:

• Contact us first: [email protected]
• EU/EEA residents: You may lodge a complaint with your local Data Protection Authority (find your DPA)
• UK residents: Contact the Information Commissioner's Office