AMASAMYA — Privacy Policy

Last updated: April 2026

AMASAMYA ("the Extension") is a Chrome browser extension that audits web pages for WCAG 2.2 accessibility compliance. This Privacy Policy explains what data the Extension handles, how it is used, and your rights as a user.

1. Data We Do Not Collect

The developer of AMASAMYA does not collect, store, or have access to any of the following:

• Your name, email address, or any personally identifiable information
• Your browsing history or the URLs of pages you visit
• Your financial, health, or authentication information
• Content from the pages you audit
• Any data from your device beyond what is described in Section 2

No data from your use of AMASAMYA is ever transmitted to the extension developer's servers.

2. Data Stored Locally on Your Device

The Extension stores the following data in Chrome's local extension storage (chrome.storage.local), which remains entirely on your device:

• Vision AI API keys — If you choose to use the Focus Indicator Narrator or Visual Layout Auditor modules, you may optionally enter an API key for Anthropic (Claude) or OpenAI (GPT-4o). The key is encrypted at rest using a non-extractable AES-GCM 256-bit master key generated by the WebCrypto API and held in your browser's IndexedDB. Plaintext keys never leave your device and are never transmitted to anyone other than the API provider you select.
• Threat model — what at-rest encryption does and doesn't protect against — The non-extractable master key blocks passive exfiltration: a malicious browser extension that reads localStorage, a stolen disk image, or a backup that captures profile data sees only opaque ciphertext rather than usable keys. It does not protect against an active attacker who can run JavaScript inside the AMASAMYA origin (for example, a successful XSS exploit against the page itself), because that attacker can ask the WebCrypto sandbox to decrypt on their behalf. Treat the encryption as defence-in-depth, not as a substitute for revoking and rotating any API key you suspect has been exposed.
• AI provider preference — Which Vision AI provider you have selected (Anthropic or OpenAI).

Audit results are held in chrome.storage.session only for the duration of the browser session and are discarded when the session ends.

3. Website Content and Vision AI Analysis

When you run the Focus Indicator Narrator or Visual Layout Auditor modules, the Extension captures screenshots of the web page you are auditing. These screenshots are sent directly from your browser to the Vision AI provider you have configured (Anthropic or OpenAI) using your own API key.

• Screenshots are processed by the AI provider under their own privacy policy and terms of service.
• The extension developer does not receive, store, or view these screenshots.
• These features are entirely optional and require explicit user action to activate.
• No other page content (text, links, user data) is transmitted outside your device.

The WCAG Audit Engine and State Change Watchdog modules run entirely locally in your browser and make no external network requests.

4. Permissions Used and Why

• activeTab — To run audits on the page you are currently viewing, on demand.
• scripting — To inject locally bundled audit scripts into the active tab.
• sidePanel — To display audit results in the Chrome side panel.
• tabs — To read the current tab's URL and title for inclusion in audit reports.
• storage — To persist your API key preferences locally on your device.
• debugger — To emulate viewport sizes for the Visual Layout Auditor using Chrome DevTools Protocol.
• host_permissions (<all_urls>) — To allow auditing of any website the user chooses to test.

5. Third-Party Services

If you configure a Vision AI provider, your screenshots are processed under the provider's own policies:

• Anthropic Privacy Policy
• OpenAI Privacy Policy

AMASAMYA has no affiliation with Anthropic or OpenAI beyond providing an optional integration.

6. Data Sharing

AMASAMYA does not sell, rent, or share any user data with third parties. The only external data transfer that occurs is the optional transmission of page screenshots to the Vision AI provider you configure, using your own API credentials.

7. Children's Privacy

AMASAMYA is intended for professional accessibility testers and developers. It is not directed at children under 13, and we do not knowingly collect data from children.

8. Changes to This Policy

We may update this policy from time to time. Material changes will be reflected in the "Last updated" date above. Continued use of the Extension after changes constitutes acceptance of the revised policy.

9. Contact

For privacy questions or concerns, contact Akhilesh Malani via AMASAMYA.akhileshmalani.com.