AMASAMYA - Privacy Policy

Accessibility Audit Tool for Chrome · v4.2

Effective date: 14 June 2026. Last updated: 14 June 2026.

This Privacy Policy describes how the AMASAMYA Accessibility Audit Tool ("the Extension", "AMASAMYA", "we") handles user data. AMASAMYA is a Chrome browser extension that audits web pages for compliance with the Web Content Accessibility Guidelines (WCAG) 2.2. The Extension is developed and maintained by Akhilesh Malani as an independent accessibility consultant.

AMASAMYA is designed to be a privacy-respecting tool. The developer operates no backend server that receives user data. All Extension processing takes place inside your browser. The only external network requests AMASAMYA initiates are optional and go directly from your browser to a Vision AI provider that you choose and configure with your own API key.

1. Scope

This policy covers the AMASAMYA Chrome extension distributed through the Chrome Web Store under item ID blnfmiipkccpggpinjofhhglfcgglbif. It does not cover the separate AMASAMYA Platform website hosted at amasamya.akhileshmalani.com, which has its own privacy disclosures. It does not cover third-party services you may choose to integrate with the Extension; those services are governed by their own privacy policies, linked in Section 7 below.

2. Categories of User Data and How Each Is Handled

Chrome Web Store policy requires explicit disclosure for each category of user data. The table below states, for every category Google defines, whether AMASAMYA collects it, what we do with it, where it is stored, and whom it is shared with.

Data category Collected? Purpose Storage Sharing
Personally identifiable information (name, address, email, age, ID number, phone) No Not applicable Not applicable Not shared
Health information No Not applicable Not applicable Not shared
Financial and payment information No Not applicable Not applicable Not shared
Authentication information (passwords, credentials, security questions) Yes, only when the user voluntarily enters a Vision AI API key in Settings. The API key is used to authenticate the user's own requests to the Vision AI provider they selected (Anthropic, OpenAI, or Google Gemini). Encrypted at rest in the user's browser using a non-extractable AES-GCM 256-bit master key generated by the WebCrypto API and held in IndexedDB. Never leaves the user's device in plaintext. Never transmitted to the developer. Not shared with the developer. Transmitted only to the Vision AI provider whose key it is, when the user actively runs the Focus Indicator Narrator or Visual Layout Auditor module.
Personal communications (email, SMS, chat messages) No Not applicable Not applicable Not shared
Location (GPS, IP-based, region) No Not applicable Not applicable Not shared
Web history (URLs visited, browsing history) No persistent storage. The URL and title of the currently active tab are read at audit time only to populate the audit report header. Inclusion in the on-device audit report so the user can identify which page the findings refer to. Held only in chrome.storage.session for the duration of the current browser session and discarded when the session ends. Not shared with the developer. Not transmitted to any third party.
User activity (clicks, mouse position, scroll, keystrokes) No Not applicable Not applicable Not shared
Website content (text, images, sounds, videos, hyperlinks) Limited. When the user runs the Focus Indicator Narrator or Visual Layout Auditor, AMASAMYA captures screenshots of the active tab. The WCAG Audit Engine and State Change Watchdog read DOM nodes locally but do not export them. Screenshots are sent to the Vision AI provider the user has configured, so the provider can analyse focus indicators and visual layout. DOM reads are used only for in-browser audit logic. Screenshots are not stored. They are sent to the chosen Vision AI provider as part of a single request and discarded from Extension memory once the response returns. DOM data is not persisted. Screenshots: shared only with the Vision AI provider the user has selected (Anthropic, OpenAI, or Google Gemini), using the user's own API key. Never shared with the developer.

3. Data the Developer Never Receives

The developer of AMASAMYA operates no backend server for the Extension. The following are never transmitted to, collected by, stored by, or accessible to the developer under any circumstances:

4. Local Storage on Your Device

AMASAMYA uses Chrome's extension storage APIs entirely on your device. The two storage areas the Extension uses are:

No data from these storage areas is transmitted off your device by the Extension.

4.1 Threat model for at-rest encryption

The non-extractable master key blocks passive exfiltration: a malicious browser extension that reads localStorage, a stolen disk image, or a backup that captures profile data sees only opaque ciphertext rather than usable keys. It does not protect against an active attacker who can run JavaScript inside the AMASAMYA origin, because such an attacker can ask the WebCrypto sandbox to decrypt on their behalf. Treat the encryption as defence-in-depth, not as a substitute for revoking and rotating any API key you suspect has been exposed.

5. How Data Is Used

AMASAMYA uses the limited data it handles for exactly three purposes:

6. Data Sharing

AMASAMYA does not sell, rent, trade, or share user data with third parties for advertising, profiling, or any other commercial purpose. The Extension never transmits user data to the developer's servers because the developer operates no such servers.

The only external data transfer that AMASAMYA initiates is the optional transmission of page screenshots to the Vision AI provider you have configured, using your own API credentials. This transfer happens only when you actively run the Focus Indicator Narrator or Visual Layout Auditor modules and only with the provider you have selected.

7. Third-Party Services

If you configure a Vision AI provider, screenshots you choose to send are processed under that provider's own privacy policy and terms of service. AMASAMYA has no affiliation with these providers beyond offering an optional integration. Review their policies before enabling the optional modules:

8. Permissions Used and Why

AMASAMYA requests the minimum set of Chrome permissions needed to function. Each permission is justified below.

9. Data Retention

10. Security

AMASAMYA applies the following security measures to the data it handles:

11. Your Rights and Choices

Because AMASAMYA does not collect personally identifiable information and stores all user-controlled data on your own device, you exercise the equivalents of access, correction, deletion, and portability rights directly:

12. Children's Privacy

AMASAMYA is intended for professional accessibility testers and developers. It is not directed at children under 13, and the developer does not knowingly collect data from children. If you believe a child has used the Extension and provided data, contact the address in Section 16.

13. International Users

Because AMASAMYA does not transmit user data to a developer-operated backend, there is no cross-border transfer initiated by the Extension itself. Optional Vision AI requests you initiate may be processed in the region operated by the provider you selected; consult their privacy policy (linked in Section 7) for details.

14. Compliance

AMASAMYA is designed to be compatible with the data-handling obligations of GDPR (EU), CCPA and CPRA (California), and the Chrome Web Store Developer Program Policies. The developer is the data controller for the limited categories described in Section 2. Because no personal data is collected or processed by the developer, most rights-request procedures under GDPR and CCPA are not applicable; you exercise the practical equivalents on-device as described in Section 11.

15. Changes to This Policy

We may update this policy from time to time. Material changes will be reflected in the "Effective date" line at the top of the policy. Continued use of the Extension after changes constitutes acceptance of the revised policy. Significant changes will also be noted in the Extension's Chrome Web Store listing.

16. Contact

For privacy questions, data-rights requests, or to report a suspected privacy issue, contact the developer directly:

The developer is Akhilesh Malani, an independent accessibility architect and digital inclusion strategist. AMASAMYA is fully self-funded with no investor or third-party influence on this privacy policy or the feature roadmap.