Last updated: June 13, 2026 · Effective: June 13, 2026

Privacy Policy

界 Kai is a browser extension that detects credential-harvesting UI. In one line: detection runs 100% on your device, and no page content, credential or domain is ever sent anywhere. There is no telemetry and no account.

Summary: 界 Kai reads page structure locally to decide inform / warn / block. It keeps your settings and allowlist in local browser storage, never transmits what a page contains or what you type, and has no ads or third-party trackers.

1. On-device only

All scoring and decisions run inside your browser and work offline. 界 Kai makes no network request to any rmthreat server as part of detection. Nothing about the pages you visit is uploaded.

2. What is stored locally

The following lives only in your browser (chrome.storage.local) and is never sent off-device:

Settings — detection on/off, blocking mode, sensitivity threshold.
Allowlist & per-site decisions — hosts you trust or block, and "trust this site" choices.
Local reputation — the signed per-domain modifiers you curate.

3. What we never collect

No page content, form values, or anything you type.
No credentials or keystrokes.
No browsing history, domains, tab list, or IP/cookies.
No analytics, ads, or third-party trackers, and no account.

4. On-device AI (optional)

For borderline cases only, 界 Kai may ask Chrome's built-in model (Gemini Nano, via the Prompt API) to adjudicate. This runs entirely on your device — no model download triggered by us, no network request, and only structural features are passed to it locally. Its verdict is advisory and bounded; it can never force trust. If the model is unavailable, the step is skipped.

5. Optional local feeds

If you enable an optional reputation feed, 界 Kai downloads the list and matches it locally. A feed fetch is a one-way download that carries no page data, no browsing history and no identifier.

6. Permissions

Permission	Why
`<all_urls>`	Credential-harvesting UI can appear on any site, so the content script inspects page structure on all domains. Processing is always local; page content is never sent.
`storage`	Store your settings, allowlist and curated reputation locally.
`offscreen`	Host the on-device AI session (when used) in a stable local context.

7. Your controls

Allowlist — add, remove, import or export the hosts you trust or block.
Tune detection — sensitivity threshold and blocking mode are yours to set.
Delete everything — remove the extension or clear its storage to erase all local data.

8. Changes & contact

If our data practices change, we'll update this page and the "Last updated" date. Questions: privacy@rmthreat.com or kai.rmthreat.com.

← Back to home · Terms of Use