Privacy Notice

Last updated: 27 May 2026

Bouclier.ai is a research prototype. It is not a commercial product.

The Software and the Site are published for evaluation, security research, academic study, and personal experimentation only. The privacy posture described below reflects this status and does not constitute a commercial data-processing offering. See the Terms of Use for the full prototype framing.

Bouclier.ai processes all prompt and attachment content locally on your device. The app collects no personal data, has no analytics, no crash reporting, and no user accounts. The only information that ever reaches a bouclier.ai server is a single anonymous timestamp when you click the Download button on this marketing site — full scope described below.

What Bouclier.ai does

Bouclier.ai is a local network proxy that scans outbound AI API traffic for prompt injection attacks and inspects outbound attachments (images, PDFs, short audio clips) for personal data. It intercepts HTTPS connections to a specific set of AI API domains, decrypts them using a locally-generated certificate authority, inspects the request, and forwards the request to the intended destination. Text prompt bodies and request headers are forwarded byte-for-byte; the only content the Software ever modifies on the way out is an attachment that the on-device scanner has flagged as containing personal data.

Intercepted domains

Bouclier.ai only intercepts traffic to these specific domains. All other network traffic is completely untouched:

api.openai.com, api.anthropic.com, api.cohere.com, api.mistral.ai, generativelanguage.googleapis.com, api.together.xyz, api.groq.com, api.perplexity.ai, api.fireworks.ai, openrouter.ai

Organizations using MDM can add additional domains via managed app configuration.

Network connections

AI API forwarding — forwarding your requests to their intended destination. Content may be modified if a prompt injection is detected.
Update check — checking for software updates via appcast.xml hosted on bouclier.ai. Transmits app version, macOS version, CPU architecture, and preferred language. No personal data or request content.
SIEM webhook (enterprise only)— if and only if configured by an organization's IT administrator via MDM, scan event metadata (timestamp, host, pattern, severity) is sent to that organization-controlled endpoint. Never enabled by default. Cannot be configured by the user.

Marketing site (bouclier.ai)

When you click the "Download" button on bouclier.ai, the server records a single anonymous event consisting of (a) the time of the click, (b) the requested app version, and (c) the channel string(e.g. "site") that the link carries. That's it.

We do not record, store, or transmit:

your IP address;
your user-agent string or device fingerprint;
the referring page or any UTM parameter;
your country or any geolocation derived from the request;
any cookie, session token, or other identifier.

The event is recorded so we can see whether anyone is downloading the beta. It cannot be linked back to you. The marketing site does not use Google Analytics, Plausible, PostHog, Mixpanel, Segment, Fathom, or any equivalent product analytics tool, and never has.

Data stored locally

Stored at ~/Library/Application Support/ai.bouclier.app/:

Scan logs — timestamp, source, target host, detection status, pattern IDs, severity, request size. No request body content. Auto-deleted after 30 days.
Daily stats — date, requests scanned, injections blocked. Retained 365 days.
CA certificate — public PEM file (not sensitive).
CA private key — macOS Keychain (encrypted at rest), kSecAttrAccessibleWhenUnlockedThisDeviceOnly. Never written to disk in plaintext.
Preferences — proxy port, notifications, launch-at-login. Via UserDefaults.

Data we collect

None. Bouclier.ai has no user accounts, no analytics, no crash reporting, and no usage telemetry.

Data we share

None. The SIEM webhook feature sends metadata to infrastructure controlled by the organization's IT administrator, not to Bouclier.ai or any third party.

Detection method

Prompt-injection scanning combines deterministic regex pattern matching, heuristic scoring, and on-device Meta Llama Prompt Guard 2 classification.

When attachment inspection is enabled, files attached to outbound LLM requests are scanned on-device using Apple Vision (image OCR + face detection), PDFKit (PDF text extraction + OCR fallback) and SFSpeechRecognizer with requiresOnDeviceRecognition set, so audio is transcribed without leaving your Mac. The extracted text is then run through the same on-device PII detector stack. No request body, response body, prompt content, attachment content, or transcript is ever sent to any external service.

Text prompt bodies and HTTP request headers are forwarded byte-for-byte; the Software does not modify outbound prompts or headers under any circumstance. This is pinned by an end-to-end test in the public repository.

Attribution

Built with Llama. Bouclier.ai uses Meta Llama Prompt Guard 2 locally on your Mac. The bundled legal notice and Llama 4 Community License are distributed with the app and in this repository.

Certificate authority

A local root CA is generated on your device during setup, used solely to decrypt AI API traffic for inspection. The private key never leaves your device. Removable at any time via Settings.

Auditing

The Software is open source under Apache 2.0; the entire codebase, including the regex patterns, the on-device classifier integration, and the test suite, is published at github.com/SuperstellarLLC/bouclier-ai. You can audit, fork, rebuild, and verify the behaviour of every component. No additional commercial audit programme is offered.

Your rights

Because no personal data is collected by the Software or transmitted to any Bouclier.ai-controlled server, there is no profile, account, or stored record we could give you access to, rectify, port, or erase on your behalf. The data the Software generates lives on your device and is fully under your control: stored under ~/Library/Application Support/ai.bouclier.app/ and removable at any time by uninstalling the app or by deleting the application support directory.

For data subjects in Switzerland (revised FADP) and the European Economic Area (GDPR), the rights of access, rectification, deletion, restriction of processing, objection, and data portability formally apply to any personal data we hold — which, as described above, is none beyond a single anonymous click event on the Site. You may nevertheless contact us using the address below to confirm this status.

Children

The Software is not directed at children under the age of sixteen (16). We do not knowingly collect data from anyone, including children.

Sub-processors

The Site is hosted on Vercel Inc. infrastructure. Vercel may, in the ordinary course of delivering web pages, log standard HTTP request metadata at its edge nodes (transit IP, request path, status code, timestamp) for periods set by its own policy. We do not aggregate, analyse, or persist that data on our side. No other sub-processor receives any information generated by the Software or the Site.

Governing law and exclusive jurisdiction

This Notice is governed by Swiss law. Any dispute arising out of or relating to the processing of personal data described in this Notice shall be subject to the exclusive jurisdiction of the ordinary courts of the Canton of Zug, Switzerland, save that any non-waivable right granted to a data subject by mandatorily-applicable consumer or data-protection law of the subject's habitual residence is preserved.

Changes to this Notice

We may update this Notice at any time by publishing a revised version on the Site. The "Last updated" date above identifies the current version. Material changes affecting how personal data is processed will be summarised in the project changelog and, where reasonably practicable, surfaced in the in-app "What's new" sheet shown on first launch of a new version.

Contact

Privacy: privacy@bouclier.ai

Support: support@bouclier.ai

Postal address for written privacy requests will be provided on request.