Privacy License Guardian

Users see privacy, data protection & AI training risks on any site. Website owners generate privacy policy and AI governance licenses with 1 click. Built with Chrome Prompt, Summarizer & Rewriter API

Comment

Privacy License Guardian

Inspiration

The EU AI Act Article 53(1)(c) became enforceable August 2, 2025, requiring AI companies to respect machine-readable content rights - with penalties up to €35M for non-compliance. Yet there was no accessible tool for everyday users to understand privacy risks or generate compliant AI governance. Recently Anthropic paid $1.3B for lacking clarity on AI content rights and Hollywood was taken by the storm by AI Actor Tilly norwood, where creators have no standardized way to set rules, request attribution and compensation for their content, while AI scrapes the web.

Having built AI Privacy License (already adopted in 42+ countries and validated by 120 Fortune 500 companies), I saw an opportunity: Chrome's new built-in AI APIs could democratize enterprise-grade AI governance, making it accessible to everyone - not just companies with legal teams and compliance budgets.

The inspiration was simple: what if anyone could audit privacy risks on any website AND generate legally-compliant AI governance - all locally on their device, with zero server costs, using Chrome's Gemini Nano?

50 Feet Vision

TCP/IP Layer of $50B Data creator and copyright Economy, DNS of AI Compliance, the world's first machine-readable, legally enforceable post-crawl data governance protocol

Just like how every website has privacy policy, every website will also have an ai privacy license to tell ai how to interact with that content → Nutrition label of data that travels with the data.

My vision was to reimagine privacy as the foundation of the next internet, creating a seamless, automated trust layer that empowers creators and companies to protect rights, unlock markets, and innovate without limits.

First, the internet connected information. (Watch) Now, AI learns from it. And what comes next will redefine them both. The internet has no shared rules for how AI uses content, and no infrastructure for creators and AI companies to work together. This isn't a fight between creators and AI. It's missing infrastructure at the internet's core. AI Privacy License is that missing layer. Your content becomes a self-enforcing, legally binding protocol, traveling across the AI ecosystem with its rights intact, automatically executing your rules anywhere it goes.

It's upon the creators to define their own terms with training permissions, attribution, commercial use, NDAs, pre-clearance, and more, instantly using this chrome extension. AI companies read them instantly, license in seconds, stay compliant by design, and innovate with trust. This is the infrastructure on which the next internet will be built. Transforming creative works into autonomous digital assets, self-protecting, self-enforcing, generating value for their creators, and providing AI companies with clear, compliant access.

Autonomous Digital Asset Economy

We are building autonomous digital asset economy, where content:

  1. Manages its own rights
  2. Negotiates its own terms
  3. Generates revenue for creators without human intervention

Imagine:

  1. News sites setting automatic rules for AI use of their articles, from requiring attribution to charging per excerpt
  2. A photograph auto-licensing itself for visual AI training
  3. Code setting its own usage terms for AI models
  4. Research papers enforcing attribution in scientific datasets

...without needing human involvement.

Why Now

Robots.txt is ignored and not legally binding; Cloudflare's binary block-or-allow approach can't handle nuanced use cases and stalls business for both creators and AI companies.

Many site owners want AI access, but on their terms, with attribution or payment. My protocol enforces those customized terms as legally binding after the scrape, anywhere online, via cryptographic fingerprinting.

EU AI Act enforcement began last week, €35M penalties for AI companies for ignoring machine-readable rights. This is the only live solution that meets those requirements.

What It Does

Privacy License Guardian is a two-sided AI governance tool:

For Website Visitors:

  • Scan any webpage to see privacy risks, data collection practices, and AI training permissions
  • Get plain-English explanations of complex privacy policies
  • See a 0-100 privacy score with specific recommendations
  • Detect if a site has an AI Privacy License

For Website Owners:

  • Generate comprehensive Privacy Policy and AI Privacy Licenses in minutes (not months)
  • Use natural language to fill 50+ governance parameters ("block all AI training" → AI selects correct settings)
  • Get ready-to-deploy enforcement instructions for 10+ integration methods
  • Create EU AI Act Article 53(1)(c) compliant governance instantly

All processing happens locally using Chrome's built-in AI - your data never leaves your device.

User Stories

  1. Creator: Scans their website and discovers that AI bots can train on their portfolio. Generates an AI Privacy License in seconds to block unauthorized training.

  2. Startup Founder: Uses the Chrome extension to instantly generate a GDPR + EU AI Act–compliant privacy policy without hiring legal counsel.

  3. Everyday User: Checks if a news site or app respects privacy before submitting an email or uploading data — gets an instant privacy score and explanation.

Regulatory Relevance

The EU AI Act Article 53(1)(c) (effective August 2, 2025) mandates machine-readable content rights for all AI training data. Privacy License Guardian is the first Chrome extension that automatically generates and enforces these rights locally — addressing compliance penalties of up to €35 million per violation. It is the only client-side tool that meets these requirements while empowering users to manage their own AI governance.

Accessibility & Inclusion

By rewriting complex legal policies into plain English and providing translation into 10+ languages, Privacy License Guardian makes privacy comprehension accessible to everyone, not just lawyers or English speakers.

Vision Statement

We’re building the trust layer for the AI era, where every piece of content online can self-protect, self-license, and self-explain. Just like HTTPS secured the web, Privacy License Guardian will make every webpage ethically compliant by default, giving users and AI systems a shared, transparent foundation for the next internet.

Why Chrome Built-in AI Was Essential

Privacy License Guardian could not exist before Chrome’s built-in Gemini Nano and AI APIs. Previous privacy scanners relied on server-based NLP models, which introduced latency, cost, and privacy risks. By running entirely client-side with Chrome’s new on-device AI, we achieved: a. Real-time analysis directly in the browser b. Full privacy, no data leaves the device c. Zero infrastructure or API costs d. Offline availability for all users

This makes privacy governance accessible to everyone, not just companies with legal teams.

How We Built It

Chrome AI APIs (7 integrated):

  • LanguageModel/Prompt API: Content analysis, privacy risk detection, intelligent form filling
  • Summarizer API: Distill complex privacy policies into key points
  • Writer API: Generate license clauses and governance descriptions
  • Rewriter API: Convert legal language to plain English
  • Translator API: Multilingual license generation
  • Proofreader API: Polish professional outputs

Privacy License Guardian integrates seven of Chrome’s built-in AI APIs to deliver a fully client-side privacy governance experience. The Prompt API serves as the core reasoning engine, detecting privacy risks and generating enforcement clauses from natural language prompts. The Summarizer API condenses lengthy privacy policies and terms of service into concise, user-friendly bullet points, while the Rewriter API translates complex legal jargon into plain, accessible English. The Writer API creates new, compliant governance sections such as AI training disclosures or data-use clauses, and the Proofreader API refines the final legal outputs for clarity and professionalism. The Translator API enables instant multilingual generation of AI Privacy Licenses in languages like Spanish, French, and Hindi. Finally, the LanguageModel API powers natural language form filling, intelligently mapping user instructions such as “block all AI training” into structured configuration parameters. Together, these APIs make Privacy License Guardian a seamless, offline, and privacy-first solution powered entirely by Chrome’s on-device Gemini Nano.

Architecture:

  • Manifest V3 Chrome Extension with content scripts for full DOM scraping
  • Service worker for comprehensive API diagnostics
  • ES6 modules for clean code organization (AIService, LicenseGenerator, EnforcementGenerator)
  • Advanced JSON parsing with 6 fallback strategies for robust AI response handling

Extension Architecture (Manifest V3):

  • Content Script: Scrapes DOM for privacy policies, terms, and metadata.
  • AI Service Module: Routes text to Chrome Built-in AI APIs (Prompt, Summarizer, Rewriter, etc.) for on-device processing.
  • License Generator: Builds AI Privacy Licenses and governance outputs.
  • Privacy Score Engine: Calculates a 0–100 risk score based on AI analysis.
  • Service Worker: Manages API calls, caching, and offline processing.
  • All inference and processing happen locally — no external API calls, no server dependencies.

Key Technical Innovations:

  • Natural language form filling with 5-step smart matching algorithm
  • Privacy score calculation based on detected risks
  • SHA-256 hashing for content verification
  • Multi-source privacy policy detection (page, robots.txt, terms of use)
  • API compatibility layer supporting Chrome 138-142+

Challenges We Ran Into

1. Chrome AI API Compatibility

Chrome 138-141 uses the legacy chrome.ai API while Chrome 142+ uses LanguageModel API. Building a compatibility layer that gracefully handles both versions while maintaining feature parity required careful abstraction and extensive testing. To ensure smooth user experience, we built a compatibility layer that:

  • Detects Chrome version dynamically
  • Maps old API calls to new interfaces
  • Preserves feature parity and model responses
  • This guarantees consistent performance across the transition to Gemini Nano.

2. Robust JSON Parsing

AI-generated responses often came wrapped in markdown code blocks or contained unescaped quotes. Built a sophisticated parser with 6 fallback strategies: markdown removal, quote escaping with state machine tracking, structural isolation, and field-specific repairs.

3. Natural Language Form Filling

Mapping user descriptions like "block all AI training" to specific form values across dropdowns, multiselects, checkboxes, and text fields required building a 5-step matching algorithm with fuzzy matching, value mapping, and intelligent defaults.

4. Content Script Injection

Some pages block or restrict script injection. Implemented retry logic with multiple injection strategies and fallback mechanisms to ensure reliable DOM scraping across diverse websites.

5. Privacy Score Algorithm

Balancing severity weights, risk categories, and edge cases to produce meaningful 0-100 scores that accurately reflect privacy practices required iterative refinement and testing across 50+ websites.

Accomplishments That We're Proud Of

🏆 Technical Excellence:

  • Successfully integrated 7 Chrome AI APIs - the most comprehensive use of Chrome's AI stack we've seen
  • Built 100% client-side - zero server costs, complete privacy, works offline
  • Created the first natural language form filling system for AI governance

🌍 Real-World Impact:

  • Built on a standard already adopted in 42+ countries
  • Validated by 120 Fortune 500 companies
  • EU AI Act Article 53(1)(c) compliant - addresses €35M regulatory penalties
  • Proven effectiveness: Successfully blocked Perplexity where Cloudflare's anti-bot failed

💡 Innovation:

  • First tool to make enterprise AI governance accessible to individual website owners
  • Two-sided approach creating network effects - visitors drive owner adoption
  • Democratizing compliance that previously required legal teams and months of work

⚡ Execution:

  • Complete working extension with comprehensive documentation
  • Production-ready code with robust error handling
  • Educational content with 40+ sensitivity definitions, 100+ data types

Real World Impact Metrics

  • Adopted by users in 42+ countries
  • Validated by 120+ Fortune 500 companies
  • Successfully blocked Perplexity scraping attempts where Cloudflare failed
  • Analyzes 50+ data types and 40+ sensitivity categories
  • 100% client-side, zero data transfer, zero cost, zero latency

What We Learned

Chrome AI APIs are incredibly powerful but require careful handling:

  • LanguageModel API (Chrome 142+) vs chrome.ai (138-141) have different interfaces
  • Prompt engineering is critical - structured outputs need explicit formatting instructions
  • AI responses are non-deterministic - robust parsing with multiple fallbacks is essential
  • Client-side AI democratizes capabilities previously requiring expensive server infrastructure

Privacy analysis at scale needs multiple data sources:

  • Privacy policies alone aren't enough - need full DOM analysis
  • Terms of use often contain AI licensing that privacy policies don't mention
  • Third-party tracking detection requires understanding modern web architecture
  • Plain-English summaries dramatically improve user understanding

Developer experience matters:

  • Natural language interfaces reduce friction for non-technical users
  • Smart defaults with AI recommendations make complex forms accessible
  • Clear error messages and status indicators build trust
  • Comprehensive documentation is essential for adoption

Regulatory compliance can be a feature, not just a requirement:

  • EU AI Act creates massive demand for accessible governance tools
  • Compliance infrastructure that works client-side is a competitive advantage
  • Machine-readable standards enable automation at scale

What's Next for AI Privacy License

Immediate (Post-Hackathon):

  • Chrome Web Store publication - make it available to 3.45 billion Chrome users
  • Community feedback integration - refine UI/UX based on user testing
  • Additional language support - expand beyond English for global adoption
  • Mobile optimization - adapt for Chrome on Android

Near-Term (3-6 months):

  • Browser compatibility - Port to Firefox, Edge, Safari
  • Advanced analytics - Privacy trend tracking across sites
  • Batch processing - Generate licenses for multiple properties at once
  • Integration with Privacy License ecosystem - Connect to the full marketplace and AI detection infrastructure

Long-Term Vision:

  • Privacy License Guardian Premium - Advanced features for enterprises (bulk licensing, team management, audit trails)
  • API for developers - Enable third-party integrations
  • Smart contract automation - Blockchain-based enforcement and micropayments
  • Contribute to W3C standards - Help shape machine-readable rights protocols

The Bigger Picture:

Privacy License Guardian is the consumer entry point to the $50B AI data economy. As more users generate AI Privacy Licenses, the network effect drives adoption - visitors check sites, owners realize they need governance, AI companies gain legal clarity. This extension democratizes what was previously enterprise-only, making ethical AI governance accessible to everyone.

Our goal: Make Privacy License Guardian as ubiquitous as ad blockers - a must-have tool for conscious web browsing in the AI era.

Built With

  • api
  • chromeextension
  • gemini
  • languagemodelapi
  • prompt
  • proofreaderapi
  • rewriterapi
  • summarizerapi
  • translatorapi
  • writerapi
Share this project:

Updates