Privacy Policy

Last updated: March 1, 2026

The short version

CitrusGlaze is an AI security tool that runs 100% locally on your machine. Your AI prompts, responses, and detected secrets never leave your device. We don't sell data. We don't use third-party analytics on our website. We collect the minimum data needed to operate.

1. What CitrusGlaze (the software) collects

Nothing leaves your machine.

The CitrusGlaze proxy and scanner run entirely on your local device. All AI traffic inspection, secret detection, and analytics happen locally. No telemetry, no phone-home, no cloud processing. Your prompts, responses, secrets, and usage data are stored only in a local SQLite database on your machine.

You can verify this by inspecting the source code or monitoring network traffic while the proxy runs.

2. What the website (citrusglaze.dev) collects

When you visit citrusglaze.dev, we collect:

• Page views: Which page you visited, timestamp, referrer, and UTM parameters (if any). We use a privacy-preserving fingerprint derived from your IP address and user agent — we do not store your IP address or user agent directly.
• Interactions: CTA clicks and install command copies, stored with the same anonymous fingerprint.
• Email address: Only if you voluntarily submit it to download a report. We store your email, the page you submitted it from, and a download token.

What we do NOT collect on the website

• No Google Analytics
• No Facebook Pixel
• No third-party tracking scripts
• No cookies for tracking (we use no cookies at all)
• No IP addresses stored
• No personal information beyond email (if voluntarily submitted)

All website analytics are stored in a Cloudflare D1 database operated by us. No third party has access to this data.

3. Email communications

If you provide your email to download a report, we will send you:

• The download link you requested (immediately)
• Up to 2 follow-up emails over the next 7 days with related content

That's it. 3 emails maximum. Every email contains a one-click unsubscribe link. We use Resend as our email delivery service. We will never sell, rent, or share your email address with third parties.

4. Data storage and security

• Website analytics: Stored in Cloudflare D1 (SQLite), hosted on Cloudflare's infrastructure.
• Email addresses: Stored in Cloudflare D1. Download tokens expire after 72 hours.
• Local software data: Stored in SQLite on your machine at ~/Library/Application Support/CitrusGlaze/. We have no access to this data.

5. Data retention

• Website analytics: Retained for 12 months, then automatically deleted.
• Email addresses: Retained until you unsubscribe. After unsubscribe, your email is marked as "unsubscribed" and excluded from all future sends. We retain the record to ensure we never email you again.
• Local software data: Controlled entirely by you. Delete the database file or uninstall the app at any time.

6. Your rights

You can:

• Unsubscribe from emails at any time via the link in any email
• Request deletion of your data by emailing [email protected]
• Request export of your data by emailing the same address
• Delete local data by removing the CitrusGlaze database from your machine

We respond to all data requests within 30 days.

7. Children's privacy

CitrusGlaze is not directed at children under 13. We do not knowingly collect personal information from children.

8. Changes to this policy

We may update this policy. Changes will be posted on this page with an updated "Last updated" date. Material changes will be communicated via email to subscribers.

9. Contact

Questions about this privacy policy? Email [email protected].