AI Act Scan — Privacy Policy

Sovereign Systems · Thiago de Sousa Barbosa Monteiro
Last updated: May 2026 · Version 1.0.0

What this extension does

AI Act Scan is a technical compliance diagnostic tool for the EU AI Act 2024/1689. When activated on a website, it analyzes publicly visible elements of that page to assess compliance with Articles 9, 12, 13, 14, 15, 49 and 50 of the EU AI Act.

What data is processed

The extension reads the following from the currently active browser tab:

• The page URL and domain name
• Publicly visible HTML elements (chatbot widgets, privacy policy links, page text)
• The browser's language setting (to display the interface in the correct language)

This data is processed entirely within your browser. It is never sent to any external server.

What data is stored locally

The extension stores the following data in chrome.storage.local on your device only:

• Whether you have accepted the terms of use (true/false)
• An anonymous consent receipt: a SHA-256 hash of the terms text, a timestamp, and a randomly generated session ID. This contains no personal information.
• A log of report hashes: the SHA-256 hash of each report generated, the site domain, timestamp, and number of compliance gaps. No personal data is included.

What you download

When you click "Download Report", a JSON file is saved to your device. This file contains:

• The compliance assessment results for the analyzed site
• Your answers to the 5 diagnostic questions
• The anonymous consent receipt
• A SHA-256 hash for integrity verification

This file stays on your device. It is not uploaded anywhere.

Permissions used

• activeTab — to read the currently open tab's URL and inject the page analysis script when the user activates the extension
• scripting — to run the page analysis script that detects AI systems on the page
• storage — to save the consent receipt and report log locally on your device

This extension does not use global host permissions (<all_urls>). It only accesses the tab where the user explicitly activates it.

Third parties

This extension does not use any third-party analytics, advertising networks, or tracking services. No data is shared with any third party.

GDPR compliance

This extension is designed to be fully compliant with Regulation (EU) 2016/679 (GDPR). No personal data is processed within the meaning of Article 4(1) GDPR. The anonymous consent receipt constitutes processing under Article 6(1)(b) (performance of a contract/terms of use) and contains no data that could identify a natural person.

Legal disclaimer

Reports generated by this extension do not constitute certified legal advice. They are technical diagnostic outputs intended to support compliance efforts. Final legal compliance decisions require a qualified lawyer. Sovereign Systems assumes no liability for decisions based on reports generated by this extension.

Changes to this policy

If this policy changes in a material way, the extension version number will be incremented and the terms acceptance will be reset, requiring users to review and accept the updated terms before continuing.