Privacy Policy

Last updated: June 23, 2026

The short version

Sigil drives the Chrome browser on your own computer, not a browser in the cloud. We do not collect the data you care about. We do not retain anything entered into forms, nor anything read or extracted from the pages your agent visits. That content never leaves your computer.

The only operational data we collect is a record of the URLs your agent visits and the actions it takes, such as "click," "type," "scroll," or "navigate." We use this to make the product work, keep it secure, and improve it. We do not collect the values you type, the text on the pages, the documents you open, or any of their contents.

You can delete any of these log records at any time from the Sigil admin interface.

1. Introduction

This Privacy Policy describes how Sigil ("Sigil," "we," "us," or "our") collects, uses, discloses, and safeguards information in connection with the Sigil application, browser agent, websites, and related services (collectively, the "Service"). It applies to individuals who download, install, or use the Service and to visitors of our websites.

By using the Service, you agree to the collection and use of information in accordance with this Policy. If you do not agree with this Policy, please do not use the Service. Capitalized terms not defined here have the meaning given to them in our Terms of Service.

2. Our privacy principles

Sigil is built around local-first execution. A few principles follow from that:

  • Local by default. The agent runs on the Chrome browser already installed on your machine. Page content, form inputs, credentials, cookies, sessions, and any data the agent reads or writes stay on your device.
  • Minimal collection. We collect only what we need to operate the Service, and never the contents of the pages or forms your agent interacts with.
  • No sale of personal data. We do not sell your personal information, and we do not share it for cross-context behavioral advertising.
  • Purpose limitation. Information we do collect is used for the purposes described in this Policy and not repurposed without notice.

3. Information we collect

3.1 Agent activity metadata

When the agent operates, we collect a structured log of the URLs it visits and the actions it performs (for example, "click," "type," "select," "scroll," "navigate," or "wait"). This metadata describes what kind of action occurred and where, but not the content involved. We do not collect the text you or the agent type into fields, the contents of forms, the data read or extracted from any page, the files you open, or any screenshots of page content.

3.2 Account and contact information

If you create an account, join a waitlist, request a demo, or contact us, we collect information you provide directly, such as your name, email address, company name, and the contents of your messages.

3.3 Device and diagnostic information

We may collect technical information about the device and software you use to access the Service, such as operating system, application version, browser version, language settings, crash reports, and performance diagnostics. This helps us maintain compatibility and fix bugs.

3.4 Usage and analytics information

On our websites and within the application, we collect aggregated usage information such as feature usage, session frequency, and referring pages. Our website uses Google Analytics. See Section 8 for details on cookies and analytics.

3.5 Payment information

If you purchase a paid plan, payment is processed by a third-party payment processor. We do not store full payment card numbers on our systems. We may retain limited billing records such as transaction amounts, dates, and the last four digits of a card.

4. What we do not collect

To be explicit, Sigil does not retain or transmit to our servers:

  • The contents of any web page the agent reads, including text, images, documents, or extracted data.
  • Anything you or the agent enter into forms, including search queries, messages, or field values.
  • Usernames, passwords, authentication tokens, cookies, or session data for the sites you use.
  • Files, downloads, or clipboard contents handled on your device.

This information is processed locally on your computer so the agent can do its job, and is not collected by Sigil.

5. How we use information

We use the information we collect to:

  • Provide, operate, maintain, and secure the Service.
  • Detect, prevent, and respond to fraud, abuse, security incidents, and technical issues.
  • Diagnose problems, debug failures, and improve reliability and performance.
  • Understand how the Service is used so we can improve features and usability.
  • Communicate with you about your account, updates, security alerts, and support requests.
  • Comply with legal obligations and enforce our agreements.

6. Legal bases for processing

Where the General Data Protection Regulation (GDPR) or similar laws apply, we process personal data on the following legal bases: performance of a contract with you; our legitimate interests in operating and securing the Service; compliance with legal obligations; and your consent, where required (for example, certain analytics cookies). You may withdraw consent at any time where processing is based on consent.

7. How we share information

We do not sell your personal information. We may share information in the following limited circumstances:

  • Service providers. With vendors who perform services on our behalf, such as hosting, analytics, error reporting, and payment processing, under contracts that require them to protect the information and use it only for the services they provide to us.
  • Legal and safety. When required by law, subpoena, or other legal process, or when we believe disclosure is necessary to protect the rights, property, or safety of Sigil, our users, or the public.
  • Business transfers. In connection with a merger, acquisition, financing, or sale of assets, in which case information may be transferred as part of that transaction, subject to this Policy.
  • With your direction. When you ask us to share information or integrate with a third-party service you have chosen.

8. Cookies and analytics

Our websites use cookies and similar technologies to operate the site, remember preferences, and measure traffic. We use Google Analytics to understand site usage; Google may set cookies and process information as described in its own privacy policy. You can control cookies through your browser settings and, where available, through any cookie controls we provide. Disabling cookies may affect site functionality.

9. Third-party services and websites

The agent operates on third-party websites and services that you direct it to use. Those sites are governed by their own terms and privacy policies, and Sigil is not responsible for their practices. We encourage you to review the policies of any third-party service you access through the Service.

10. Data retention

We retain personal information only for as long as necessary to fulfill the purposes described in this Policy, including providing the Service, complying with our legal obligations, resolving disputes, and enforcing our agreements. Agent activity metadata and diagnostic data are retained for a limited period and then deleted or aggregated. Data that stays on your device is retained according to your own settings and is removed when you delete it locally or uninstall the application.

11. Security

We use administrative, technical, and organizational measures designed to protect information against unauthorized access, loss, misuse, or alteration. The local-first design of Sigil means sensitive content does not transit our servers in the first place. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security.

12. International data transfers

We may process and store information in countries other than the one in which you reside. Where we transfer personal data across borders, we use appropriate safeguards, such as standard contractual clauses, as required by applicable law.

13. Your rights and choices

Depending on where you live, you may have rights to access, correct, delete, or port your personal information, to object to or restrict certain processing, and to withdraw consent. Residents of the European Economic Area, the United Kingdom, and California, among others, may have specific rights under the GDPR, UK GDPR, and the California Consumer Privacy Act (CCPA/CPRA), including the right not to be discriminated against for exercising those rights.

To exercise any of these rights, contact us using the details in Section 17. We will respond as required by applicable law and may need to verify your identity before acting on a request.

14. Children's privacy

The Service is not directed to children under the age of 16, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will take appropriate steps to delete it.

15. Do Not Track

Some browsers offer a "Do Not Track" signal. Because there is no common industry standard for interpreting these signals, our websites do not currently respond to them. We will update this Policy if that changes.

16. Changes to this Policy

We may update this Policy from time to time. When we do, we will revise the "Last updated" date above and, for material changes, provide additional notice as appropriate. Your continued use of the Service after an update takes effect constitutes acceptance of the revised Policy.

17. Contact us

If you have questions about this Policy or our privacy practices, contact us at [email protected].