NeoHuman

Privacy Policy

Last updated: March 11, 2026

Introduction

NeoHuman ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform (the "Service") and our Chrome Extension ("NeoHuman Challenge Companion"). Please read this policy carefully. By using the Service, you consent to the practices described in this Privacy Policy.

Information We Collect — Platform

Personal Information

When you create an account or use our Service, we may collect:

  • Name and display name
  • Email address
  • Profile picture
  • Account credentials (managed securely through our authentication provider, Clerk)

Usage Information

We automatically collect certain information when you use the Service:

  • Challenge participation and submission history
  • Interaction data (pages visited, features used)
  • Device information (browser type, operating system)
  • IP address and general location data
  • Cookies and similar tracking technologies

Chrome Extension — NeoHuman Challenge Companion

Our Chrome Extension is used during evaluation challenges to capture your session activity for performance assessment and real-time coaching. The extension only collects data while a challenge is actively in progress and stops immediately when you submit or exit the challenge.

Key Principle

When no challenge is active, the extension collects no data whatsoever. There is no background tracking, no browsing history collection, and no monitoring outside of challenge sessions.

Chrome Extension — Browser Permissions

The extension requests the following Chrome browser permissions:

sidePanel

Opens a side panel UI for challenge coaching and session controls.

activeTab & tabs

Reads the URL and title of your active tab to determine which AI platform you are using during a challenge.

storage

Stores challenge session state, user preferences, and authentication tokens locally in your browser.

Host permissions (specific AI platform domains)

The extension operates on designated AI platforms only (e.g., ChatGPT, Claude, Gemini, and other supported platforms). It does not have access to arbitrary websites.

Chrome Extension — Data Collected During Challenges

1. Screenshots

The extension captures periodic screenshots of the active AI platform tab during your challenge session.

  • Captured approximately every 5 seconds and on key interactions (e.g., sending a prompt, navigating)
  • Format: JPEG (compressed) — only the visible browser tab content
  • Screenshots pause automatically after 10 minutes of inactivity
  • Only captures the tab associated with your challenge — not other browser tabs or windows
  • Restricted URLs (chrome://, extensions, devtools) are never captured

2. User Input (Prompts)

The text of prompts you send to AI platforms during a challenge is captured to evaluate your problem-solving approach.

  • Captured on form submission, Enter key press, or send button click
  • Subject to automatic PII redaction before transmission (see Privacy Protections below)

3. AI Platform Context

The extension reads publicly visible UI elements on supported AI platforms to understand your session context:

  • Selected AI model (e.g., GPT-4o, Claude 3.5 Sonnet)
  • Agent/tool mode status (enabled or disabled)
  • Conversation message count
  • File names referenced in AI responses
  • Task status (idle, generating, completed, error)

4. Network Activity

The extension monitors API requests and WebSocket messages on supported AI platforms to capture AI agent behavior:

  • Request URLs, HTTP methods, and response status codes
  • Response bodies (text-based only; binary files like images are excluded)
  • WebSocket messages for real-time AI agent actions
  • Authentication endpoints (login, OAuth, token) are automatically excluded — only metadata is retained, response bodies are discarded

5. Navigation & Session Metadata

  • Tab URL and page title changes (checked every 3 seconds)
  • Session start time, duration, and conversation turn count
  • Scroll and DOM interaction events (for detecting user engagement)

Chrome Extension — Privacy Protections

Automatic PII Redaction

All captured text data is automatically scanned and redacted for sensitive information before it leaves your browser. The following patterns are detected and replaced with placeholder tokens:

  • API keys (OpenAI, Anthropic, Google, AWS, GitHub tokens)
  • SSH/PEM private keys
  • JWT tokens and Bearer tokens
  • Database connection strings (PostgreSQL, MongoDB, MySQL, Redis)
  • Generic credentials (passwords, secrets, access keys)
  • Email addresses
  • Social Security Numbers (SSNs)
  • Credit card numbers

PII redaction is best-effort using pattern matching. While we cover common credential formats, we recommend not entering sensitive personal information into AI platforms during challenge sessions.

Authentication Endpoint Protection

Network requests to authentication-related endpoints (login, OAuth, token exchange, SSO) have their response bodies automatically discarded. Only request metadata (URL, status code) is retained.

Challenge-Only Capture

Data collection is controlled by a capture gate system. Capture only begins when you explicitly start a challenge and ends immediately when you submit or exit. The extension performs no data collection outside of active challenge sessions.

Supported Sites Only

The extension only operates on a predefined list of AI platforms. It does not inject content scripts, capture screenshots, or monitor network activity on any other websites.

No Third-Party Analytics

The extension does not include any third-party analytics, advertising SDKs, or tracking services. All collected data is transmitted exclusively to NeoHuman servers.

Chrome Extension — Data Storage & Retention

In-Browser Storage

The extension stores minimal state data in Chrome's local storage: your user ID, session token, active challenge details, and UI preferences. Session-level state (active tab, tab group) is stored in Chrome session storage and is cleared when the browser is closed.

Data Transmission

Trace events are transmitted to our servers every 5 seconds. Screenshots are uploaded in batches every 30 seconds. A complete session summary is sent when the challenge ends. All transmissions use HTTPS encryption.

Server-Side Retention

Challenge session data (screenshots, trace events, session metadata) is retained on our servers for the duration necessary to complete the evaluation process. You may request deletion of your session data by contacting us.

Session End Cleanup

When a challenge ends, in-memory buffers (screenshots, event queues) are cleared from the extension. Local storage is reset to a clean state. No residual challenge data remains in your browser after session completion.

How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Evaluate challenge submissions and provide performance feedback
  • Deliver real-time coaching during challenge sessions
  • Manage your account and provide customer support
  • Send you updates and notifications related to your challenges
  • Analyze usage patterns to enhance user experience
  • Detect, prevent, and address fraud or security issues
  • Comply with legal obligations

Information Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

Challenge Hosts

When you participate in an evaluation challenge, your session data (screenshots, trace events, performance metrics) is shared with the challenge host for assessment purposes.

Service Providers

We share information with third-party vendors who help us operate the Service, including authentication (Clerk), cloud hosting and database (Supabase), and analytics (Vercel Analytics).

Legal Requirements

We may disclose information if required by law, court order, or governmental authority, or when we believe disclosure is necessary to protect our rights or the safety of others.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. All data transmitted between the Chrome Extension and our servers is encrypted using HTTPS/TLS. PII is automatically redacted at the point of capture before transmission. However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information, including challenge session data
  • Portability: Request a copy of your data in a portable format
  • Opt-out: Unsubscribe from marketing communications at any time
  • Extension Removal: You may uninstall the Chrome Extension at any time to stop all extension-related data collection

To exercise these rights, please contact us at cai@emergences.ai.

Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Keep you logged in to your account
  • Remember your preferences and settings
  • Analyze how the Service is used
  • Improve performance and user experience

The Chrome Extension does not use cookies. It stores minimal state data using Chrome's built-in storage APIs (chrome.storage.local and chrome.storage.session), which are isolated to the extension and not accessible by websites.

You can control cookies through your browser settings. Note that disabling cookies may affect the functionality of the Service.

Children's Privacy

The Service is not intended for users under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at cai@emergences.ai.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws. By using the Service, you consent to the transfer of your information to these countries.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

NeoHuman

Email: cai@emergences.ai