DeIDGuard

Chrome Extension · Hunter's Holistic Health · Sheridan, Wyoming

Privacy Policy v1.2.0

Effective Date: April 2026
Last Updated: April 2026
Contact: info@deidguard.com

1. What DeIDGuard Is

DeIDGuard is a Chrome browser extension published by Hunter's Holistic Health LLC, founded by Dr. Shallanda Hunter, PharmD, MBA, RPh, CFNMP, registered in the State of Wyoming.

DeIDGuard provides two functions:

• De-Identification: Removes sensitive text identifiers from user-selected text before the user shares that text with AI tools or other services. All processing is local. Nothing is transmitted.
• Compliance Review: Scans user text for language patterns that may create regulatory, legal, or scope-of-practice risk. This is a pattern-matching assistant only — it does not provide legal advice.

2. What Data DeIDGuard Collects

DeIDGuard collects no personal data.

Data Type	Collected?	Where Stored	Transmitted?
Text you select or type into the extension	No	Processed in memory only; not persisted beyond the session unless you save to history	Never
De-identification history (last 5 entries)	Locally only	chrome.storage.local on your device	Never
Your settings (review mode, label preference, date granularity)	Locally only	chrome.storage.local on your device	Never
Custom rules you create	Locally only	chrome.storage.local on your device	Never
Analytics, usage data, or telemetry	No	Not collected	Never
Browser history, cookies, or third-party page data	No	Not accessed	Never

3. Permissions Requested and Why

DeIDGuard requests four Chrome permissions. Each is required for a specific, minimal function. We do not request host permissions (<all_urls>) or access to your browser history, cookies, or saved passwords.

Permission	Why It Is Required
activeTab	Required to read the text you have selected on the currently active browser tab when you explicitly click the DeIDGuard icon. The extension only reads text when you trigger it — it never passively monitors, reads, or scans pages in the background.
scripting	Required to execute a minimal inline function (window.getSelection().toString()) that captures the text you have already selected on the page. This is the only script injected. It runs on demand only, when you click the capture button. No page content is scanned passively.
storage	Required to save your settings (review mode, label preference, date granularity), your de-identification history (last 5 entries, capped automatically), and your custom rule packs to chrome.storage.local on your device. No data is saved to chrome.storage.sync. All storage is local-only and remains on your device.
sidePanel	Required to open and display the DeIDGuard interface as a persistent Chrome Side Panel. This provides a superior workflow experience — the panel stays open alongside your active browser tab while you reference cleaned text, run compliance checks, and copy output to AI tools. Without this permission, the extension would open as a popup that closes every time you click elsewhere, interrupting the workflow.

4. What DeIDGuard Does NOT Do

• DeIDGuard does not send your text to any server, API, or third-party service.
• DeIDGuard does not sync data to the cloud via chrome.storage.sync.
• DeIDGuard does not collect analytics, crash reports, or usage telemetry.
• DeIDGuard does not display advertisements or receive payment from advertisers.
• DeIDGuard does not sell, rent, license, or share any user data with any third party.
• DeIDGuard does not create or require a user account.
• DeIDGuard does not access your browser history, bookmarks, cookies, or saved passwords.
• DeIDGuard does not access pages you are not actively viewing.
• DeIDGuard does not automatically pre-fill or submit any form on your behalf.
• DeIDGuard does not inject persistent scripts. All script injection is on-demand and minimal.
• DeIDGuard does not make any network requests of any kind.

5. De-Identification Engine — What It Covers

DeIDGuard's de-identification engine (v1.2.0) removes identifiers in the following categories, all processed locally on your device:

HIPAA Safe Harbor Categories (45 CFR §164.514(b)) — All 18

1. Names (titled/prefixed names and patient/client contexts)
2. Geographic data smaller than state level (street addresses, zip codes)
3. Dates smaller than year; ages 90+ aggregated to "an individual age 90 or over"
4. Phone numbers
5. Fax numbers
6. Email addresses
7. Social Security numbers
8. Medical record numbers
9. Health plan beneficiary numbers
10. Account numbers
11. Certificate and license numbers (including DEA numbers)
12. Vehicle identifiers and serial numbers
13. Device identifiers and serial numbers
14. Web URLs
15. IP addresses (IPv4 and IPv6)
16. Biometric identifier references
17. Full-face photograph references (text-based)
18. National Provider Identifier (NPI) numbers

Extended Categories (v1.2.0) — Beyond the Official 18

Based on 2025-2026 legal and market research identifying emerging re-identification risks not covered by the original 1996 Safe Harbor list:

• Social media handles — @username patterns (HIPAA Journal 2026 guidance)
• Employer/organization name references — labeled contexts (e.g., "works at [Hospital Name]")
• Genomic/genetic identifiers — gene mutation references (e.g., BRCA1, BRCA2, TP53) that, combined with other quasi-identifiers, become highly re-identifying

Re-Identification Risk Scoring (v1.2.0)

After de-identification, DeIDGuard calculates a re-identification risk score for the cleaned text. This score evaluates quasi-identifier combinations — factors like retained age bracket, gender references, geographic references, condition references, and occupation references — that may enable re-identification even after direct identifiers are removed. The score is displayed as Low, Medium, or High. This is an advisory score only; final review remains the user's responsibility.

6. Compliance Review Engine — What It Covers

DeIDGuard's compliance review engine (v1.2.0) includes four rule modes:

Mode	Audience	What It Flags
Basic	General health and wellness professionals	Diagnostic language, treatment claims, prescribing language, cure claims, patient terminology, residual SSN patterns
Healthcare Pro	Licensed clinicians, pharmacists, functional medicine practitioners	All Basic rules, plus: lab interpretation language, clinical qualifier language, HIPAA references, drug interaction claims, medication adjustment language, disease reversal claims, appointment language, guarantee language, Texas RAIA AI disclosure requirements (eff. Jan 1, 2026)
FTC / HIPRA	Health coaches, wellness apps, non-HIPAA entities, non-prescribers	FTC Health Breach Notification Rule (2024 expansion) — health data sharing disclosures, unsubstantiated health claims, specific weight loss claims, testimonial disclosure requirements; HIPRA readiness (Health Information Privacy Reform Act, introduced Nov 2025) — personal health data collection, mental health data, reproductive/fertility data; FTC income disclosure rules; Texas RAIA AI disclosure flags
Custom	Any user	User-defined pattern rules only

7. HIPAA Disclaimer

DeIDGuard is not a HIPAA-covered entity. DeIDGuard is not a Business Associate under HIPAA. DeIDGuard does not guarantee HIPAA compliance or HIPAA Safe Harbor status under 45 CFR §164.514(b) for any text processed by the extension.

The de-identification engine is based on the Safe Harbor identifier categories. Formal Safe Harbor de-identification is a legal and technical standard with specific requirements that go beyond pattern-matching. DeIDGuard assists with de-identification; it does not certify it.

Healthcare professionals who are HIPAA Covered Entities or Business Associates must consult qualified healthcare legal counsel to determine their obligations before using any tool — including DeIDGuard — in workflows that involve protected health information.

8. FTC and State Privacy Law Disclaimer

The FTC / HIPRA compliance review mode is a readiness-assistance tool. It is not a substitute for legal review. The Health Information Privacy Reform Act (HIPRA) was introduced in November 2025 and its final provisions, if enacted, may differ from those reflected in this version of DeIDGuard. Users should monitor legislative developments and consult qualified legal counsel.

State privacy laws applicable to health data — including California, Illinois, Washington, New York, and Texas — vary and may impose obligations beyond those reflected in the DeIDGuard compliance review engine. Consult qualified legal counsel for state-specific obligations.

9. Local Storage and Data Retention

DeIDGuard stores the following data exclusively in chrome.storage.local on your device:

• Settings: Your review mode, label preference, date granularity, and privacy badge preference. Retained until you change them or uninstall the extension.
• History: Your last 5 de-identified text entries (preview, full cleaned text, summary of removed identifiers, timestamp). Automatically capped at 5 entries. You can clear history at any time from the History panel inside the extension.
• Custom rules: Any custom compliance review rules you have created. Retained until you delete them or uninstall the extension.
• Seeded rule packs: The built-in Basic, Healthcare Pro, FTC/HIPRA, and Custom rule sets, stored locally for offline operation.

All stored data is deleted when you uninstall DeIDGuard from Chrome.

10. Third Parties

DeIDGuard has no relationships with third parties involving user data. Specifically:

• No analytics providers (Google Analytics, Mixpanel, Amplitude, etc.)
• No advertising networks
• No data brokers
• No error tracking or crash reporting services (Sentry, Bugsnag, etc.)
• No remote configuration services
• No content delivery networks that receive user data

The "Open Claude" and "Open ChatGPT" buttons inside DeIDGuard open a new browser tab. They do not send, prefill, or transmit any text to those services. The act of pasting text into an AI tool is performed solely by the user, with full user intent and control.

11. Children's Privacy

DeIDGuard is not directed at children under the age of 13. No data is collected from any user, including children. The extension does not knowingly collect personal information from children.

12. Changes to This Privacy Policy

We may update this privacy policy to reflect changes to the extension's features, applicable law, or best practices. When we update this policy:

• The "Last Updated" date at the top of this policy will be revised.
• The version number in the extension manifest will be incremented.
• Material changes will be noted in the Chrome Web Store release notes for the updated version.

Continued use of DeIDGuard after an update constitutes acceptance of the revised policy. If you disagree with any update, you may uninstall the extension at any time from Chrome's extension manager (chrome://extensions).

13. Contact

For any questions, concerns, or privacy-related requests regarding DeIDGuard:

Email: info@deidguard.com
Publisher: Hunter's Holistic Health
Founder: Dr. Shallanda Hunter, PharmD, MBA, RPh, CFNMP
Mailing Address: Hunter's Holistic Health LLC, 30 N Gould St, Ste R, Sheridan, WY 82801, USA
Chrome Web Store Support: Use the support form on the DeIDGuard Chrome Web Store listing page.

We respond to all privacy inquiries personally. We do not use automated responses for privacy requests.