Skip to main content
JITTER
Add to Chrome

JITTER privacy policy

Effective date: March 26, 2026
Version: 2.0.0

Scalisos Labs is committed to transparency. This policy describes the JITTER browser extension when installed from the Chrome Web Store and used on Google Docs, including keystroke-related signals and what is sent to our services over HTTPS.

1. Data collection & purpose

This section is intended to satisfy transparency expectations for extensions that process keystroke-related signals.

What we do not collect

JITTER does not read, store, or transmit the full text of your Google Doc. It does not upload your document body, keystrokes as readable text, or raw keylogs to our servers. To support integrity and verification features, the extension computes one-way cryptographic hashes locally (including a SHA-256 digest, referred to as textHash, over observed typing-related inputs). No readable words or document content derived from your typing or paste activity are transmitted off your device.

Keystroke telemetry

The JITTER extension operates only on Google Docs (https://docs.google.com/document/...). When you edit a document with JITTER enabled, the extension may collect:

  1. Keystroke timing and rhythm. Intervals between and during key events (for example, dwell time and flight time between keys), and related timing samples used to analyze typing cadence.
  2. Editing statistics and counts. Aggregates such as total keystrokes, counts of backspaces or deletes, counts of characters typed, deleted, or pasted, and metrics derived from editing behavior (including paste-related measures).
  3. One-way content fingerprint (textHash). On your device, the extension derives a SHA-256 hash (textHash) from observed words and typing-related inputs associated with the session. This value is a one-way digest: it cannot be reversed to recover your document text. It is used with other local signals for attestation and may be included in non-reversible server payloads as described below. JITTER does not send raw text, snippets, or keylogs to our servers.
  4. Document identifier. The Google Doc ID from the document URL, used to scope stored data and server requests to that document.
  5. Humanity / integrity score and related technical payload. Derived scores and structured “entropy” or detail fields computed locally from the above signals, which may be sent to our servers for signing or storage as described below.

2. How we use this data

We use the data above for human verification, integrity attestation, and related security or research purposes described in our product documentation (for example, to produce or support a verifiable humanity score associated with a drafting session).

3. Where data is sent (service providers)

Data is transmitted over HTTPS (TLS) to secure cloud infrastructure operated by or on behalf of Scalisos. This includes:

Cryptographic Signing Services: The extension sends the document identifier and a deterministic and non-reversible digest of score details (entropyData) to our secure signing servers to generate the cryptographic signature used in your integrity reports.

Verification Storage Services: To enable the public verification portal, the extension sends a JSON payload over HTTPS to our secure cloud storage environment. That payload includes the Google Doc document identifier, the numeric humanity score, the observed word count, and the one-way hash textHash (SHA-256). Raw document text, keystroke content, and readable snippets are not included in this transmission.

Retention: Data is retained only as long as necessary to provide the verification service, typically not exceeding 30 days.

4. Clipboard (write) permission

The extension declares the clipboardWrite permission solely so that when you manually click the control to copy the JITTER digital seal (for example Copy Seal in the extension UI) or a related report export, it can write the formatted attestation (for example rich HTML with a verification link) to your system clipboard. Nothing is written to the clipboard without that explicit action. This is separate from paste handling inside Google Docs via the browser's normal paste event, described in the collection section above. JITTER does not use this permission to read arbitrary clipboard history.

5. Local storage on your device

The extension may store encrypted copies of session logs and scores in Chrome’s local extension storage (chrome.storage.local) using strong encryption (for example AES-256-GCM) so that data at rest on the device is protected. This does not mean data never leaves the device: as stated above, designated data is also sent to our services as described above.

6. Your rights & contact

JITTER does not collect or transmit Personally Identifiable Information (PII), such as names, email addresses, or Google Account identities.

JITTER does not sell user data. Data is used for verification and integrity attestation as described above and is not used for creditworthiness or advertising.

For privacy questions, data-rights requests, policy matters, and general product help (installation, usage, troubleshooting), contact support@scalisos.com.