Privacy architecture
Colophon is designed with privacy as a first-class concern, not an afterthought.
Where data lives
- The Chrome extension records locally, on your own device.
- Nothing is sent automatically to any server. Recording is a background process on your machine, not a live connection.
- You choose when to export a session as a
.twfffile, and you choose when to submit it, signed in, to your course. Data leaves your device only at that point, and only that file.
What's collected
Per the extension's real event types (see what gets recorded for the full plain-language list):
- Edit blocks: grouped character changes with a position and a short before/after snapshot, never a keystroke-by-keystroke timeline.
- Paste events: source (external/internal) and a short preview, not the full pasted content.
- AI interactions: which model, a short output preview, and how much of it was kept, as an acceptance category and a similarity score, never a verdict.
- Checkpoints: periodic word-count snapshots, enough to see how a document came together over time.
What's not collected
- Individual keystrokes
- Full prompts or full AI outputs
- Screen recordings, mouse movements, or biometric data
- Browsing history or activity outside the document
Pseudonymization
If your class opts into the research layer, names and identifying details are replaced
with a stable, one-way pseudonym (like P-9f3a21bc) before anything leaves an
individual record. It's a fixed hash, never reversible, but deliberately consistent
across a case study, so a researcher can see one person's progression over time without
ever knowing who they are.
Storage & retention
Data is stored in the EU. Default retention is 2 years, and you can request erasure at any time. See the full privacy policy for the complete terms.
Data flow, at a glance
See Data flow for the full walkthrough.