Skip to content

Ethics & Privacy

Privacy architecture

Colophon is designed with privacy as a first-class concern, not an afterthought.

Where data lives

  • The Chrome extension records locally, on your own device.
  • Nothing is sent automatically to any server. Recording is a background process on your machine, not a live connection.
  • You choose when to export a session as a .twff file, and you choose when to submit it, signed in, to your course. Data leaves your device only at that point, and only that file.

What's collected

Per the extension's real event types (see what gets recorded for the full plain-language list):

  • Edit blocks: grouped character changes with a position and a short before/after snapshot, never a keystroke-by-keystroke timeline.
  • Paste events: source (external/internal) and a short preview, not the full pasted content.
  • AI interactions: which model, a short output preview, and how much of it was kept, as an acceptance category and a similarity score, never a verdict.
  • Checkpoints: periodic word-count snapshots, enough to see how a document came together over time.

What's not collected

  • Individual keystrokes
  • Full prompts or full AI outputs
  • Screen recordings, mouse movements, or biometric data
  • Browsing history or activity outside the document

Pseudonymization

If your class opts into the research layer, names and identifying details are replaced with a stable, one-way pseudonym (like P-9f3a21bc) before anything leaves an individual record. It's a fixed hash, never reversible, but deliberately consistent across a case study, so a researcher can see one person's progression over time without ever knowing who they are.

Storage & retention

Data is stored in the EU. Default retention is 2 years, and you can request erasure at any time. See the full privacy policy for the complete terms.

Data flow, at a glance

Write
Log locally
Export
Submit
Validate
Pseudonymize

See Data flow for the full walkthrough.