Privacy Policy – Celes Browser Extension

Overview

Celes is a browser companion extension for ACMIS (Audit and Compliance Management and Information System) by Yoekisoft Pvt Ltd. It captures browser-based configuration changes made through web interfaces such as Firewalls, Vmwares and other infrastructure tools. The purpose is to generate audit evidence and support compliance documentation for change management processes.

What This Extension Does

Celes monitors and captures:

• Form submissions and configuration changes on supported web portals
• DOM-based field changes and user interactions
• API requests related to infrastructure changes
• Machine learning predictions that classify change types (CREATE vs EDIT operations)

This information is used to generate audit trails and compliance evidence, reducing the need for manual screenshots or screen recordings.

Product Relationship

This extension is designed to work alongside:

• ACMIS – The primary compliance and change management product by Yoekisoft Pvt Ltd
• ACMIS Tray Application – The desktop component that receives events from this extension

Although the extension can function independently, it is intended for organizations that use ACMIS for compliance management.

Data Collection and Storage

Current Implementation (Local Storage Only)

All captured data is stored locally on your device using:

• Chrome's IndexedDB for structured data storage
• Chrome's local storage for configuration and preferences
• Encrypted storage for sensitive field values

No data is transmitted to external servers in the current version.

Future Implementation (Planned for 2027)

A future version may introduce an optional feature that allows anonymized data to be transmitted to Yoekisoft servers to improve machine learning models.

If implemented:

• The feature will be strictly opt-in
• You will receive clear information before any data transmission
• You can opt out at any time
• The extension will continue to function fully if you decline
• Only anonymized and aggregated data will be used
• No personally identifiable information (PII) will be transmitted

What Data We Collect Locally

1. Form Field Data

• Field names, values, and types from monitored web forms
• Timestamps and operation types (create, edit, delete)
• Vendor-specific field mappings (e.g., VMware, Palo Alto, Fortinet)

2. API Request Metadata

• Request URLs, HTTP methods, and timestamps
• Response status codes
• Vendor identification

3. Machine Learning Predictions

• Classification results (CREATE vs EDIT)
• Confidence scores
• Feature vectors used for predictions

4. UI Interaction Metadata

• Page URLs and titles
• Button clicks and form submissions
• Navigation events

What We Do Not Collect

We do not collect or store:

• Passwords (automatically filtered and never stored)
• Authentication tokens or session cookies
• Credit card numbers or payment information
• Social security numbers or government-issued IDs
• Personal health information
• Browsing history outside monitored portals
• Data from non-work-related websites

Data Security

Encryption

• Sensitive field values are encrypted using AES-256-GCM before storage
• Encryption keys are derived using PBKDF2 with random salts
• Keys are stored in Chrome's storage with additional protection

Access Control

• Only the extension and the local ACMIS tray application can access stored data
• Rate limiting is implemented to prevent abuse or unauthorized access
• Operations are logged for auditing purposes

Data Sanitization

• Automatic filtering of sensitive patterns (passwords, tokens, SSNs)
• Protection against HTML and script injection
• Detection and blocking of SQL injection patterns

Communication Channels

Current Version (Local Communication Only)

The extension communicates only with:

1. ACMIS Tray Application via Chrome Native Messaging

• Communication occurs locally on your machine
• No network transmission is involved
• Used for real-time notifications and event forwarding

Future Server Communication (Opt-In, Planned 2027)

If introduced, server communication will:

• Require explicit user consent
• Use HTTPS encryption (TLS 1.3)
• Transmit only anonymized and aggregated data
• Allow users to review data before transmission
• Provide opt-out at any time

Chrome Permissions Explained

Required Permissions

`storage`

Used to store captured data, user preferences, and the ML model locally.

`activeTab`

Allows injection of scripts to monitor form changes in the active tab.

`scripting`

Used to dynamically inject monitoring scripts into supported web portals.

`webRequest`

Monitors API calls to detect configuration changes.

`webNavigation`

Detects page loads and navigation events.

`tabs`

Identifies active tabs and injects monitoring scripts when necessary.

`nativeMessaging` (Optional)

• Enables communication with the ACMIS tray application via local IPC.
• No network transmission occurs.
• Requires separate installation of the ACMIS tray application.

Host Permissions: `https://*/*` and `http://*/*`

These permissions are required to detect configuration changes across various vendor portals.

Monitoring is limited to explicitly supported vendors such as VMware, Palo Alto, Fortinet, and similar infrastructure platforms. Personal or non-work-related browsing is not monitored.

Machine Learning

Local Processing

All machine learning inference runs locally within your browser.

• No cloud-based ML services are used
• The model is bundled with the extension
• No external downloads occur

Future Model Training (Opt-In)

Anonymized data may be used to improve model accuracy in future versions.

This will require explicit consent, and users will be able to review data before transmission. Opt-out will always be available.

User Rights and Control

Data Access

• View captured data through the extension interface
• Export stored data in JSON format
• Review ML predictions and confidence scores

Data Deletion

• Delete all stored data with one click
• Configure automatic retention and cleanup
• Deleted data is permanently removed

Third-Party Services

Current Version

• No third-party analytics
• No third-party tracking
• No CDN or external resource loading
• No telemetry or crash reporting

All resources, including the ML model and scripts, are bundled within the extension.

Future Version (Opt-In)

Future ML improvements may use Yoekisoft servers. This will require explicit consent. No third-party services will be used.

Compliance

This extension is designed to support organizational compliance with:

• ISO 27001:2022
• PCI-DSS
• GDPR (General Data Protection Regulation)
• HIPAA
• SOC 2

Changes to This Policy

Material changes to this policy will be communicated through:

• Extension update notifications
• In-app announcements
• An updated "Last Updated" date

Continued use of the extension after updates indicates acceptance of the revised policy.

Your Consent

By installing and using this extension, you consent to:

• Local data collection as described in this policy
• Communication with the ACMIS tray application (if installed)
• Any future opt-in features, with separate consent where required

You may withdraw consent at any time by uninstalling the extension.

This extension is under active development. As features evolve, we remain committed to transparency and user privacy. Any future changes involving data transmission will require explicit user consent.