1. Overview

Erasio ("we", "our", or "Erasio") is committed to protecting your privacy. This policy applies to all of Erasio: the website at erasio.io, the in-browser online tool, and the Erasio Chrome extension. We designed Erasio with a privacy-first architecture: every watermark-removal computation happens 100% on your device, in your browser. Your images are never uploaded to our servers or any third party — not for processing, not for analysis, not for storage. The only information our backend ever receives is the small amount of account and metering data described below, and only if you choose to create an account.

2. Information We Collect

The data we handle depends on how you use Erasio. Most users — including everyone who only uses the extension or online tool as a guest — never send us anything beyond standard web request metadata.

• Data We Do NOT Collect

  We never collect, store, or transmit your images, the pixel content of images you process, the prompts or conversations from the AI sites you visit, your browsing history, your contacts, your location, or any other data that leaves your device beyond what is explicitly listed below.

• Account Information (Only If You Sign Up)

  If you create an Erasio account, we store your email address, a securely hashed password (we never see your plaintext password), your display name if you provide one, your email-verification status, account creation and last-login timestamps, and your selected plan. If you sign in with Google, we receive your Google email, name, profile picture URL, and Google account ID from Google — we do not request or receive your Google contacts, drive, or any other Google data.

• Usage Metering (Credits)

  To enforce daily caps and lifetime-plan balances, our backend records when a credit is charged: a timestamp, the user or guest identifier the charge applies to, and a count. We do not record what was processed, what file was used, what prompt produced the image, or any image-related content. For guest users (no account), the daily cap is keyed to a salted hash of your IP address — not the IP itself — and that hash is rotated regularly.

• Payment Information

  Payments are processed by Paddle, our merchant of record. Paddle collects and stores your billing details (card number, billing address, tax information) directly under their own privacy policy. We never see or store your card number. From Paddle we receive only the transaction ID, plan, status, and the email tied to the purchase, which we use to activate your lifetime access.

• Local Browser Storage

  The extension stores the following data locally in your browser using chrome.storage.local: your UI preferences (dark mode, default model, default mode, language, and other settings), a counter of how many images you have processed (no image data), a processing history log containing only file names, timestamps, and the model used (never image content unless you opt in to "Save images to history", in which case the image is stored only in your own browser and never uploaded), and a short-lived access token used to talk to your Erasio account when you are signed in. All of this stays on your device and is removed when you uninstall the extension or clear browser storage.

• Cookies (Website Only)

  When you sign in on erasio.io, we set a single httpOnly, SameSite refresh-token cookie scoped to /api/auth on our domain. It is used solely to keep you signed in and to mint short-lived access tokens; it is not used for advertising or cross-site tracking. We do not set third-party advertising or fingerprinting cookies.

• Standard Server Logs

  Like any web service, our hosting provider and CDN process standard request metadata (IP address, user agent, request path, timestamp) to keep the service running, prevent abuse, and respond to security incidents. These logs are retained for a short, rolling window and are not used to build user profiles.

3. Image Processing

All watermark-removal math is computed entirely within your browser using the HTML5 Canvas API — both in the Chrome extension and on the online tool at erasio.io. The processing algorithm uses pre-computed alpha maps (small PNG calibration files bundled with the extension and the website) plus standard reverse alpha blending: a purely mathematical, local operation. Your images are never sent to our servers or to any third-party service. When you are signed in, the only network call associated with processing an image is a credit-charge request, which carries only your authentication token — no image data, no file name, no thumbnail.

4. How the Extension Talks to Your Account

When you sign in on erasio.io, the website sets the refresh-token cookie described above on its own domain. The Erasio extension reads that cookie only by running a small content script on the erasio.io tab itself, exchanges it for a short-lived access token, and stores that token in chrome.storage.local so the popup stays signed in across re-opens.

• No Second Login

  You do not enter your password into the extension. The extension never sees your refresh token from any other origin — only from erasio.io, where it would already be sent on a normal page load.

• What Crosses the Network

  When signed in, the extension makes the following backend calls and nothing else: refresh the access token, fetch your account profile (/me), fetch your remaining credit balance, charge one credit immediately before processing, and sign out. None of these calls carry image data.

• Signing Out

  Signing out from either the website or the extension revokes the refresh token and clears the access token from chrome.storage.local. The extension immediately reverts to the guest tier with no further server contact (other than the guest daily-cap check at processing time).

5. Chrome Extension Permissions

Erasio requests the following Chrome permissions and uses them only as described:

• storage

  Used to save your preferences, processing counter, history, and short-lived access token locally in your browser. Nothing here is synced to external servers.

• declarativeNetRequest

  Used to filter and re-route image download requests on the supported AI sites so watermarks can be removed before the file is saved. The rules are static, ship with the extension, and are not generated from anything you do.

• tabs

  Used so the extension can open the Erasio dashboard, sign-in, or pricing pages in a new tab when you click the corresponding popup button. We do not read the URLs, titles, or contents of your other tabs.

• host_permissions: gemini.google.com, aistudio.google.com

  Required to inject the content script that detects watermarked image downloads on Google Gemini and Google AI Studio. The extension only activates on these two AI image sites and does not monitor any other websites you visit.

• host_permissions: erasio.io

  Required for the auth-bridge content script that runs only on erasio.io tabs. It exchanges your existing erasio.io session for a short-lived access token so the popup can show your account and remaining credits without asking you to log in again.

6. Authentication and Sign-In

Erasio supports two ways to sign in: email and password (with email verification via a one-time code), and Google OAuth. Email verification codes are delivered through a transactional email provider; the only data shared with that provider is your email address and the one-time code. If you choose Google sign-in, we receive your basic Google profile (email, name, profile picture URL, Google account ID) and store it as part of your Erasio account; we do not request access to any other Google service. You can unlink Google or delete your Erasio account at any time from your account settings.

7. Payments

Erasio is offered on a one-time, lifetime-access basis — there is no subscription. Payments are handled end-to-end by Paddle, who acts as the merchant of record and is responsible for billing, tax collection, refunds, and storage of your payment details under their own privacy policy and PCI scope. Our backend only receives and stores the transaction ID, plan, status, and customer email returned by Paddle, which we use to activate and verify your lifetime access. We never see or store your card number, CVC, or full billing address.

8. Third-Party Services

We share data with third parties only to the minimum extent needed to operate the service:

• Google (OAuth, optional)

  Only invoked if you choose to sign in with Google. We receive basic profile information from Google as described above; we share nothing back beyond what OAuth requires to complete the sign-in.

• Paddle (payments)

  Receives your billing details and email when you make a purchase, in their role as merchant of record.

• Transactional email provider

  Receives your email address and the verification code or notification content when we need to email you (account verification, password reset, payment receipts).

• Hosting and CDN

  Standard web request metadata (IP, user agent) is processed by our hosting provider and CDN to deliver and secure the site, per their own policies. We do not include advertising SDKs, tracking pixels, or third-party analytics that profile individual users.

9. Data Retention and Your Rights

Local extension data (preferences, history, counters, access token) lives only on your device and is removed when you uninstall the extension or clear browser storage. Account data (email, hashed password, plan, credit-usage records) is retained for as long as your account exists. You may request access to, correction of, or deletion of your account data at any time by emailing the address below — for most users, deletion is also available directly from your account settings page. After account deletion we keep only the minimum records we are legally required to keep (for example, payment records required by tax or accounting law via Paddle). Guest IP-hashes used for daily-cap enforcement are rotated and pruned on a short rolling window. Depending on where you live, you may also have additional rights under laws such as the GDPR or CCPA — including the right to object, restrict, or port your data — and you can exercise these by contacting us.

10. Children's Privacy

Erasio is not directed to children under the age of 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top of this page and, for material changes, publish a note in the Changelog. Continued use of the extension or website after changes take effect constitutes your acceptance of the updated policy.

12. Contact

If you have any questions about this Privacy Policy, want to exercise a data right, or want to delete your account, please contact us at: