Home / Trust Center
Trust Center
Updated July 4, 2026
Extrasphere is built on one principle: your governance work is yours. The products run entirely on your machine, the site does not track you, and the little we do hold is listed below.
Local by design
Every kit and pack dashboard is a single HTML file that runs in your browser and makes zero network requests. No account, no sign-in, no telemetry, no phone-home. What you type is kept in your own browser's storage (localStorage and IndexedDB) on your own device; evidence you file goes into folders you choose on your own machine; Excel and JSON exports are yours. The file keeps working with the network cable unplugged, and you can verify all of this yourself: open your browser's developer tools while you work and watch the network panel stay empty.
A quiet website
This site sets no cookies and carries no advertising pixels. Analytics is optional and consent-gated: it runs only if you accept it in the privacy banner, is configured without advertising features, and declining is one click with equal standing. We honor the Global Privacy Control browser signal as a decline. Your choice is stored as a single preference in your browser, changeable any time from the Privacy choices link in the footer. The only third-party service our pages load is Google Fonts, which means your browser requests font files from Google and Google receives your IP address in those requests. The policy generator sends your answers to our server for one request, which passes them to Anthropic's API to produce your document and returns it; we store nothing you entered. The EU AI Act classifier scores entirely in your browser.
What we hold
- Your email address, if you request the free kit, join the newsletter, join a waitlist, or buy a product, together with the signup source and consent time.
- For newsletter and free-kit signups, the IP address and country at the moment of consent, kept as proof that you subscribed.
- Order records: what you bought, the amount, and the checkout email. Card numbers go to Stripe and never touch our servers.
- Support correspondence, if you write to us.
- Rate-limit records used for abuse prevention, whose windows expire within minutes and which are purged on a daily schedule.
We do not sell or rent personal information. Details, retention, and your data rights are in the Privacy Policy.
Who runs our infrastructure
- Stripe processes payments.
- Supabase hosts our database and private file storage.
- Vercel hosts the site and serverless functions.
- Resend delivers our email, sent from extrasphere.com addresses.
- Anthropic processes policy generator requests under its API terms.
- Google serves typefaces through Google Fonts, and provides analytics only if you accept it in the privacy banner.
Each processor receives only what its function requires.
How paid files are delivered
Products live in private storage, never on the public site. Purchase links are signed, and each click mints a short-lived download URL, a design that resists scraping, guessing, and hot-linking while your emailed link keeps working; issued links can be invalidated if abused. Fulfilment is triggered by payment events from Stripe that we cryptographically verify.
Your controls
Every newsletter email has a one-click unsubscribe, honored immediately. Your analytics choice can be changed or withdrawn any time from the Privacy choices link in the footer. You can ask us to access, correct, or delete the personal information we hold by emailing support@extrasphere.com. Purchased materials carry a perpetual single-organization license, spelled out in the Terms of Service, with refunds per the Refund Policy.
Contact and reporting
Support, privacy requests, and security reports all reach a person at support@extrasphere.com. If you believe you have found a vulnerability in the site or a product file, please include steps to reproduce it; we review security reports and prioritize fixes that affect customer data.