War MachineBack to App

Privacy Policy

Last updated: February 11, 2026

1. Introduction

War Machine ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our marketing automation platform and our Aegis Chrome extension (collectively, "our services").

2. Information We Collect

2.1 Account Information

When you create an account, we collect your name, email address, and password. If you subscribe to a paid plan, we collect payment information through our payment processor, Stripe.

2.2 Connected Accounts

When you connect third-party services (such as social media platforms, email providers, WordPress, or analytics services), we collect and store access tokens and related credentials to perform actions on your behalf. This may include:

  • Social media accounts (Facebook, Instagram, Twitter/X, LinkedIn, Bluesky, Mastodon, Reddit)
  • Email accounts (Gmail, Outlook, IMAP)
  • Website platforms (WordPress)
  • Analytics services (Google Analytics, Google Search Console)

2.3 Content and Usage Data

We collect content you create or upload through our platform, including text, images, and generated content. We also collect usage data such as features used, conversations, and interactions with our systems.

2.4 Aegis Chrome Extension

The Aegis Chrome extension operates differently from our web platform. To provide browser security protection, the extension accesses the following data locally within your browser:

  • URLs you visit — checked against threat databases to block malicious sites
  • Download metadata — file names and download URLs are inspected for dangerous file types
  • Page content (DOM) — analyzed locally for phishing indicators such as fake login forms
  • Script elements — monitored for known cryptomining code

This data is processed entirely within your browser and is never transmitted to War Machine servers. We do not operate any servers that receive data from the extension. The extension does not require a War Machine account and does not link browsing activity to your account in any way.

The extension also stores the following data in your browser's local storage:

  • User preferences — which protection features are enabled or disabled
  • Threat statistics — aggregate counts of blocked threats (e.g., "5 URLs blocked")
  • URL cache — temporary cache of threat lookup results to reduce API calls (automatically expires)
  • Whitelist — domains you have chosen to allow

This locally stored data never leaves your browser and is deleted if you uninstall the extension.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Process transactions and send related information
  • Generate content on your behalf
  • Post content to your connected social media accounts
  • Send emails through your connected email accounts
  • Analyze website performance and SEO metrics
  • Send administrative communications and updates
  • Respond to your comments and questions
  • Protect against fraudulent or illegal activity

Aegis extension: Data accessed by the extension is used solely to provide real-time threat protection within your browser. It is not used for marketing, analytics, profiling, or any other purpose.

4. Third-Party Services

We use the following third-party services to operate our platform:

  • Supabase: Database and authentication services
  • Stripe: Payment processing
  • OpenAI: Content generation
  • Anthropic: Content generation
  • Resend: Transactional emails
  • Vercel: Hosting and deployment

Each third-party service has its own privacy policy governing the use of your information.

4.1 Third-Party Services Used by Aegis Extension

The Aegis extension uses the Google Safe Browsing API to check URLs against Google's threat database. This works as follows:

  • URL hash prefixes (not full URLs) are sent to Google's Safe Browsing service for lookup
  • Google does not associate these lookups with your Google account or personal identity
  • This service is governed by Google's Privacy Policy

No other third-party services receive any data from the Aegis extension.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

  • With your consent or at your direction
  • With service providers who assist in our operations
  • To comply with legal obligations
  • To protect our rights, privacy, safety, or property
  • In connection with a merger, acquisition, or sale of assets

Aegis extension: Because the extension does not collect or transmit personal data to our servers, there is no extension user data to share or disclose. The only external communication is URL hash prefix lookups to Google Safe Browsing, as described in Section 4.1.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. This includes encryption of data in transit and at rest, secure authentication, and regular security assessments.

For the Aegis extension, all data processing occurs locally within your browser's sandboxed extension environment. No personal data is transmitted to or stored on our servers.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services. You may request deletion of your account and associated data at any time by contacting us. We will delete or anonymize your information within 30 days of such request, unless we are required to retain it for legal purposes.

For the Aegis extension, locally stored data (preferences, statistics, and cached results) is retained only within your browser and is automatically deleted when you uninstall the extension. You can also reset statistics or clear cached data through the extension's dashboard at any time.

8. Your Rights

Depending on your location, you may have the following rights:

  • Access your personal information
  • Correct inaccurate information
  • Delete your personal information
  • Object to or restrict processing
  • Data portability
  • Withdraw consent

To exercise these rights, please contact us at the email address provided below.

9. Cookies and Tracking

We use essential cookies to maintain your session and preferences. We do not use third-party advertising cookies. You can control cookie settings through your browser preferences.

The Aegis extension does not use cookies, tracking pixels, or any analytics or telemetry systems.

10. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

The Aegis extension does not collect personal information from any user of any age.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. We ensure appropriate safeguards are in place for such transfers.

The Aegis extension processes all data locally on your device. The only cross-border data transmission is URL hash prefix lookups to Google's Safe Browsing service, which is governed by Google's data processing practices.

12. Aegis Extension Permissions

The Aegis Chrome extension requests certain browser permissions to function. We believe in transparency about why each permission is needed:

  • Access to all websites: Required to check URLs and scan page content for threats across all sites you visit
  • Web requests: Needed to intercept and analyze navigation requests before malicious pages load
  • Downloads: Needed to inspect downloads for dangerous file types and malicious source URLs
  • Storage: Needed to save your preferences and threat statistics locally in your browser
  • Tabs: Needed to redirect you to a warning page when a threat is detected
  • Notifications: Needed to alert you when a threat is blocked or a suspicious download is detected
  • Scripting: Needed to inject content scripts for cryptominer detection and page-level phishing analysis

These permissions are used exclusively for security protection. They are never used to collect, store, or transmit personal data.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. Your continued use of our services after any changes constitutes acceptance of the updated policy.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: support@warmachine.io