We built Medusa to be the security layer you trust with your most sensitive data. Here's how we protect it.
The Medusa browser extension runs the Medusa Model directly in your browser. All scanning happens locally — the text you type or paste, and any sensitive data it contains, is never sent to our servers or any third party.
A Medusa Model token classifier runs locally in the browser via ONNX Runtime. It scans the text you type or paste into AI sites in real-time — before it is sent — detecting secrets, PII, financial data, health records, and 3 more categories across 7 in total. A regex backstop catches high-confidence patterns the model may miss. No network access is required for scanning.
All extension-to-dashboard communication uses HTTPS (TLS 1.2+).
The Medusa Model is verified via SHA-256 checksum on every load. If the model file has been tampered with, the extension refuses to scan.
Policy responses are signed with Ed25519; the extension verifies them with an embedded public key before applying, rejecting tampered policies.
The extension requests minimal host permissions — only the AI provider sites it scans (ChatGPT, Claude, Gemini, Copilot, Perplexity, Grok).
API keys are hashed with SHA-256 before storage. The full key is shown once at creation and never stored or logged.
All API routes enforce rate limiting and authentication via Supabase RLS.
Your organization sets per-category policy for each enrolled browser: warn, block, justify (require a reason to proceed), or hard-block.
Model inference has a timeout to prevent adversarial input hangs, so scanning never stalls what a user is typing.
Custom regex patterns are tested for ReDoS vulnerability before activation.
When a submission is flagged, only metadata is reported to the dashboard: category counts, the policy verdict, and the destination host.
The scanned text and prompt contents never leave the browser. We collect enough to give your organization visibility, and nothing more.
Every policy verdict (warn, block, justify, hard-block) is recorded with metadata: timestamp, destination host, detected categories, and confidence scores.
Events are uploaded to the dashboard for centralized monitoring. Event retention is configurable (7 days default, up to 90 days for enterprise).
Data minimization by design. In-browser processing means personal data doesn't leave the user's browser. Right to delete supported.
Security, availability, and confidentiality controls are designed into the platform. A formal Type II audit is on our roadmap — reach out about timing for your procurement.
Our controls are aligned to the ISO 27001 framework. Formal certification is on our roadmap; talk to us about your requirements.
If you discover a security vulnerability in Medusa, please report it responsibly. We take all reports seriously and will respond within 48 hours.