No Data Collection
Saj Browse does not collect, store, transmit, or share any user data.
This includes:
- Browsing history
- Search queries
- Page content you read
- Websites you visit
- Trackers that are blocked
- AI assistant queries and responses
- Writing style analysis results
- Arabic phishing detection results
- Vault contents
- Behavioral patterns
- Voice input audio
- Any personal information whatsoever
There are no analytics, no usage metrics, no error reporting systems, no crash reporters that phone home, and no telemetry of any kind.
On-Device Processing
Every function of Saj Browse runs on your device.
Performed locally using filter lists bundled with the browser. Blocked tracker data is stored only in your device's memory for the duration of your session — not written to any log file, not transmitted anywhere.
Plain-English tracker explanations run locally. The tracker database is embedded in the browser. No lookup occurs against any external service.
Runs entirely within an isolated process on your device with no network access. Questions you type and page content you ask about are processed only locally. Nothing is transmitted.
Brand writing profiles are embedded in the browser. Page text is compared against these local profiles. No page content is submitted to any external service for analysis.
Detection of right-to-left override characters, mixed-script domains, and homoglyph substitutions is performed entirely on your device using embedded detection rules.
Topic extraction, entity recognition, and intent classification happen on your device. The index is encrypted before being written to disk. No browsing context is transmitted anywhere.
Content is encrypted on your device before it is written to disk. Decryption happens on your device. Encryption keys never leave your device. There is no cloud backup, no sync service, and no remote copy.
Collects only timing distributions — statistical summaries of your interaction rhythm. Does not record individual keystrokes, content of what you type, which pages you visit, or any personally identifiable actions. Only statistical patterns (histograms) are stored, encrypted, on your device.
Processed by your browser's built-in speech recognition. Saj Browse does not operate any speech processing servers. Audio from your microphone is not recorded, stored, or transmitted by Saj Browse.
Applied locally. No data about your browser configuration is sent anywhere.
No Telemetry
Saj Browse has no telemetry system. It does not report:
- Which websites you visit
- How long you spend on pages
- Which features you use
- Crash reports or error logs
- Performance metrics
- Hardware or operating system information
No Accounts
Saj Browse does not require an account. There is no sign-up, no login, no email address, no username, and no password associated with your use of the browser.
The Pro features (Private and Anonymous proxy modes, unlimited Vault storage, Voice Search, INVA Identity) are activated by a licence key purchased at sajdak.one/browse. The licence key is verified locally against a public key embedded in the browser. This verification does not transmit your licence key or any personal information to any server.
Vault Encryption
All content saved to the Vault is encrypted using modern authenticated encryption:
Ascon-AEAD128 (New Content)
New content is encrypted with Ascon-AEAD128, the NIST Lightweight Cryptography Standard (2023). This provides authenticated encryption that is 3–5× faster than traditional algorithms on ARM and mobile devices, with equivalent security.
ChaCha20-Poly1305 (Legacy Content)
Older content (from previous versions) is protected by ChaCha20-Poly1305, a widely trusted authenticated encryption algorithm. Both standards are supported transparently.
This means:
- Your saved files cannot be read without your encryption keys
- Tampering with encrypted data is detected and rejected
- Encryption keys are derived on your device and never transmitted or stored externally
Per-Category Key Isolation
Your Vault data is divided into six categories, each protected by its own independent encryption key. This provides two benefits:
- Crypto-shred — you can permanently destroy all data in a single category by deleting its key. This is instant and mathematically irreversible. No file overwriting is needed.
- Isolation — compromise of one category's key (which requires physical device access) does not affect other categories.
Metadata Stripping
Before content is encrypted and saved, Saj Browse automatically removes identifying metadata from files. For images, this includes GPS coordinates, camera make and model, date and time of capture, and other EXIF data. This stripping happens before encryption — the encrypted file does not contain this metadata.
Master Key
Your Vault master key is generated on your device and never leaves it. It is not backed up to any server. If you lose access to your device without exporting your Vault, your Vault contents cannot be recovered. We do not hold a copy.
Behavioral Data
When the optional Behavioral Lock feature is enabled:
Statistical distributions (histograms) of interaction timing — keystroke intervals, click intervals, scroll velocity patterns, and navigation tempo. These are aggregate measurements, not individual events.
Individual keystrokes, what you typed, which pages you visited, what you clicked on, any content you interacted with, or any personally identifiable information.
Encrypted, on your device only. Behavioral data is never transmitted to any server.
Disable Behavioral Lock in Settings. All behavioral data is erased when the feature is turned off.
Behavioral Lock uses your natural interaction rhythm as a form of continuous authentication. It detects if someone else is using your browser, even if they have your password. It also optionally detects duress conditions (dramatic changes in your browsing behaviour).
AI Model Download
The only network request initiated by Saj Browse's AI features is the optional enhanced model download. This is the single exception to the on-device principle, and it is entirely optional.
When you choose to download the enhanced AI model:
- The download is retrieved from a public model repository
- The downloaded file is verified against a published cryptographic hash before use
- No personal information is transmitted during the download
- The download is a static model file — it is not personalised to you
- The repository receives a standard HTTP request, which like all web requests, includes your IP address by routing necessity
DNS and Network Connections
Encrypted DNS (DNS over HTTPS)
By default, Saj Browse encrypts your DNS queries using Cloudflare's DNS over HTTPS resolver. This means your internet service provider cannot see which domain names you look up. Your DNS queries go to Cloudflare in encrypted form. Cloudflare's privacy policy governs how they handle these queries — by default, they apply their public DNS resolver policy, which includes a commitment to not sell query data.
You can change your DNS resolver in Settings if you prefer a different provider, or disable DNS over HTTPS entirely if you use your own resolver.
VPN Connections
If you configure and enable a VPN in Saj Browse, your traffic is routed through that VPN according to the VPN provider's own terms and privacy policy. Saj Browse does not control or inspect VPN traffic.
HTTPS-Only Mode
Saj Browse refuses to make unencrypted HTTP connections by default. When you visit a website, the connection is always encrypted in transit. This does not affect what the website itself does with your data — it only ensures your traffic cannot be intercepted in transit.
Update Checks
Saj Browse checks for updates automatically every 12 hours (this can be disabled in Settings).
During an update check, only three values are transmitted:
- Your current version number
- Your operating system (Linux, macOS, or Windows)
- Your CPU architecture (x86_64 or aarch64)
Nothing else is sent — no hardware ID, no locale, no browsing history, no unique identifier of any kind. The update check contacts a static file, not a tracking service.
If you have a proxy configured, the update check routes through your proxy — your privacy protection applies to update checks too.
Extensions
Saj Browse supports browser extensions. Extensions are third-party software. Each extension has its own terms and privacy policy. Saj Browse cannot guarantee that extensions you install do not collect data. Install extensions only from sources you trust.
MCP Agent Access
If you use the MCP (AI agent access) feature, you explicitly grant a specific AI tool access to interact with the browser for a defined session. This access is logged locally in an audit trail on your device. You can review and revoke any access at any time from Settings > AI > Agent history.
The MCP feature is opt-in. You will never be connected to an AI agent without explicitly approving a specific access request. There is no background agent access. Agent session tokens expire automatically.
Optional Third-Party Integrations
Saj Browse offers optional connections to two services. Both are off by default and require explicit opt-in.
Saj Link Messaging
If you connect your Saj Link account, Saj Browse communicates with the Saj Link messaging service to send and receive encrypted messages. Your Saj Link account credentials are stored locally on your device. Message content is end-to-end encrypted — Saj Link servers cannot read your messages.
Connecting Saj Link does not give the messaging service access to your browsing history, Vault, AI queries, or any other Saj Browse data.
Bella Intelligence
If you connect your Bella account, you can optionally share limited browsing context with your Bella workspace. Every type of shared data has its own toggle, all off by default:
| Toggle | What is shared | Default |
|---|---|---|
| Tracker data | Blocked tracker domain names and company names | Off |
| Page metadata | Page title, URL, and heading structure | Off |
| Text excerpts | First 500 characters of page text | Off |
| Auto-submit | Send context automatically on navigation | Off |
Bella never receives: your passwords, form field content, Vault contents, full browsing history, voice audio, behavioral data, or AI assistant conversations.
You control exactly what Bella can see. Disable any toggle at any time to stop that type of sharing immediately.
Auditability
Saj Browse is proprietary software. Independent security audits are conducted periodically and published at sajbrowse.com/security. If you or a trusted security researcher want to verify that Saj Browse behaves as described in this policy, you can monitor network traffic to confirm that no data is transmitted. See the Network Verification section in the AI User Guide for instructions.
Proprietary (Sajdak Group Holdings)
Mozilla Public License 2.0
Updates to This Policy
If this privacy policy changes, the updated version will be published at sajdak.one/browse/privacy. We will not introduce data collection practices without publishing a clear explanation and providing an update that you can review before installing.
Since there is no account and no contact information collected, we cannot notify you of changes directly. We recommend checking sajdak.one/browse periodically when considering whether to update Saj Browse.
Contact
For privacy questions or to report a concern:
We handle all correspondence privately. Your email address will not be stored beyond what is needed to respond to your inquiry and will not be shared with any third party.
Summary Table
A complete reference of every activity and whether any data is collected or transmitted.
| Activity | Data collected | Transmitted externally |
|---|---|---|
| Browsing websites | None | No |
| Tracker blocking | None | No |
| Vault saves | None (encrypted locally) | No |
| AI assistant queries | None | No |
| Writing style analysis | None | No |
| Arabic phishing detection | None | No |
| Browsing context index | None (encrypted locally) | No |
| Behavioral Lock | Timing distributions only (encrypted locally) | No |
| Voice input | None by Saj Browse | Depends on browser speech API |
| AI model download | IP address (routing only) | One-time download only |
| Update checks | Version, OS, architecture | Yes (3 values only) |
| DNS queries | None by us | Encrypted to your DNS resolver |
| VPN connections | None by us | Governed by your VPN provider |
| Saj Link messaging | None by us | E2E encrypted to Saj Link |
| Bella integration | Only what you explicitly enable | Only enabled categories |
| Extensions | Varies by extension | Varies by extension |