What Bridge & Harbor knows about you. (It's not much.)
Here's exactly what each extension reads, what we receive on our end, and what never leaves your browser. No hedging. No legal fog.
How Chrome extensions work — and how ours use that
Chrome extensions work by reading content from the pages you're viewing in your browser. That's not a quirk — that's the whole mechanism. A Canvas extension needs to read your Canvas pages to do anything useful.
Bridge & Harbor products read your Canvas pages to provide their features. All of that reading happens locally, inside your browser. None of that Canvas content is transmitted to Bridge & Harbor's servers.
What does reach us: your account information if you sign up (name and email), your subscription status, and anonymous crash reports. That's it. We don't receive your Canvas data. We don't want it.
For AI features: when you use Helm's feedback drafting or Compass's course review, your Canvas content goes from your browser to your own AI provider's API endpoint. Bridge & Harbor is not in that data path.
🌊 Breeze — Data Disclosure
What it reads
- Assignment titles, due dates, point values, submission status
- Your current grades (where visible)
- Course names and term information
What stays in your browser
- All assignment and grade data
- Grade projections and calculations
- Notification preferences
- Cached data for offline mode
What it doesn't read
- Other students' grades or data
- Instructor-only views
- Courses you're not enrolled in
What we receive
- Account creation event (email/name) for Pro
- Subscription status
- Anonymous crash reports (no Canvas data)
⚙️ Helm — Data Disclosure
What it reads
- Course rosters for your courses
- Student submission status, grades, late/missing flags
- Accommodation records visible to you
- Student contact information
What stays in your browser
- All student roster and grade data
- All accommodation details
- Workflow preferences and settings
What it doesn't read
- Student data from courses you don't teach
- Other instructors' gradebooks
- Administrative data
BYOK AI transmissions
When you use AI feedback drafting, Helm sends content from your browser directly to your chosen AI provider via your personal API key. Bridge & Harbor is not in this data path.
🧭 Compass — Data Disclosure
What it reads
- Course structure and module organization
- Module item titles, types, status
- Page content and quiz structure
- Course settings
What stays in your browser
- All course structure analysis
- QM checklist state and progress
- Cross-course comparison data
- Gap analysis output
What it doesn't read
- Student enrollment or records
- Student grades or submissions
- Courses without your Designer access
BYOK AI transmissions
AI-assisted course review sends content from your browser directly to your AI provider. Bridge & Harbor receives nothing.
⚓ Keel — Data Disclosure
What it reads
- Canvas admin data: course lists, enrollments, term config
- User directory data (name, email, status)
- Course activity timestamps
What stays in your browser
- All audit results
- User lookup results
- Course status data
- Term rollover checklists
What it doesn't read
- Data beyond your Canvas admin permissions
- Other Canvas instances
- Student grades or academic records
BYOK AI transmissions
AI audit summaries send data from your browser to your AI provider. Bridge & Harbor receives nothing.
How BYOK AI works — exactly
Your API key is stored locally in Chrome's secure extension storage. It is never transmitted to Bridge & Harbor.
Does this violate Canvas terms of service?
It's a fair question. Chrome extensions that help authorized users interact with web platforms they're already logged into are a well-established category. Password managers, accessibility tools, and browser extensions like Grammarly operate on the same principle.
Bridge & Harbor extensions read Canvas pages that you — a logged-in, authorized user — are already viewing. They don't authenticate as you separately, don't bypass any permissions, and don't access data you're not already authorized to see.
We're not claiming Canvas endorses or officially approves of Bridge & Harbor. We're describing why we believe this is a low-risk use case: authorized users, authorized data, nothing leaving the browser session.
A note on FERPA
FERPA governs educational institutions and how they handle student education records. It applies to your institution, not to third-party software vendors like Bridge & Harbor.
What Helm and Keel do: They help faculty and administrators access, view, and work with student data they are already authorized to see in their official institutional capacity.
What they don't do: They don't transmit student education records to Bridge & Harbor. Student data is read locally in your browser and stays there.
What this means: Because Bridge & Harbor never receives student education records, we are not acting as a "school official" under FERPA. The FERPA obligation stays with your institution.
Whether your institution's internal policies permit browser extensions when viewing Canvas data is a policy question for your IT, privacy office, or general counsel.
"The use of information received from Chrome extensions by Bridge & Harbor will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements."
This means we don't use data from our Chrome extensions to serve ads, sell to third parties, or for any purpose unrelated to providing the extension's core functionality.
Deleting your account or uninstalling
If you uninstall an extension: Extension data stored in your browser is deleted. Nothing lingers locally. Reinstall anytime and start fresh.
If you want to delete your account: Email [email protected] with "Account deletion" in the subject. We'll delete your account and associated server-side data within 7 business days.
What can't be deleted: Anonymous aggregate analytics don't have personally identifiable information attached. Billing records may be retained as required by our payment processor for legal compliance.
Questions or concerns?
If you have a question about our data practices, a security concern, or want documentation for an institutional review, reach out. We respond to real humans, not ticket queues.