Install the browser extension

The InPolicy browser extension watches text as you type in web apps like Google Docs and Gmail and flags anything that conflicts with your team’s active policies. This page covers getting it installed and signed in.

Browser support

Google Chrome — supported.
Microsoft Edge — not yet supported. (Edge can install Chrome extensions, but this one hasn’t been tested there. Use at your own risk.)
Firefox — not supported.
Safari — not supported. Mac users should install the Mac app for coverage outside the browser.

The extension is built on Chrome’s Manifest V3, so it will continue to work after Chrome’s MV2 deprecation.

Installation

From your admin’s distribution link

Most organizations will provide an install link — either from the Chrome Web Store (when published) or a managed-install URL distributed via Google Workspace Admin Console. If your admin sent you a link, click it and accept the Chrome prompt. Skip ahead to Sign in.

Manual install (while the Chrome Web Store listing is pending)

If your admin hasn’t set up a distribution link yet, they can send you the extension build directly:

Download the .zip file they provide.
Unzip it locally.
Open Chrome and navigate to chrome://extensions.
Turn on Developer mode (top-right toggle).
Click Load unpacked and select the unzipped folder.
The extension appears in your toolbar.

This is fine for internal testing. For end-user rollout, ask your admin to either publish to the Chrome Web Store or deploy via Google Workspace’s managed extension policy.

Permissions requested

On install, Chrome asks you to approve:

Read and change your data on https://app.inpolicy.ai and https://api.inpolicy.ai — the extension communicates with your tenant over these.
Storage — stores your auth token locally so you don’t have to sign in every time you restart Chrome.
Tabs — reads the URL of the active tab to decide whether to scan it.

The extension does not request:

Browsing history access
Access to other sites you visit (beyond the tabs you have open)
Microphone, camera, clipboard, or screen capture

Signing in

Click the InPolicy icon in the Chrome toolbar (pin it from the puzzle menu if you don’t see it).
The popup shows a Sign in button. Click it.
A new tab opens to https://app.inpolicy.ai/signin.
Sign in using your SSO or email/password (whichever your tenant supports).
After sign-in, the tab will briefly show a confirmation and close itself. The extension popup now shows you’re signed in, with your name and avatar.

Under the hood, the sign-in process mints a short-lived JWT (~10–15 minutes) and a longer-lived refresh token. The extension silently refreshes the JWT as you work — you should only need to re-sign-in if:

You explicitly sign out from the popup.
You’ve been signed in for the full refresh-token lifetime (currently 30 days).
Your admin deactivates or deletes your account.

Verifying it’s working

Open any web-based text editor — a new Google Doc is a good choice.
Type a sentence that should trigger a policy your team has published. (If you’re not sure, try something clearly contrary to a policy you know about.)
Within a second or two you should see a red or yellow underline appear under the matched text.
Click the underline to see the policy card.

If nothing happens, check the troubleshooting guide in the FAQ — the most common cause is that no policies have been published in your tenant yet.

Managing multiple Chrome profiles

Chrome treats each profile as an independent browser. If you sign in and out of different profiles (personal, work, etc.), the extension will remember your sign-in status per-profile. You’ll need to sign in again in each profile where you want the extension active.

Uninstalling

From chrome://extensions, click Remove next to InPolicy. The extension is uninstalled and its local storage is wiped. Your account on the web app is unaffected.

What the extension detects — which apps and what kinds of text
Turn it off for a site — for sites where the extension gets in the way