Six objections. Six answers.

Their region is Frankfurt; their data plane still terminates in us-east-1. The inference endpoint, the trace store, the billing system, the support tooling — all US-resident, all subject to the CLOUD Act. A Frankfurt subsidiary with a Delaware parent is a contract structure, not a data-residency answer.

SiteBridge runs on Hetzner Cloud — German operator, Helsinki / Nuremberg / Falkenstein data centres, EU-only by construction. No Standard Contractual Clauses required because there's no third-country transfer to clause. DPA / AVV ready. Optional self-hosting drops the entire stack into your VPC.

And every layer is open-source — LiteLLM (MIT), Langfuse (MIT), pgvector (PostgreSQL license), the SiteBridge MCP server (MIT). Your engineers can read it on GitHub before procurement asks. That posture is structurally unavailable to closed-source US vendors.

It doesn't — the wall is enforceable, not just promised. Two namespaces in pgvector: a tenant overlay (your selectors, your conventions, your data) and a pattern library (cross-tenant, scrubbed, k-anonymity ≥ 5). The scrubbing pipeline runs in four stages before anything pools:

• Token / secret guard. Vault refs, ATCTT/ATATT, JWTs, bearer headers, base64 entropy → quarantined.
• Selector normalizer. Quoted values stripped, IDs replaced with structural roles. The output is a shape, not an instance.
• Prompt fingerprinter. Named entities replaced with type tags. Names, amounts, IDs never cross.
• k-anonymity threshold. Patterns enter the library only after ≥ 5 independent tenants produce them. No tenant can dominate.

Every contribution writes an audit row — what came in, what got stripped, what made it through, hash of the resulting pattern. You can grep your own audit log. Opt out at any time and you still receive the pooled library — because everyone else is contributing. That's the asymmetry, and it's the real moat: Anthropic can't pool what they can't see in the first place.

They’ve been shipping the click/fill/navigate primitive for eighteen months. The safety/learning/integration layer isn’t a feature you announce — it’s operationally earned through production incidents. Every wrong-row destructive click in our incident log is a moat brick.

The tell: Anthropic’s extension blocks financial-services and adult-content sites by default. They’re publicly admitting they don’t trust the agent in the high-value domains where automation has the most ROI. SiteBridge has no category blocklist because the safety stack is structural — audit + undo + pre-click guards — not a list of forbidden URLs.

SiteBridge is also Chrome-extension-based with native messaging — same architecture. The tool surface is 4–5× larger and the safety primitives don’t exist in either alternative. The comparison table makes this self-evident in thirty seconds.

Browser MCP is excellent at the eight things it does. SiteBridge does those eight plus the twenty-two that turn a demo into production. Chrome DevTools MCP is a debugging tool that happens to expose automation — flipping that polarity is more work than buying us.

It is — for spawned-browser automation. The moment you need cookies, MFA tokens, browser extensions, or a real fingerprint that won’t trip bot detection, Playwright MCP is the wrong tool.

SiteBridge is the only MCP designed for the browser the human already has open. Different shape, different category, both can coexist in a stack.

Yes — and Anthropic’s published 11.2% post-mitigation rate is the public watermark for how much risk you’re carrying with the official extension. Our answer is layered:

• Pre-click expectation guards. Agent declares intent; tool refuses if DOM doesn’t match.
• Viewport checks. Refuse clicks on stale or off-screen elements (the silent destructive failure mode).
• Action log + undo snapshot ring. Every mutating click writes a pre-state DOM record.
• Per-MCP-client session isolation via Tab Groups. Multi-agent setups can’t cross-contaminate.
• Clipboard-routed secrets. Sensitive values move DOM → clipboard → DOM without ever appearing in transcripts.

None of the four competitors ship any of these.