Browser Extension
Automatically intercept and redact PII before your messages reach ChatGPT, Claude, or Google Gemini. Detection runs entirely in your browser with no data sent to external servers.
Installation
Install the extension from the Chrome Web Store in seconds. Works on Chrome, Edge, Brave, Arc, and all Chromium-based browsers.
Get PrivaiShield for Chrome
Free to install. Protects ChatGPT, Claude, and Gemini automatically.
Add to Chrome — It's FreeInstall from Chrome Web Store
Click the button above or search for "PrivaiShield" in the Chrome Web Store. Click Add to Chrome to install.
Pin the extension
Click the puzzle icon in Chrome's toolbar and pin the PrivaiShield extension for easy access. The shield icon will appear in your toolbar.
Sign in to your account
Click the shield icon and sign in with Google or GitHub to connect the extension to your PrivaiShield account. This enables enhanced server-side detection and usage tracking.
Start chatting
Navigate to ChatGPT, Claude, or Gemini and start chatting. The extension works automatically — when PII is detected, a review overlay appears before your message is sent.
Supported Platforms
The extension uses platform-specific adapters to integrate with each AI chatbot's interface. Each adapter knows how to find the input field, intercept submissions, and inject redacted text.
Full support for text input interception and file upload scanning. Works with all GPT models.
Intercepts messages to Claude with full PII detection. Compatible with all Claude model tiers.
Protects messages sent to Google Gemini, including Gemini Pro and other model variants.
Features
The extension scans every message you send for 19+ types of personally identifiable information, including SSNs, emails, phone numbers, credit cards, API keys, addresses, medical records, and more. The real-time entity recognition engine runs entirely in your browser — no data is sent anywhere.
When PII is detected, a modal overlay appears before the message is sent. This is your validation step — it shows exactly what was detected and what the AI will see. Review each entity’s type, original value, and replacement token. Click “Send Redacted” to confirm, or “Go Back & Edit” to manually remove anything the system missed. Always check that all sensitive data has been caught before sending, especially with PHI or legal content.
The extension intercepts file uploads on supported platforms. When you attach a document, the text content is extracted and scanned for PII. A redaction preview is shown so you can confirm before the file is uploaded.
After sending a redacted message, the AI may respond using the placeholder tokens (e.g., [EMAIL_1]). The extension's rehydrator watches AI responses and can replace these tokens back with contextual markers for readability, while the actual sensitive data was never sent.
Use the popup (click the shield icon) to quickly enable or disable the extension. When disabled, messages are sent without any interception. The popup also shows statistics about how many entities have been redacted across your sessions.
How It Works
A step-by-step walkthrough of what happens when you send a message on a supported platform.
Content script initializes
When you visit a supported site, the extension's content script loads and determines which adapter to use (ChatGPT, Claude, or Gemini). The adapter knows how to find the input area and intercept form submissions.
Message interception
The adapter listens for submit events (Enter key or Send button click). When triggered, it prevents the default submission and captures the message text for scanning.
PII detection runs locally
The captured text is passed through the real-time entity recognition engine, which identifies 19+ sensitive entity types. This runs entirely in your browser — no network calls are made during detection.
Redaction overlay displayed
If PII is found, a Shadow DOM overlay appears with a summary of detected entities. The overlay shows the original values alongside their replacement tokens and provides 'Send Redacted' and 'Go Back & Edit' buttons.
User decides
You review the detected entities and choose whether to send the redacted version or go back to edit. If no PII is detected, the message is sent immediately without interruption.
Redacted text submitted
If confirmed, the adapter injects the redacted text into the chat input and submits it. The AI receives only anonymized placeholders. The mapping between tokens and original values is stored locally for the rehydrator.
PII Detection
The extension detects the following entity types in real time. All detection runs locally in your browser.
| Entity Type | Example Pattern | Replacement Token |
|---|---|---|
| SSN | 123-45-6789 | [SSN_1] |
| user@example.com | [EMAIL_1] | |
| PHONE | 555-123-4567 | [PHONE_1] |
| FINANCIAL | ****1234 | [FINANCIAL_1] |
| DOB | DOB: 03/15/1990 | [DOB_1] |
| IP_ADDRESS | 192.168.1.1 | [IP_ADDRESS_1] |
| ADDRESS | 123 Main St, Boston, MA 02101 | [ADDRESS_1] |
| API_KEY | sk-live-abc123... | [API_KEY_1] |
| ACCOUNT_NUMBER | Account: 7291038 | [ACCOUNT_NUMBER_1] |
| EIN | EIN: 12-3456789 | [EIN_1] |
| MRN | MRN: 4829103 | [MRN_1] |
| SSH_KEY | ssh-rsa AAAAB3... | [SSH_KEY_1] |
Additional types detected: AWS Instance IDs, insurance policy numbers, account IDs, case numbers, ticket numbers, routing numbers, and dollar amounts.
Permissions FAQ
Common questions about extension permissions and data handling.
The extension needs permission to access these sites so it can intercept your messages before they're sent to the AI provider. This interception happens entirely in your browser — we inject a content script that watches for form submissions, scans the text for PII, and shows you a redaction preview before anything leaves your device. Without this permission, we couldn't protect your data at the moment it matters most: right before it's sent to an external server.
In Standard mode, no data is sent anywhere. PII detection runs 100% locally in your browser using our real-time entity recognition engine. In Enhanced mode, if you choose to enable it, your text is sent to our secure AWS pipeline for additional deep learning-powered detection — but only after the local scan completes. Even in Enhanced mode, we never store your original text; it's processed in memory and discarded immediately after redaction.
Yes, always. Before any message is sent, a review overlay appears showing every detected entity: the original value, its type (SSN, email, phone, etc.), and the replacement token. You can review this summary and choose to 'Send Redacted' or 'Go Back & Edit' if you want to make changes. You're always in control of what gets sent.
The extension stores a mapping between tokens (like [SSN_1]) and original values in your browser's local storage so we can rehydrate AI responses. This mapping never leaves your device and is encrypted. You can clear this data at any time by clearing your browser data or removing the extension.
When disabled, messages are sent to the AI provider exactly as you type them, with no interception or scanning. The extension is completely inactive. You can toggle it on/off at any time by clicking the shield icon in your browser toolbar.
Troubleshooting
Make sure the extension is enabled (click the shield icon to check). Also verify you're on a supported platform (chatgpt.com, claude.ai, or gemini.google.com). The entity recognition engine detects structured PII formats (SSNs, emails, phones, etc.) — generic text without recognizable PII won't trigger redaction.
Some platform UI updates may change the DOM structure the adapter relies on. Try refreshing the page. If the issue persists, check the browser console for errors and report the issue on GitHub.
File upload interception uses a main-world script injection. Some strict Content Security Policies may block this. Check the browser console for CSP errors.
If another extension modifies the AI chatbot's DOM (e.g., custom themes or productivity tools), it may interfere with the adapter's selectors. Try disabling other extensions on the AI platform's tab to isolate the issue.
The adapter system is extensible. You can create a new adapter by implementing the base adapter interface and registering it in the adapter factory. See the existing adapters in the source code for reference.
Ready to protect your AI conversations?
Install the extension in seconds, or try the web chat to experience PII redaction without installing anything.