Heedful

On-device DLP for 12 AI chats. Warns before API keys, SSNs, customer data or files reach ChatGPT, Claude, Gemini and 9 more.

Heedful watches for sensitive data in text you paste into AI chat sites and warns you before it is sent. All scanning runs entirely inside your browser. No clipboard content is ever uploaded, logged, or transmitted anywhere. HOW IT WORKS When you paste text into a supported AI chat site, Heedful scans it instantly. If it finds anything sensitive — an API key, a credit card number, or a confidential business term — it shows a warning panel before the message is sent. You then choose to send anyway, remove the sensitive parts, or cancel. WHAT IT DETECTS Secrets and credentials Heedful recognizes the kinds of credentials developers handle every day, so an API key or signing token doesn't slip into an AI chat by accident. Rather than matching a single fixed string, it understands the patterns behind credentials issued by major cloud and developer platforms — covering more than two dozen distinct formats, from connection strings to service-account files. The full, always-current catalog of what it detects lives in our open-source rules repository, where you can review every pattern and suggest your own. Personal identifiers (United States) Recognizes the most common US personal and financial identifiers, including credit-card numbers, which it verifies with a Luhn checksum to reduce false positives. International PII across 16 countries Heedful's detection is localized for 16 countries, so it recognizes the personal and business identifiers that actually show up in each one rather than applying a single generic pattern. Every supported country gets its own tailored detector set, tuned to the local formats for things like national tax and identity numbers. The complete, per-country list of what each detector covers lives in the open-source rules repository, and because everything runs on-device, none of this text ever leaves your machine. Semantic signals (requires on device AI support in Chrome) Customer and company names, internal project codenames, and confidential business content detected by the on-device language model. INDUSTRY COMPLIANCE PRESETS Match Heedful's protection to your regulatory context in a single click. Each preset turns on only the detectors that matter most for the framework you work under, such as HIPAA, PCI DSS, or GDPR. Applying a preset adds the relevant checks and never switches off anything you've already enabled, so it's always safe to try one. FILE SCANNING (PRO) Drop a text file, PDF, or Word document onto the Scan page to check it for sensitive content before uploading it to an AI tool. Findings are highlighted directly inside the document view. REGION DEFAULTS Choose your country in settings and Heedful turns on the detectors most relevant to your jurisdiction by default. You can enable or disable any detector individually at any time. PRIVACY Heedful does not make any network requests of its own. The only permission it uses is storage, to save your settings locally. No clipboard content, no paste text, and no findings are ever sent to any server. The audit log (a count of findings by severity and site) is stored locally in your browser and can be exported or deleted at any time from the options page. The full privacy policy is available at: heedful.app/privacy