Privacy Guardrail

Review and replace personal data in text before pasting into LLM chats. Runs locally in your browser. Assistive only.

Privacy Guardrail scans your text for personally identifiable information (PII) the moment you paste it into a supported AI chat app, and lets you replace sensitive spans with stable placeholders before the message is sent. Detection runs entirely on your device — no pasted text leaves the browser, and there is no telemetry or analytics. Developed at the German Research Center for Artificial Intelligence (DFKI), in the Data Science and its Applications research department. What it does: • Intercepts paste events in supported chat inputs and scans the clipboard text locally. • Detects pattern-based PII such as email addresses, phone numbers, credit card numbers, IBANs, SSNs, IP addresses, and dates — using deterministic recognizers compiled from Rust to WebAssembly, with checksum validation where applicable. • Adds a local transformer NER model (running in your browser through ONNX Runtime Web with WebGPU acceleration) to catch names, addresses, organizations, identifiers, credentials, and other free-text PII that simple patterns miss. • Shows a review UI so YOU decide what gets anonymized before anything is sent. • Replaces selected spans with stable placeholders like [EMAIL_1], [PERSON_1], [IBAN_1]. • Remembers the placeholder map locally so model responses can be de-anonymized back to your original values, with restored content visually highlighted. Supported chat apps: • ChatGPT (chat.openai.com, chatgpt.com) • Claude (claude.ai) • Gemini (gemini.google.com) • More to come Privacy: • No pasted text is ever transmitted to a remote server. • No telemetry, no analytics, no account, no tracking. • The transformer model and placeholder map live in your local browser storage only. • Full details in the project's PRIVACY policy and open-source code on GitHub. System requirements: Privacy Guardrail runs a transformer NER model directly in your browser, which is demanding. Please review these requirements before installing: • Browser: Google Chrome desktop, latest stable version. Other Chromium browsers and mobile Chrome are not supported in this release. • Recommended for Local AI: at least 16 GB of system RAM and a WebGPU-capable GPU for smooth, responsive detection. • Minimum for Local AI: more than 8 GB of browser-reported memory. On systems with 8 GB or less, Local AI auto-disables and the extension falls back to pattern-only detection. Between 8 GB and 14 GB, Local AI stays on but a slowdown warning may appear. • Without WebGPU: Local AI falls back to CPU/WASM execution — functional but noticeably slower. • Pattern-only mode (regex/checksum detection without the transformer) runs on any supported Chrome system, regardless of memory or GPU. These requirements are intentionally high because the AI model runs locally on your device instead of in the cloud. Lowering them — through smaller models, distillation, and more efficient inference — is an active area of work. Known limitations — please read Privacy Guardrail is an assistive tool, NOT a compliance or data loss prevention (DLP) product. It is currently in public beta. • Detection can miss sensitive content (false negatives) and can flag harmless text (false positives). Always review the suggestions before sending • Short names, ambiguous words, code blocks, tables, and unusual formatting reduce detection quality • Local AI performance depends on your browser, device memory, and WebGPU support. Pattern-only mode covers a narrower set of categories than Local AI • Restoration of placeholders in model responses depends on local records and may not handle every rewrite the model produces • The extension does not protect text you type directly into the chat input: it triggers on paste events • Detection quality varies by language; English and major European languages are the primary focus during the beta If accidentally sharing personal data with an AI service would have serious legal, financial, or safety consequences for you, please do not rely on this extension as your sole safeguard. Open source and transparent: Privacy Guardrail is open source. You can inspect the code, build it yourself, and verify the SHA-256 checksum of each release against the ZIP attached to the corresponding GitHub Release. Contributions, bug reports, and feedback are welcome through the project's GitHub repository. → https://github.com/dfki-dsa/pii-guardrail-browser-extension About the project: Privacy Guardrail is developed in the Data Science and its Applications research department at DFKI (German Research Center for Artificial Intelligence) as part of ongoing research into privacy-preserving interaction with large language models.