Redact

Privacy guard for LLM chats. Catches credentials and PII - On-device and Open source.

Redact catches credentials and personally identifying information before it reaches LLM chat boxes. Detection runs locally inside the user's browser using a small neural network bundled in the extension package. HOW IT WORKS When the user pastes into a supported chat box, Redact intercepts the paste event and scans the text in a Web Worker. Inference completes in about 150 milliseconds on a modern laptop after the model has loaded. The model recognizes credentials, social security numbers, credit card numbers, email addresses, and phone numbers. A regex safety net adds high-precision detection for canonical credential formats including AWS access keys, GitHub personal access tokens, Anthropic API keys, JWTs, database connection URLs, and private key blocks. INTERACTION Each entity type has a Block / Warn segmented toggle in the popup's "Sensitivity per type" section. When a blocked item is detected the user can choose one of four flows: a quick prompt, a full-screen block, a cooldown after the first prompt, or silent auto-redaction. WHERE IT RUNS Redact activates only on the chat sites declared in its manifest. The current host list is published at redact.clearformlabs.com. PRIVACY The extension contains no analytics or telemetry. The detection model loads from a chrome-extension:// URL inside the extension package and never from any external origin at runtime. The only persisted data is the user's own settings, stored via chrome.storage.sync. A source search for fetch or XMLHttpRequest returns no outbound network calls. Full privacy policy: https://redact.clearformlabs.com/privacy KNOWN BEHAVIOR By design, the extension ignores canonical placeholder values that appear in documentation and tutorials. The training set explicitly excludes AKIAIOSFODNN7EXAMPLE, 4242 4242 4242 4242, 123-45-6789, test@example.com, 555-555-5555, and similar well-known samples. Redacting those would create false positives every time a user pasted a tutorial snippet, so the model is balanced to let them through. Detection of canonical credential formats (AWS access keys, GitHub personal access tokens, Anthropic API keys, JWTs, database connection URLs, private key blocks) is deterministic via the regex safety net. Less-common credential formats rely on the neural network and may have variable accuracy. The extension is intended as a defense-in-depth layer alongside proper secrets management, not as a guarantee that every secret will be caught. The extension does not function on sites whose Content Security Policy blocks blob: workers, such as Gemini. On those sites it disables itself silently and passes pastes through unchanged. OPEN SOURCE Source: github.com/Clearform-Labs/Redact License: PolyForm Noncommercial 1.0.0.