Shield: AI Privacy for ChatGPT & Claude

Stop sharing sensitive data with AI tools. Auto-masks API keys, passwords & personal info in ChatGPT, Claude & Gemini. Free.

🛡️ INFINIUM SHIELD — AI PRIVACY FIREWALL Every message you send to ChatGPT, Claude, or Gemini passes through their servers — and stays there. Shield intercepts your prompts before they leave your browser, replaces sensitive data with safe tokens, and swaps them back in the AI's response. You get the same answer. The AI never sees your real data. Works automatically. Zero configuration. No account required. ───────────────────────────────────── WHAT SHIELD PROTECTS ───────────────────────────────────── Shield automatically detects and masks 19 categories of sensitive data: 🔴 CRITICAL API keys — AWS, OpenAI, Anthropic, GitHub, Slack and generic api:/token:/bearer: patterns Passwords — all common password field formats Database connection strings — PostgreSQL, MySQL, MongoDB, Redis and more JWT tokens Private keys — RSA, EC, OpenSSH, PGP Secret environment variables 🟡 WARNING Email addresses Phone numbers Credit card numbers Private IP addresses (RFC 1918) Social Security Numbers (SSN) 🟢 INFO URLs containing embedded credentials Internal hostnames (*.internal, *.corp, *.local) System file paths Personal names ───────────────────────────────────── HOW IT WORKS ───────────────────────────────────── You type a message in ChatGPT, Claude, or Gemini You press Enter or click Send Shield intercepts the prompt in milliseconds Sensitive values are replaced with tokens: [EMAIL_1], [API_KEY_1], [PASSWORD_1] The clean prompt is sent to the AI When the AI responds, tokens are swapped back to real values You read natural, accurate text — your data was never exposed The entire process is invisible. You work exactly as you normally would. ───────────────────────────────────── PRIVACY GUARANTEE ───────────────────────────────────── Shield is built on a single principle: your data never leaves your device without your knowledge. FREE TIER — 100% LOCAL All processing happens inside your browser Zero data sent to any server — ever No account required, no registration, no email No analytics, no telemetry, no tracking Works fully offline Open to inspection — no hidden background requests PRO TIER — METADATA ONLY Your actual prompt content is still never transmitted The audit log records only: which AI tool, how many items were masked, what categories (EMAIL, API_KEY etc.) Real values are never logged, never sent, never stored on our servers Custom rules are synced as plain text terms — no prompt content, ever This architecture means Shield is privacy-preserving by design, not just by policy. ───────────────────────────────────── GDPR & COMPLIANCE ───────────────────────────────────── For organisations operating under GDPR, HIPAA, SOC 2, or similar data protection frameworks, sharing personal data with third-party AI providers without proper safeguards creates significant compliance risk. Shield addresses this by ensuring: Personal data (emails, names, phone numbers) is masked before transmission Credentials and secrets never leave the browser in plaintext No personal data is processed by InfiniUm Tools in the free tier Pro tier processing is limited to non-personal metadata Data minimisation principle is enforced by architecture, not policy Shield does not replace a full data protection programme, but it significantly reduces the surface area of accidental data exposure when using AI tools. ───────────────────────────────────── SUPPORTED AI PLATFORMS ───────────────────────────────────── ✅ ChatGPT (chatgpt.com + chat.openai.com) ✅ Claude (claude.ai) ✅ Gemini (gemini.google.com) ───────────────────────────────────── FREE vs PRO ───────────────────────────────────── FREE — Forever, no account needed ✓ All 19 built-in detection rules ✓ Automatic interception on ChatGPT, Claude & Gemini ✓ Token swap in AI responses ✓ Popup showing what was masked ✓ Per-site and global on/off toggle ✓ 100% local — nothing sent anywhere PRO — $8/month via infinium.tools ✓ Everything in Free ✓ Custom rules — protect your project names, client names, internal codenames ✓ Sync custom rules across all your browsers and devices ✓ Advanced detection — .env files, cloud credentials (AWS/GCP/Azure), Stripe keys, code secrets ✓ Full audit log — what was masked, when, on which AI tool ✓ Priority support ───────────────────────────────────── PERFECT FOR ───────────────────────────────────── 👨‍💻 Developers — Stop accidentally sharing API keys, database passwords and secrets when asking AI for help with code 🏢 Companies & Teams — Protect confidential project names, client data and internal information ⚖️ Legal & Compliance Teams — Reduce GDPR exposure when staff use AI tools for document review 🏥 Healthcare — Prevent inadvertent sharing of patient-related information with AI systems 🔐 Security Teams — Enforce data hygiene across AI tool usage without blocking productivity ───────────────────────────────────── PERMISSIONS EXPLAINED ───────────────────────────────────── Shield requests only what it needs to function: storage — Save your settings and statistics locally in your browser tabs — Detect which AI site you have open to show the correct status in the popup alarms — Pro only: schedule daily rule sync in the background Shield does NOT request access to your browsing history, bookmarks, clipboard, or any data unrelated to the AI sites it protects. ───────────────────────────────────── OPEN & TRANSPARENT ───────────────────────────────────── InfiniUm Shield is built by InfiniUm Tools, a developer-focused platform providing security, DevOps and SEO tools at infinium.tools. Privacy Policy: https://infinium.tools/privacy Support: contact@infinium.tools Website: https://infinium.tools/shield ───────────────────────────────────── FREQUENTLY ASKED QUESTIONS ───────────────────────────────────── Q: Does Shield read my conversations? A: No. Shield intercepts your outgoing message at the moment you press Send, replaces sensitive values with tokens, and never stores or transmits the content. Q: Does the AI know it's getting masked data? A: The AI receives clean, readable text with tokens like [EMAIL_1] in place of sensitive values. Most AI tools handle this naturally and give useful responses. Q: Will masking break the AI's answer? A: No. Shield only masks values, not context. The AI understands what you're asking — it just doesn't see the real credentials. When it responds, tokens are swapped back so you read natural text. Q: Is this GDPR compliant? A: The free tier processes nothing outside your browser, making it fully compliant. The Pro tier transmits only non-personal metadata. Always consult your organisation's DPO for a full compliance assessment. Q: What happens if I uninstall Shield? A: Nothing. Shield stores only your settings and statistics locally. Uninstalling removes everything. No data remains on any server. Q: Can I use Shield on Firefox? A: A Firefox version is in development. Check infinium.tools/shield for updates. ADDITIONAL CONTENT (append to description to fill remaining space) ───────────────────────────────────── A REAL EXAMPLE ───────────────────────────────────── Without Shield, pasting this into ChatGPT: "Can you help debug this? DB: postgres://admin:S3cr3tPass@db.internal:5432/prod The user auth token is: eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyIjoiam9obn0.abc123 Contact the client at john.smith@acme-corp.com if it fails" ...sends your database password, JWT token, internal hostname, and a real email address directly to OpenAI's servers. That data is stored, potentially used for training, and subject to any future breach. With Shield, the same message becomes: "Can you help debug this? DB: [DB_CONN_1] The user auth token is: [JWT_1] Contact the client at [EMAIL_1] if it fails" The AI gives you exactly the same debugging help. Your credentials and personal data never left your browser. ───────────────────────────────────── DETECTION ENGINE — TECHNICAL DETAILS ───────────────────────────────────── Shield uses a multi-pass regex engine running entirely inside your browser tab. Each rule is compiled once and applied in priority order: Critical → Warning → Info. Token mapping works as follows: Each unique sensitive value gets its own numbered token: [EMAIL_1], [EMAIL_2] The token map is stored in memory for the current session When the AI responds, all tokens are replaced with original values before you read the text Starting a new conversation clears the token map completely Nothing is written to disk except your settings and statistics The engine runs in under 10 milliseconds on typical prompts — imperceptible to the user. ───────────────────────────────────── ENTERPRISE DEPLOYMENT ───────────────────────────────────── Shield can be deployed across an organisation using Chrome's managed extension policies. IT administrators can: Force-install Shield on all managed Chrome profiles via Google Workspace Admin Pre-configure the extension as enabled by default Distribute Pro API keys via managed storage policies Monitor usage via the Pro audit log endpoint This makes Shield suitable for large-scale deployments where individual configuration is not practical. For enterprise licensing and volume Pro plans, contact: contact@infinium.tools ───────────────────────────────────── COMPLIANCE USE CASES ───────────────────────────────────── GDPR (EU General Data Protection Regulation) Article 5 of GDPR requires personal data to be processed lawfully and minimised. When employees use AI tools, they may inadvertently share personal data — names, emails, phone numbers — with third-party processors without a proper legal basis. Shield reduces this risk by masking personal data before transmission, helping organisations meet their data minimisation obligations. HIPAA (US Health Insurance Portability and Accountability Act) Healthcare organisations using AI tools for documentation, research, or administrative tasks risk exposing Protected Health Information (PHI). Shield masks emails, phone numbers, and personal names before they reach AI systems, reducing exposure of PHI to unauthorised third-party processors. SOC 2 (Service Organisation Control 2) SOC 2 Type II audits assess an organisation's information security practices. Uncontrolled use of AI tools by employees creates risks around data availability, confidentiality, and privacy — all SOC 2 trust criteria. Shield provides a technical control that reduces the likelihood of confidential data leaving the organisation's control boundary. ISO 27001 Information security management systems under ISO 27001 require organisations to identify and treat risks to information assets. AI tools represent an emerging risk category. Shield provides a measurable, auditable control for this risk. Note: Shield is a technical control, not a compliance certification. It significantly reduces risk but does not guarantee compliance. Always consult your organisation's legal and compliance teams. ───────────────────────────────────── WHAT SHIELD DOES NOT DO ───────────────────────────────────── Transparency about limitations is important: ✗ Shield does not encrypt your prompts — it masks them ✗ Shield does not prevent you from manually typing sensitive data ✗ Shield does not protect data you copy-paste after the mask runs ✗ Shield does not modify data in file uploads or attachments ✗ Shield does not work on AI tools not listed in the supported platforms ✗ Shield does not guarantee 100% detection of all sensitive data — novel formats may be missed ✗ Shield is not a substitute for a comprehensive data protection programme ✗ Shield does not protect against social engineering or intentional data sharing For critical security requirements, Shield should be one layer of a broader data protection strategy. ───────────────────────────────────── WHAT HAPPENS TO YOUR DATA ───────────────────────────────────── FREE TIER — Complete data inventory: Settings (on/off, per-site toggles): stored locally in chrome.storage.local Statistics (total masked count, categories): stored locally in chrome.storage.local Last scan findings (token names, not values): stored locally in chrome.storage.local Token map (value → token mappings): stored in memory only, cleared on new conversation Network requests made: ZERO PRO TIER — Complete data inventory: Everything above (still local) Shield API key: stored locally in chrome.storage.local Audit log entries sent to server: site name, masked count, category types only Custom terms synced to server: plain text terms you explicitly added Actual prompt content: NEVER transmitted, NEVER stored, NEVER logged InfiniUm Tools does not sell, share, rent or transfer any user data to third parties for any purpose. ───────────────────────────────────── SUPPORTED BROWSERS ───────────────────────────────────── ✅ Chrome (this extension) ✅ Firefox — available at addons.mozilla.org (search "InfiniUm Shield") ✅ Edge — available at microsoftedge.microsoft.com/addons (search "InfiniUm Shield") ✅ Brave — install directly from Chrome Web Store, works out of the box ───────────────────────────────────── EXTENDED FAQ ───────────────────────────────────── Q: Can the AI tell that tokens have replaced real values? A: Yes — the AI sees tokens like [EMAIL_1] in your prompt. Most AI models handle this naturally, understand the context, and give helpful responses. You can even tell the AI "the tokens represent masked values" if needed. Q: What if Shield masks something it shouldn't? A: The global toggle and per-site toggle let you disable Shield instantly. For fine-tuned control, you can also reload the page to clear the token map and start fresh. Q: Does Shield slow down my browser? A: No measurably. The detection engine runs in under 10ms on typical prompts. Shield has no persistent background activity in the free tier — it only activates when you press Send on a supported AI site. Q: Is the source code available? A: We are working toward open-sourcing the core detection engine. For security research inquiries, contact contact@infinium.tools. Q: Does Shield work in Incognito/Private mode? A: Not by default. To enable Shield in Incognito, go to chrome://extensions → Shield → "Allow in Incognito". Your settings will not persist between Incognito sessions. Q: What is the Pro audit log used for? A: The audit log helps security teams understand AI tool usage patterns — how often employees are masking data, which categories (API keys, emails etc.) are most common, and which AI tools are being used. It does not contain any actual prompt content. Q: How do I get my Shield API key for Pro? A: After subscribing at infinium.tools/shield, your API key is emailed to you immediately and also shown in your InfiniUm dashboard. Paste it into the Shield popup → Pro tab → Connect. Q: What happens if my Pro subscription lapses? A: Shield automatically downgrades to the free tier on the next daily sync. Your custom rules are preserved locally. The 19 built-in detection rules continue working — you never lose basic protection. Q: Can I use Shield for free forever? A: Yes. The free tier has no trial period, no expiry, and no feature degradation over time. The 19 built-in rules and automatic interception are free permanently. Q: Is InfiniUm Tools based in the EU? A: InfiniUm Tools operates with EU-based infrastructure (Frankfurt, Germany) and complies with GDPR requirements. Contact: contact@infinium.tools ───────────────────────────────────── VERSION HISTORY ───────────────────────────────────── v1.2.0 — Current Added Pro tier with custom rule sync, audit log and advanced detection Extended detection: Stripe keys, Azure strings, GCP credentials, .env files Improved API key detection: api:, token:, bearer:, auth: patterns Performance improvements to detection engine Firefox compatible version available v1.0.0 — Initial release 19 built-in PII detection rules Works on ChatGPT, Claude and Gemini Token map with automatic de-anonymisation in responses Per-site and global toggles Free, no account required