Sonomos

AI-powered privacy protection with real-time detection of sensitive data including PII and secrets

Sonomos is a privacy layer for AI. It detects sensitive data — Social Security numbers, credit cards, email address, legal case numbers, Bitcoin addresses, and more — in real time as you type into ChatGPT, Claude, Gemini, and other AI chatbots. Everything runs locally in your browser. Your data is never sent to our servers or anywhere else. 𝗧𝗛𝗘 𝗣𝗥𝗢𝗕𝗟𝗘𝗠 AI chatbots are powerful, but they create a new kind of data leak. Every prompt you type is sent to a third-party server. If that prompt contains a client's Social Security number, a patient's medical record number, an API key, or a confidential case filing, that data is now outside your control. Most people don't paste sensitive data into AI on purpose. They do it by accident — copying from a document, referencing a real client in a question, or not realizing that a phone number or account number was embedded in the text they're working with. Sonomos catches those mistakes before they happen. 𝗛𝗢𝗪 𝗜𝗧 𝗪𝗢𝗥𝗞𝗦 Sonomos runs a detection engine called Dagger directly in your browser. When you type or paste into a supported AI chatbot, Dagger scans the text in real time and highlights any sensitive data it finds using a color-coded system: 🟢 Green — No sensitive data detected. You're clear to send. 🟡 Yellow — Low-risk data found (IP addresses, zip codes, device IDs). Review before sending. 🔴 Red — High-risk data found (SSNs, credit cards, credentials, routing numbers). Do not send without reviewing. Detected items are highlighted with an inline overlay, similar to a spell-checker. Click any highlighted item to see what was detected and why it's flagged. 𝗪𝗛𝗔𝗧 𝗦𝗢𝗡𝗢𝗠𝗢𝗦 𝗗𝗘𝗧𝗘𝗖𝗧𝗦 Sonomos detects over 60 types of sensitive data across seven categories: Personal Information — Email addresses, phone numbers, physical addresses, dates of birth, zip codes Government & Tax IDs — Social Security numbers (SSN), Employer Identification Numbers (EIN), passport numbers, driver's license numbers, tax identification numbers, NHS numbers, Social Insurance Numbers (SIN) Financial Data — Credit card numbers, IBAN codes, routing numbers, SWIFT/BIC codes, bank account numbers Legal & Court Data — Case/docket numbers, attorney bar numbers, court orders, litigation IDs, contract numbers, patent numbers, filing references, subpoena numbers, evidence IDs, witness IDs, settlement references Medical & Healthcare — Medical record numbers (MRN), health plan/member IDs, DEA numbers, NPI numbers Security & Credentials — API keys, JWT tokens, OAuth tokens, AWS access keys, GCP keys, Azure keys, passwords, bearer tokens, secrets Blockchain & Crypto — Bitcoin addresses, Ethereum addresses, private keys, seed/recovery phrases, wallet keys, extended public keys (xpub), Monero/Ripple/Solana addresses, exchange API keys, transaction hashes Technical Identifiers — IPv4/IPv6 addresses, MAC addresses, geolocation coordinates, UUIDs, IMEI numbers, serial numbers, device IDs All detection happens locally. No data is sent to any server for analysis. 𝗦𝗨𝗣𝗣𝗢𝗥𝗧𝗘𝗗 𝗦𝗜𝗧𝗘𝗦 Sonomos works on major AI platform sites. You can add or remove sites from the extension's "Site Settings" tab to customize which platforms that it monitors. 𝗣𝗥𝗜𝗩𝗔𝗖𝗬-𝗙𝗜𝗥𝗦𝗧 𝗔𝗥𝗖𝗛𝗜𝗧𝗘𝗖𝗧𝗨𝗥𝗘 Sonomos is built on a local-first architecture. Here's what that means: ✓ All detection runs in your browser. No text is sent to Sonomos servers. ✓ No data collection. We don't log, store, or transmit the content you type. ✓ No third-party analytics. No tracking pixels, no behavioral profiling. ✓ Works offline. Core detection functions without an internet connection. ✓ Open detection logic. The patterns used for detection are visible in the extension source code. The only network calls Sonomos makes are for account authentication and subscription management. These never include the content of your prompts or detected data. 𝗕𝗨𝗜𝗟𝗧 𝗙𝗢𝗥 𝗣𝗥𝗢𝗙𝗘𝗦𝗦𝗜𝗢𝗡𝗔𝗟𝗦 Sonomos is designed for professionals who handle sensitive information: Law Firms — Prevent accidental disclosure of case numbers, client SSNs, attorney-client privileged references, and court filing details when using AI for legal research or drafting. Financial Services — Catch credit card numbers, routing numbers, account numbers, and tax IDs before they're sent to an AI model that may retain training data. Healthcare — Flag medical record numbers, patient identifiers, health plan IDs, and DEA/NPI numbers to help maintain HIPAA-conscious workflows. Technology — Detect API keys, JWT tokens, AWS credentials, private keys, and other secrets that developers frequently paste into AI coding assistants. Crypto & Blockchain — Protect wallet addresses, seed phrases, private keys, and exchange API credentials from being exposed to third-party AI systems. Important: Sonomos is a privacy assistance tool. It does not guarantee detection of all sensitive data and does not by itself constitute compliance with HIPAA, GLBA, SOX, or any other regulatory framework. It is one layer in a broader data protection strategy. 𝗞𝗘𝗬𝗦𝗧𝗥𝗢𝗞𝗘 𝗚𝗨𝗔𝗥𝗗 Many websites embed third-party scripts that listen to your keystrokes — even on AI chatbot pages. Sonomos includes Keystroke Guard, which: — Blocks third-party scripts from registering keyboard event listeners on input fields — Sanitizes keyboard events for first-party scripts so character-level data isn't exposed — Identifies known tracker domains attempting to capture your typing behavior This runs automatically in the background on all monitored sites. 𝗔𝗧𝗧𝗔𝗖𝗛𝗠𝗘𝗡𝗧 𝗦𝗖𝗔𝗡𝗡𝗜𝗡𝗚 Users can scan file attachments before uploading them to AI chatbots. Supported formats: — PDF documents — Word documents (.docx) — Excel spreadsheets (.xlsx) — Images (via local OCR) The scanner extracts text from these files locally and runs the same detection engine on the contents, alerting you to sensitive data before the file is uploaded. 𝗣𝗟𝗔𝗡𝗦 Free — 25 detections per day. Full Dagger detection engine. Keystroke Guard included. Pro — Unlimited detections. Attachment scanning. Priority support. Full access to all detection categories. All plans include a 30-day free trial of Pro features. 𝗣𝗘𝗥𝗠𝗜𝗦𝗦𝗜𝗢𝗡𝗦 𝗘𝗫𝗣𝗟𝗔𝗜𝗡𝗘𝗗 Sonomos requests the following permissions: — "Read and change your data on specific sites" — Required to scan text in input fields on supported AI chatbot sites and display detection overlays. Sonomos only activates on sites in your configured list. — Storage — Saves your preferences, detection settings, and account session locally. — Notifications — Alerts you when high-risk data is detected (optional, can be disabled). Sonomos does not read your browsing history, access your bookmarks, or monitor activity on sites outside your configured list. 𝗦𝗨𝗣𝗣𝗢𝗥𝗧 Website: https://sonomos.ai Privacy Policy: https://sonomos.ai/privacy Terms of Service: https://sonomos.ai/terms Contact: info@sonomos.ai Sonomos is built by Sonomos, Inc., based in San Diego, California.