Privacy Guardrail

Privacy Guardrail — catch personal data before it reaches the AI

Privacy Guardrail helps you spot personal or sensitive data in text before you paste it into a supported AI chat assistant. All detection runs locally in your browser. Nothing you type, paste, review, or correct is uploaded to any server by this extension, and there is no telemetry or analytics.

Developed at the German Research Center for Artificial Intelligence (DFKI), in the Data Science and its Applications research department.

This is a public beta.

Detection is assistive: it helps you catch things, but it will not catch everything and it is not a compliance or data-loss-prevention product.

WHAT IS IMPROVED IN THIS RELEASE

• Much lower Local AI memory use. The default compact 4-bit model and runtime fixes reduced typical extension RAM while Local AI is loaded from multi-gigabyte beta behavior to around 1 GB in local validation, with lower GPU memory use as well.
• More systems can keep Local AI enabled by default. The extension now only auto-disables Local AI at 2 GB or less of browser-reported memory, while still warning on 2–4 GB systems.

WHAT IT DOES

• Intercepts pastes on supported chat sites and offers a local review step.
• Highlights potentially personal or sensitive spans such as names, emails, phone numbers, addresses, IBANs, credit card numbers, IP addresses, organizations, and locations.
• Lets you accept or ignore each detected span and inserts typed placeholders for the spans you accept.
• Keeps a local identity vault so the same value gets the same placeholder across a conversation, and supports restoration where the chat surface allows it. Restored values are visually highlighted in the AI response so you can see what was filled back in.
• Combines fast pattern recognizers with an optional local AI model that runs entirely in your browser through ONNX Runtime Web, using WebGPU when available and CPU/WASM otherwise.
• Falls back to a clearly degraded pattern-only mode when local AI is unavailable, instead of silently pasting unchecked text.

SUPPORTED CHAT APPS

• ChatGPT (chat.openai.com, chatgpt.com)
• Claude (claude.ai)
• Gemini (gemini.google.com)

Generic or custom websites are not supported.

PRIVACY POSTURE

• No telemetry. No analytics. No automatic remote feedback collection.
• No upload of clipboard text, prompts, responses, detected entities, identity maps, vault data, or feedback logs.
• The local AI model and runtime are packaged with the extension; there is no remote model fetch.
• Settings, identity vault, allow/block lists, and local feedback logs are stored only in Chrome extension storage on your device.
• Full details in the project's Privacy Policy: https://github.com/dfki-dsa/pii-guardrail-browser-extension/blob/main/PRIVACY.md

SYSTEM REQUIREMENTS

Privacy Guardrail runs a transformer NER model directly in your browser, which is demanding. Please review these requirements before installing:

• Browser: Google Chrome desktop, latest stable version. Other Chromium browsers and mobile Chrome are not supported in this release.
• Recommended for Local AI: at least 16 GB of system RAM and a WebGPU-capable GPU for smooth, responsive detection.
• Minimum for Local AI: more than 2 GB of browser-reported memory. On systems with 2 GB or less, Local AI auto-disables and the extension falls back to pattern-only detection. Between 2 GB and 4 GB, Local AI stays on but a slowdown warning may appear.
• Without WebGPU: Local AI falls back to CPU/WASM execution — functional but noticeably slower.
• The default Local AI model is a compact q4f16 build that typically keeps the loaded extension runtime around 1 GB of RAM in local validation, a major reduction from earlier beta builds.
• Pattern-only mode (regex/checksum detection without the transformer) runs on any supported Chrome system, regardless of memory or GPU.

These requirements exist because the AI model runs locally on your device instead of in the cloud. Further lowering resource use through smaller models, distillation, and more efficient inference is an active area of work.

KNOWN LIMITATIONS — PLEASE READ

Privacy Guardrail is an assistive tool, not a compliance or data loss prevention (DLP) product. It is currently in public beta (version 0.3.x).

• Detection can miss sensitive content (false negatives) and can flag harmless text (false positives). Always review the suggestions before sending.
• Short names, ambiguous words, code blocks, tables, and unusual formatting reduce detection quality.
• Local AI performance depends on your browser, device memory, and WebGPU support. Pattern-only mode covers a narrower set of categories than Local AI.
• Restoration of placeholders in model responses depends on local records and may not handle every rewrite the model produces.
• The extension does not protect text you type directly into the chat input — it triggers on paste events.
• Detection quality varies by language; English and major European languages are the primary focus during the beta.

If accidentally sharing personal data with an AI service would have serious legal, financial, or safety consequences for you, please do not rely on this extension as your sole safeguard.

OPEN SOURCE AND TRANSPARENT

Privacy Guardrail is open source. You can inspect the code, build it yourself, and verify the SHA-256 checksum of each release against the ZIP attached to the corresponding GitHub Release. Contributions, bug reports, and feedback are welcome through the project's GitHub repository.

ABOUT THE PROJECT

Privacy Guardrail is developed in the Data Science and its Applications research department at DFKI (German Research Center for Artificial Intelligence) as part of ongoing research into privacy-preserving interaction with large language models.

PROVIDER & LEGAL NOTICE

Published by Deutsches Forschungszentrum für Künstliche Intelligenz GmbH (DFKI).

• Impressum / Legal Notice (§ 5 DDG): https://github.com/dfki-dsa/pii-guardrail-browser-extension/blob/main/IMPRESSUM.md
• Privacy Policy: https://github.com/dfki-dsa/pii-guardrail-browser-extension/blob/main/PRIVACY.md
• Source code & releases: https://github.com/dfki-dsa/pii-guardrail-browser-extension