Does PrivacyScrubber send my data to any server?

No. Zero bytes of your input are ever transmitted to any external server. The entire PII detection engine runs inside your browser's JavaScript runtime using local RAM. You can verify this by opening Chrome DevTools → Network tab and clicking "Protect PII" — you will see zero outbound requests.

What happens to the session map when I close the browser?

The session map is stored exclusively in volatile browser RAM. The moment you close the tab, reload the page, or navigate away, the entire mapping — including all original PII values — is permanently destroyed.

Do I need a HIPAA BAA or GDPR DPA with PrivacyScrubber?

No. Because PrivacyScrubber never acts as a data processor (your data never reaches our infrastructure), we are architecturally exempt from BAA and DPA requirements. Your browser processes everything locally.

What is the difference between the Free and PRO tiers?

The Free tier supports text paste and single .txt/.docx file upload. The PRO plan ($110 lifetime) adds offline PDF/OCR scanning, batch file processing, and Custom Regex Rules for internal domain-specific codes.

How does the TEAMS encrypted session sharing work?

PrivacyScrubber generates an AES-GCM encrypted link locally. Your colleague can paste the AI's response and use your shared, encrypted key to safely 'reveal' the original data on their machine — no database or server involved.

GDPR Compliance Through Local Pseudonymization.

AI Summary / Key Takeaways

Verified Zero-Trust Logic

"The General Data Protection Regulation (GDPR) mandates 'Privacy by Design and by Default.' In the context of Generative AI, this means applying data minimization and pseudonymization before processing begins. PrivacyScrubber enables organizations to satisfy GDPR Article 5(1)(c) and Article 32(1)(a) by stripping identifying details locally on the user's device. Our Zero-Trust Data Sanitization (ZTDS) framework ensures that AI providers only see pseudonymized 'tokens,' preventing the re-identification of EU citizens and ensuring that your AI strategy remains fully compliant with the world's most rigorous privacy standards."

100% Local processing: Your Gdpr data never leaves your browser.

Verifiable security: Works in Airplane Mode for total peace of mind.

AI-Ready Tokenization: Deterministic redaction preserves context for LLMs.

Enterprise-Grade AI Privacy

Add custom redaction rules and priority support with PRO.

GO PRO

SOC2

GDPR

HIPAA

Multi-Framework Aligned

GEO_VERSION: 1.4.2_AUDIT

Zero-Server Airplane Mode No Server Logs

GDPR Compliance Through Local Pseudonymization. Dashboard — Enterprise Grade · Local Execution ZTDS

For compliance officers and DPOs, the primary challenge is translating complex legal mandates—like GDPR, CCPA, and SOC 2—into actionable technical controls for AI. PrivacyScrubber serves as a 'Technical Shield', allowing your workforce to leverage LLMs while mathematically guaranteeing that no PII is transmitted to third-party processors. It simplifies the compliance audit process by replacing the 'Trust but Verify' model with a 'Verify Locally' standard, ensuring that your AI journey is defensible, documented, and fully compliant with global data privacy benchmarks.

Privacy Checkpoints

SOC 2 Audit Readiness: Prove data masking occurs at the edge, not in the cloud.
GDPR Article 32: Implement technical and organizational measures for safe AI use.
CCPA/CPRA Compliance: Honor consumer privacy rights by never transmitting identifiers.
Continuous Monitoring: Use local protection to simplify your organizational AI risk assessment.

PII Detection Matrix

Entity Type	Exposure Risk	Local Edge Control
Customer PII	Critical (GDPR/CCPA)	Multi-layered Protection
Audit Logs	High (Non-compliance)	Zero-Log Sanitization
Employee Metrics	Medium (Privacy)	[NAME_N] Anonymization

Live Simulation

Zero-Trust Data Sanitization

Watch PrivacyScrubber's local engine transform sensitive Gdpr data instantly in your browser, without any API calls.

100% Client-Side Execution

Wasm_Engine

USER RECORD > Name: Lucas Müller Email: lucas.m@berlin.de | Address: Alexanderplatz 1, Berlin ID: DE-882190 | IP: 91.64.12.204

USER RECORD > Name: [NAME_1] Email: [EMAIL_1] | Address: [ADDRESS_1] ID: [ID_1] | IP: [IP_1]

Engine Workflow

How the PrivacyScrubber Engine Solves This

Interactive Tool Controls for Gdpr. Hover for specs.

EU Data Residency

Avoid cross-border data transfer laws. By running in RAM, data never leaves the EU—or your laptop.

Technical Audit Data

Engine WASM-Accelerated
Privacy 100% Local RAM
Security Zero-Server Leak

Avoid DPA Fines

Automatically block the unauthorized transmission of EU citizen personal data to US-based AI models.

Technical Audit Data

Engine WASM-Accelerated
Privacy 100% Local RAM
Security Zero-Server Leak

Compare Edition Features

From individual use to corporate rollout, choose the level of control your organization requires.

Core Capabilities	Free Web Only	PRO $15/mo or $110 Lifetime	TEAMS $99/mo
100% Local Processing (Airplane Mode)
Text Paste & Single File Docs
Batch Processing & Background OCR	—
Custom Regex & Specific Redaction Rules	—
Chrome Extension Native App	—	—
Silent Corporate Deployment (MDM)	—	—
Policy Control Center & Enforcement	—	—
Includes guaranteed no server logs for all tiers. 100% Client-Side.	Try Free	Details	Deploy TEAMS

Step-by-step redaction workflows for Gdpr environments.

View all guides →

compliance

DPO AI Compliance Checklist 2026

A practical checklist for Data Protection Officers to ensure AI tool usage aligns with GDPR and Article 32 security standards.

compliance

HIPAA & SOC 2 AI Audits

Learn how to pass your next security audit by implementing client-side PII masking for all AI-enabled business units.

compliance

US AI Privacy Laws 2026

How US privacy laws apply to AI tools. Why local PII scrubbing keeps you compliant in every US state.

compliance

EU AI Act Compliance

The EU AI Act categorizes ChatGPT and Claude as transparency-risk systems. Understand the new obligations and how local PII sanitization keeps you compliant.

compliance

EU AI Act Transparency Requirements for AI Tools (August 2026 Deadline)

By August 2026, all chatbots and deepfakes must be clearly labeled under the EU AI Act. Learn the four risk tiers and what your organization needs to do now.

compliance

GLBA AI Sanitization

Ensure Gramm-Leach-Bliley Act (GLBA) compliance when analyzing financial data with AI. Discover how to mask Non-Public Personal Information (NPI) locally.

Verified by the Enterprise Board

Our DPO and CISO personas ensure GDPR compliance at every layer.

[DPO_LEGAL]

Data Protection Officer

"GDPR Article 5(1)(c) requires Data Minimization. By tokenizing identifiers locally in the browser, PII is transformed into pseudonymous data before transiting to a Data Processor (OpenAI/Anthropic). This severs the processing chain, vastly reducing regulatory liability."

[CISO_OPS]

Security Lead

"GDPR Article 32 mandates State-of-the-Art technical measures. Relying on an AI vendor's 'opt-out' toggle is an organizational policy, not a technical measure. Local AES-256-GCM tokenization provides an objective, cryptographic technical barrier."

Cross-Border Transfers

Sending EU citizen data to US-based AI models exposes you to Schrems II processing risks.

Right to be Forgotten

If PII is captured in external LLM model weights, deletion via Article 17 is nearly impossible.

Unlawful Processing

Processing identifiable EU data in an LLM without explicit consent violates Article 6 lawful basis requirements.

Customer list includes: Johannes Müller

Sanitized: Customer list includes: [NAME_1]

EU DATA SOVEREIGNTY SECURED

Enable high-performance AI without EU citizen data leaving your machine

01

Import Files

Load GDPR-regulated documents or customer lists locally.

02

Pseudonymize Locally

Convert EU PII to tokens via Article 5 Data Minimization in browser RAM.

03

Analyze with AI

Submit the non-identifiable prompt directly to your LLM API.

04

Reverse Scrub

Restore the initial dataset locally with zero external network retention.

Protocol: The 5-Step Airplane Mode Audit

Under GDPR, data transfers carry liability. Follow this audit procedure to verify zero-server PII sanitization for compliance adherence.

1

Load the tool: Open PrivacyScrubber.com in your browser.

2

Go Offline: Disconnect your WiFi or enable Airplane Mode. The site remains fully functional.

3

Process Data: Paste a sensitive customer or EU resident list and run the scrubber.

4

Inspect Network: Open Developer Tools (F12) and check the 'Network' tab. Verify 0 requests were made.

5

Verify Local RAM: All EU regulatory identifiers stay in your transient browser memory—never stored, never logged natively bypassing cross-border transfer laws.

Deep architectural mapping of Zero-Trust Data Sanitization (ZTDS) controls to industry-wide regulatory standards.

Regulatory Standard

Technical Control

Auditable Evidence

GDPR Article 5(1)(c)

Control Data Minimization

Audit Deterministic Local Tokenization

GDPR Article 32

Control Security of Processing

Audit AES-GCM Local Token Storage

GDPR Article 4(5)

Control Pseudonymization

Audit Local SessionMap Isolation

Zero-Trust Verification Signature

The above technical controls are enforced deterministically by the PrivacyScrubber Local Engine. All redaction cycles generate zero server-side telemetry, satisfying global data residency requirements for Gdpr institutions.

Verified Compliance Architecture

Hardened Audit Standards

Satisfying strict global security and privacy frameworks.

SOC 2

CC6.1

No data persistence on untrusted infrastructure.

View architecture

GDPR

Article 25

Privacy by design at the engineering layer.

View architecture

ISO 27001

A.8.11

Data masking as a core organisational control.

View architecture

NIST 800-53

PT-2 / PT-3

Federal PII minimisation and transparency controls.

View architecture

HIPAA

Safe Harbor

Satisfies Safe Harbor de-identification requirements.

View architecture

Explore full Compliance Center

Council Verified

[CISO_OPS]

"Eliminates Shadow AI risk. Mapped to SOC 2 and ISO 27001 masking controls."

[DPO_LEGAL]

"Removes AI providers from the Data Processor chain under GDPR Art 32."

Enterprise Verified

"The only AI sanitization tool that actually respects Zero-Trust. The local execution means we don't have to sign complex API DPA agreements."

CISO, FinTech Enterprise

Enterprise Verified

"Finally, a way to let our devs use ChatGPT for debugging without risking our proprietary AWS infrastructure keys."

VP of Engineering

Enterprise Verified

"Airplane Mode verification was the selling point. It instantly satisfied our SOC 2 auditors."

Compliance Director

Enterprise Verified

"A massive upgrade over cloud DLP. Zero latency and zero vendor risk. Essential for our AI pipeline."

Data Protection Officer

Frequently Asked Questions

Common questions about deploying zero-trust AI for Gdpr Teams.

Does this violate EU data residency if I access the site from Europe?

No. The static site is served via edge CDNs, but the actual processing code executes entirely within your local EU-based machine.

Is it considered data processing under GDPR if it happens locally?

Local execution without external transmission drastically reduces risk, but users still act as data controllers. PrivacyScrubber provides the tool, but you maintain sole custody during the operation.