How Zero-Trust Sanitization Works

PrivacyScrubber operates entirely in your browser — no data is ever sent to our servers. See the exact pipeline, then explore how each tier works for real professionals.

▶ Watch DemoPipelineFreeAuditorTeams
Threat Modeling Explainer

Anatomy of a Leak: Securing the Prompt Perimeter

Watch our visual dry-run showing how raw prompts expose sensitive customer data, API keys, and financial metrics to AI platforms—and how the PrivacyScrubber engine intercepts them locally at the boundary.

privacyscrubber.com — Zero-Trust PII Sanitization
Airplane Mode Verified· No Server Logs· 100% Local Processing· Zero Tracking
Try It Free — No Account Needed Install Chrome Extension

  1. Source Input

    Data enters via text paste, single file upload, batch `.zip` document upload, or live typings natively inside ChatGPT via our Chrome Extension.

  2. Local Engine

    The Javascript client detects PII (or custom Enterprise Regex rules) offline. Sensitive entities are securely swapped with cryptographic tokens like [NAME_1].

  3. Safe Output

    You submit the sanitized prompt (containing only tokens, no raw PII) safely to LLMs like ChatGPT, Claude, or internal systems without risking data leakage.

  4. Reverse Scrubber

    The AI's response is pasted back into PrivacyScrubber. It decrypts the tokens using the ephemeral Session Map, restoring the real data locally.

Real Workflows

See It In Action

Three professionals. Three tiers. One zero-trust engine. See exactly how each plan solves a real privacy problem.

Sarah — Marketing Manager

40-person SaaS startup · Uses ChatGPT daily for client emails and campaign copy

Free Tier
100% Local SandboxStep 1 of 4: Paste Raw Prompt
Hi David, following up on our call. Please send the revised proposal to david.chen@acmecorp.com by Friday. The Q3 budget is $45,000. Talk soon, Sarah Miller.
Ephemeral EngineIdle

Sarah tries to drag a client contract (.pdf) — and hits the wall

PDF scanning, batch file processing, and custom regex rules require the Auditor plan.

Unlock Auditor

Marcus — Compliance Analyst

Mid-size financial services firm · Reviews NDAs, vendor questionnaires, and internal deal memos

$15 Monthly Plan
WebAssembly OCR ArrayStep 1 of 4: Multi-File Input
nda_acme_corp.docxPending Scan
vendor_invoice.pdf (Scanned Image)Requires OCR
internal_memo.txtPending Scan
Local WASM WorkersReady

Marcus's manager asks: "Can you guarantee all 6 analysts use the same redaction rules?"

Shared governance libraries, encrypted session handoff, and team synchronization require the Enterprise plan.

Unlock Teams

Diana — VP of Information Security

500-person fintech · Board mandate: "No raw PII in any external AI tool"

$99/Month
Argon2id / Poly1305 SecurityStep 1 of 4: Design Policy
Active Profiles: HIPAA, GDPR, Finance
Shadow AI Blocklists: 14 Core Blocked APIs
Custom Redaction Rules: 14 Active Expressions
Zero-Server GovernanceConfigured

Scale to the whole company without training?

Enterprise Source License provides the un-obfuscated Next.js source code to deploy PrivacyScrubber directly inside your VPN.

View Enterprise

Platform Deep-Dives

The architecture behind each capability.

TEAMS: Encrypted Session Sharing

Teams

For enterprise operations, managers need to enforce consistent regex libraries across the department. With the TEAMS subscription, administrators can encrypt their mapping session and securely share the payload with edge workers via Slack or email. When imported, the entire team synchronizes on the exact same redaction standard instantly—without relying on any database.

Explore TEAMS

Chrome Extension Ecosystem

Free / Pro

The extension seamlessly bridges your browser and the web dashboard, bringing zero-trust capabilities directly into ChatGPT, Claude, and Gemini without breaking workflows.

  • Zero-Trust Handoff: PRO licenses securely sync from the dashboard to the extension offline.
  • Seamless Profile Switching: Right-click the shield icon in any chat window to instantly toggle between General, Legal, HR, or Finance detection profiles without cluttering your chat UI.
  • Session Sync: Tokens mapped on the website are instantly understood inside your AI chat windows.
  • Local Image OCR: Paste screenshots directly into the popup to mask PII via local WebAssembly.
View Extension

Bulk Folder & OCR Engine

Auditor

Processing a single contract is easy, but what about 1,000 PDFs? The PRO tier allows you to drag and drop entire `.zip` archives. PrivacyScrubber spins up a local web-worker thread array running Tesseract OCR, extracting image-based text, stripping all PII, and packaging the safe data back into a downloaded `.zip` file—while maintaining zero-server transmission.

Learn About Bulk OCR

Frequently Asked Questions

Everything you need to know about how PrivacyScrubber processes data.

Does PrivacyScrubber send my data to any server?
No. Zero bytes of your input are ever transmitted to any external server. The entire PII detection engine runs inside your browser's JavaScript runtime using local RAM. You can verify this by opening Chrome DevTools → Network tab and clicking "Protect PII" — you will see zero outbound requests.
What happens to the session map when I close the browser?
The session map is stored exclusively in volatile browser RAM. The moment you close the tab, reload the page, or navigate away, the entire mapping — including all original PII values — is permanently destroyed. It is never written to localStorage, cookies, IndexedDB, or any other persistent storage.
Do I need a HIPAA BAA or GDPR DPA with PrivacyScrubber?
No. Because PrivacyScrubber never acts as a data processor (your data never reaches our infrastructure), we are architecturally exempt from Business Associate Agreement and Data Processing Agreement requirements. There is no "business associate" — your browser processes everything locally. See the HIPAA compliance page and GDPR compliance page for full technical details.
What is the difference between the Free and Auditor tiers?
The Free tier supports text paste and single .txt/.docx file upload with standard PII detection (names, emails, phones, IDs). The PRO plan ($15 /mo) adds offline PDF/OCR scanning, batch .zip file processing, and Custom Regex Rules for domain-specific codes like case numbers, account IDs, or internal product SKUs.
How does the TEAMS encrypted session sharing work?
An administrator configures a governance library (custom rules, detection profiles, session map) and encrypts it using AES-GCM locally in the browser. This generates an encrypted Magic Link. Team members click the link, enter the out-of-band passphrase, and their browser decrypts and loads the identical configuration — no database, no server, no sync service involved. Full TEAMS documentation →
What are the technical limits of Local OCR Scanning?
Image processing utilizes an embedded Tesseract WebAssembly engine to guarantee 100% local scanning (images never leave your device). Because it relies on client-side RAM, scanning high-resolution images or dense multi-page PDFs may take between 3-10 seconds depending on your device's CPU. Supported formats include PNG, JPG, and single-page PDFs. For highly complex images, we recommend scaling down the resolution slightly before pasting.