How Zero-Trust Sanitization Works

PrivacyScrubber operates entirely in your browser — no data is ever sent to our servers. See the exact pipeline, then explore how each tier works for real professionals.

PipelineFreeAuditorTeams

  1. Source Input

    Data enters via text paste, single file upload, batch `.zip` document upload, or live typings natively inside ChatGPT via our Chrome Extension.

  2. Local Engine

    The Javascript client detects PII (or custom Enterprise Regex rules) offline. Sensitive entities are securely swapped with cryptographic tokens like [NAME_1].

  3. Safe Output

    You submit the sanitized prompt (containing only tokens, no raw PII) safely to LLMs like ChatGPT, Claude, or internal systems without risking data leakage.

  4. Reverse Scrubber

    The AI's response is pasted back into PrivacyScrubber. It decrypts the tokens using the ephemeral Session Map, restoring the real data locally.

Real Workflows

See It In Action

Three professionals. Three tiers. One zero-trust engine. See exactly how each plan solves a real privacy problem.

Sarah — Marketing Manager

40-person SaaS startup · Uses ChatGPT daily for client emails and campaign copy

Free Tier
1

Paste a client follow-up email draft

Hi David, following up on our call. Please send the revised proposal to david.chen@acmecorp.com by Friday. The Q3 budget is $45,000. Talk soon, Sarah Miller.
2

Engine masks 4 entities instantly — all in your browser

Hi [NAME_1], following up on our call. Please send the revised proposal to [EMAIL_1] by Friday. The Q3 budget is [FINANCIAL_1]. Talk soon, [NAME_2].
3

Copy sanitized text to ChatGPT → get polished response

ChatGPT sees only tokens — never the real names, emails, or financial data.

4

Paste AI response back → Reveal restores real data locally

The session map lives only in browser memory. Close the tab and it's gone forever.

Sarah tries to drag a client contract (.pdf) — and hits the wall

PDF scanning, batch file processing, and custom regex rules require the Auditor plan.

Unlock Auditor

Marcus — Compliance Analyst

Mid-size financial services firm · Reviews NDAs, vendor questionnaires, and internal deal memos

$15 Monthly Plan
1

Drag-drop a .zip with 8 vendor NDAs (.docx) + 2 scanned contracts (.pdf)

The engine spins up parallel web workers — mammoth.js for DOCX, Tesseract OCR for scanned PDFs.

2

Custom Regex catches internal codes that standard PII detection misses

Custom Rules Active
Transfer [ACCOUNT_1] allocation per [MEMO_1] — approved by [NAME_1] at [EMAIL_1]

Regex patterns: ACC-\d{5}-\w{2} → [ACCOUNT_N] · MEMO/\d{4}/[A-Z]{3}/\d{3} → [MEMO_N]

3

Downloads a sanitized .zip — all 10 docs cleaned, zero server contact

47 entities found across all files. Marcus uploads the clean versions to his firm's internal AI assistant for analysis.

4

Switches to "Legal" detection profile for deeper entity coverage

Profile auto-catches case numbers, bar numbers, and attorney names in signature blocks — 12 entities instead of the 5 that General mode finds.

Marcus's manager asks: "Can you guarantee all 6 analysts use the same redaction rules?"

Shared governance libraries, encrypted session handoff, and team synchronization require the Enterprise plan.

Unlock Teams

Diana — VP of Information Security

500-person fintech · Board mandate: "No raw PII in any external AI tool"

$99/Month
1

Create a master session with 14 custom regex rules + Legal & Finance profiles

Diana configures the governance library once. It becomes the single source of truth for the entire compliance department.

2

Encrypts the session into an AES-GCM secure link

The payload is encrypted locally using XChaCha20-Poly1305. She generates an offline passphrase and sends it to her team out-of-band.

3

Analysts decrypt the link locally to inherit the rules

Because there is no database, the synchronization is cryptographically forced. If an analyst pastes data, it is sanitized according to Diana's exact ruleset.

Scale to the whole company without training?

Enterprise Source License provides the un-obfuscated Next.js source code to deploy PrivacyScrubber directly inside your VPN.

View Enterprise

Platform Deep-Dives

The architecture behind each capability.

TEAMS: Encrypted Session Sharing

Teams

For enterprise operations, managers need to enforce consistent regex libraries across the department. With the TEAMS subscription, administrators can encrypt their mapping session and securely share the payload with edge workers via Slack or email. When imported, the entire team synchronizes on the exact same redaction standard instantly—without relying on any database.

Explore TEAMS

Chrome Extension Ecosystem

Free / Pro

The extension seamlessly bridges your browser and the web dashboard, bringing zero-trust capabilities directly into ChatGPT, Claude, and Gemini without breaking workflows.

  • Zero-Trust Handoff: PRO licenses securely sync from the dashboard to the extension offline.
  • Seamless Profile Switching: Right-click the shield icon in any chat window to instantly toggle between General, Legal, HR, or Finance detection profiles without cluttering your chat UI.
  • Session Sync: Tokens mapped on the website are instantly understood inside your AI chat windows.
  • Local Image OCR: Paste screenshots directly into the popup to mask PII via local WebAssembly.
View Extension

Bulk Folder & OCR Engine

Auditor

Processing a single contract is easy, but what about 1,000 PDFs? The PRO tier allows you to drag and drop entire `.zip` archives. PrivacyScrubber spins up a local web-worker thread array running Tesseract OCR, extracting image-based text, stripping all PII, and packaging the safe data back into a downloaded `.zip` file—while maintaining zero-server transmission.

Learn About Bulk OCR

Frequently Asked Questions

Everything you need to know about how PrivacyScrubber processes data.

Does PrivacyScrubber send my data to any server?
No. Zero bytes of your input are ever transmitted to any external server. The entire PII detection engine runs inside your browser's JavaScript runtime using local RAM. You can verify this by opening Chrome DevTools → Network tab and clicking "Protect PII" — you will see zero outbound requests.
What happens to the session map when I close the browser?
The session map is stored exclusively in volatile browser RAM. The moment you close the tab, reload the page, or navigate away, the entire mapping — including all original PII values — is permanently destroyed. It is never written to localStorage, cookies, IndexedDB, or any other persistent storage.
Do I need a HIPAA BAA or GDPR DPA with PrivacyScrubber?
No. Because PrivacyScrubber never acts as a data processor (your data never reaches our infrastructure), we are architecturally exempt from Business Associate Agreement and Data Processing Agreement requirements. There is no "business associate" — your browser processes everything locally. See the HIPAA compliance page and GDPR compliance page for full technical details.
What is the difference between the Free and Auditor tiers?
The Free tier supports text paste and single .txt/.docx file upload with standard PII detection (names, emails, phones, IDs). The PRO plan ($15 /mo) adds offline PDF/OCR scanning, batch .zip file processing, and Custom Regex Rules for domain-specific codes like case numbers, account IDs, or internal product SKUs.
How does the TEAMS encrypted session sharing work?
An administrator configures a governance library (custom rules, detection profiles, session map) and encrypts it using AES-GCM locally in the browser. This generates an encrypted Magic Link. Team members click the link, enter the out-of-band passphrase, and their browser decrypts and loads the identical configuration — no database, no server, no sync service involved. Full TEAMS documentation →
What are the technical limits of Local OCR Scanning?
Image processing utilizes an embedded Tesseract WebAssembly engine to guarantee 100% local scanning (images never leave your device). Because it relies on client-side RAM, scanning high-resolution images or dense multi-page PDFs may take between 3-10 seconds depending on your device's CPU. Supported formats include PNG, JPG, and single-page PDFs. For highly complex images, we recommend scaling down the resolution slightly before pasting.

Get PRO Lifetime

100% Local GDPR Compliance