Coming soon — join the waitlist

Stop sensitive data
before it reaches the AI.

A Chrome extension that scans every prompt you type into Claude, ChatGPT, and Gemini in real time. The moment it spots something sensitive, it stops you — locally, privately, with zero data leaving your machine.

✓ You're on the list. We'll notify you when GuardianAI launches.

No spam. Just a launch notification. Unsubscribe any time.

🔒 100% Local ⚡ Real-time detection ✓ No cloud. No login. No prompt storage. 🇿🇦 POPIA-aware Free during beta

↓ Download extension (beta)

How to install

Extract the ZIP anywhere on your computer
Open Chrome and go to chrome://extensions
Enable Developer Mode (toggle, top right)
Click Load unpacked → select the extracted folder

The origin

"The policy was solid. But I kept coming back to the same question — will people actually follow it, or will they paste the wrong thing without even realising?"

It started at work. We were building an AI usage policy — the kind that sets out what staff can and can't share with AI tools. The research was thorough, the intentions were right. But somewhere in the process, a different question started nagging at me. Policies get written. Policies get circulated. And then people get busy, and they paste whatever they need to paste to get the job done. Would they read it? Would they remember it in the moment? And if they didn't — what was actually stopping sensitive data, internal IP, or personal information from quietly ending up in a prompt?

The more I looked at it, the clearer the gap became. It wasn't a question of bad intent. It was a question of awareness. A developer pulls a connection string from a config file and drops it into Claude to debug something. A director shares a client name and some financials to get a summary written faster. An admin pastes an ID number to check a format. None of them are being careless — they're being human. The policy doesn't help in that moment. Nothing does.

Then a startup reached out — one actively working in the AI compliance and governance space. If anyone was going to have this covered, it was them. But even they were wrestling with the same gap: what actually prevents sensitive data from reaching the AI in the first place? Not policy. Not training. Something that works in the moment, before the prompt is sent. That conversation landed differently. It wasn't a gap born from ignorance — it was a gap that even the most thoughtful teams in the space were still trying to solve. And that told me everything.

What I kept hearing — from new AI users, from developers, from directors and admins — was fear. Not fear of AI itself, but fear of the unknown boundary. What's safe to share? What isn't? Where does my data go? That uncertainty creates distance between people and tools that could genuinely help them. GuardianAI exists to close that gap. Not with another policy. Not with another training session. With something that works quietly in the background, catches what you might miss, and builds the trust between users and AI that doesn't quite exist yet.

How it works

Five steps.
Zero data leaves your browser.

You type a prompt

GuardianAI watches every keystroke and paste event in real time inside Claude, ChatGPT, and Gemini.

Local scan fires

After a brief pause, the detection engine runs — 9 pattern types plus your custom keywords — entirely inside your browser.

Risk assigned

HIGH blocks submission instantly. MEDIUM shows a warning modal. LOW is completely silent. NONE — you never know it ran.

You decide

Replace sensitive values in place, send anyway, or ignore and finish typing before scanning again.

Event logged locally

Timestamp, site, risk level, and action stored in your browser only. Export as CSV. No prompt text ever recorded.

Detection

What GuardianAI
catches before you send.

SA ID Numbers

8001015009087

HIGH · §26 POPIA

AWS Access Keys

AKIA···EXAMPLE

HIGH · §19 POPIA

JWT Tokens

eyJhbGci···

HIGH · §19 POPIA

Private Key Blocks

-----BEGIN RSA···

HIGH · §19 POPIA

Connection Strings

mongodb://user:pass@···

HIGH · §19 POPIA

Email Addresses

jon@company.co.za

MEDIUM · §11 POPIA

SA Phone Numbers

+27 82 123 4567

MEDIUM · §11 POPIA

Custom Keywords

CONFIDENTIAL, Project X

MEDIUM · configurable

Source Code

function getUser() {···}

LOW · silent

Warning UI

Three levels.
Always your choice.

HIGH

Blocked

Submission is stopped. A red banner appears. You cannot send until you dismiss it, review the input, or replace the sensitive values in place.

MEDIUM

Warning modal

A modal shows you exactly what was detected, the actual values found, and a plain-English explanation of why it was flagged. You decide what happens next.

LOW

Silent

Source code patterns are flagged internally but cause no interruption. You can send normally.

POPIA compliance

Built for
South African users.

Most data governance tools are built for enterprise budgets and foreign regulations. GuardianAI is different — it has POPIA baked in from the ground up, designed for South African individuals and teams who are navigating AI adoption carefully.

When POPIA mode is on, every detection is tagged with the relevant section of the Act, warning language shifts to reflect your compliance obligations, and "Send Anyway" is disabled on HIGH risk events — consistent with the duty of care required by the legislation.

POPIA mode helps identify potentially regulated data. It does not guarantee legal compliance. Consult your Information Officer for guidance specific to your organisation.

§11

Conditions for Lawful Processing

Email addresses and phone numbers. Personal information may only be processed with consent or for a legitimate purpose.

§19

Security Safeguards

API keys, tokens, connection strings, private keys. Responsible parties must secure the integrity and confidentiality of personal information.

§26

Special Personal Information

SA ID numbers. Processing is prohibited unless specific conditions under the Act are met.

Privacy by design

No cloud.
No exceptions.

🔒

100% Local

All scanning happens inside your browser. Zero data leaves your machine at any point.

🚫

No Cloud

No server. No API calls. No telemetry. Verified via Chrome DevTools Network tab — zero outbound requests from the extension.

📋

No Prompt Storage

The audit log stores metadata only — timestamp, site, risk level, action. Never the content of your prompts.

⚙️

Fully Configurable

Custom keywords, detection thresholds, auto-sanitize behaviour. Your settings stay on your machine.

Simple, transparent pricing

Start free.
Upgrade when ready.

All plans include the full detection engine. We never cripple safety — only workflow and compliance features are gated.

Personal

Free

Always free — no card required

20 scans per day

All 9 detection types — SA ID, API keys, emails, phone & more

Manual replace in banner

10-event audit log

No custom keywords

No silent auto-sanitize

No compliance mode (POPIA)

Get started free →

Feature	Free	Pro	Team
Daily scan limit	20/day	Unlimited	Unlimited
Detection types	All 9	All 9	All 9
Manual replace	✓	✓	✓
Silent auto-sanitize	✕	✓	✓
Audit log	10 events	50 events + CSV	50 events + CSV
Custom keywords	✕	Up to 50	Unlimited
CSV keyword import	✕	✓	✓
POPIA compliance mode	✕	✓	✓
UK GDPR / CCPA mode	✕	✓ (coming soon)	✓ (coming soon)
Central policy pack	✕	✕	✓
Admin dashboard	✕	✕	✓
Org-level audit reporting	✕	✕	✓
Seat management	✕	✕	✓
Priority support	✕	✓	✓
Local-only — no cloud	✓	✓	✓

Stop sensitive data before it reaches the AI.

Five steps.Zero data leaves your browser.

What GuardianAIcatches before you send.

Three levels.Always your choice.

Built forSouth African users.

No cloud.No exceptions.

Start free.Upgrade when ready.

Be the firstto know.

Stop sensitive data
before it reaches the AI.

Five steps.
Zero data leaves your browser.

What GuardianAI
catches before you send.

Three levels.
Always your choice.

Built for
South African users.

No cloud.
No exceptions.

Start free.
Upgrade when ready.

Be the first
to know.