By George Curta · Last updated 2026-05-17
Privacy Protection for AI Chatbots
Automatically detect and anonymize personal information before sending messages to ChatGPT and Perplexity AI. Same powerful API as our Desktop App - now in your browser.
Get the Chrome Extension
v1.1.37 · Developer Preview
Download the extension ZIP and install it as an unpacked extension in Chrome. No Chrome Web Store required — free to use.
Download for ChromeInstallation Instructions
- 1Download the ZIP file and extract it to a folder
- 2Open Chrome and navigate to chrome://extensions
- 3Enable "Developer mode" using the toggle in the top-right corner
- 4Click "Load unpacked" and select the extracted folder
- 5The extension is now installed! Click the extension icon and sign in with your anonym.legal account
Chrome Web Store approval is in progress. Once published, the extension will be available for automatic installation.
Supported AI Platforms
The extension works with major AI chat platforms and can be extended to any website
ChatGPT
chatgpt.com
Perplexity
perplexity.ai
Claude
claude.ai
Gemini
gemini.google.com
DeepSeek
chat.deepseek.com
Abacus.ai
chatllm.abacus.ai
Custom connectors can be developed for any website. Contact us for enterprise integration with your internal AI tools.
Core Features
Same powerful features as our Desktop App - powered by the same API
Real-Time Interception
Automatically intercepts messages before they're sent to AI. No manual copy-paste required.
- Intercepts on Send button click
- Works with Enter key submission
- No workflow disruption
- Instant PII detection
Hybrid Detection Engine
Detects 285+ entity types across 48 languages using deterministic regex + NLP patterns with configurable confidence thresholds.
- 285+ entity types
- 48 language support
- Context-aware recognition
- Adjustable sensitivity
Preview Before Send
Review detected PII in a preview modal before sending. Toggle entities, change methods, select presets.
- Entity-by-entity control
- Method selection per message
- Preset quick-switch
- Encryption key selector
Response De-anonymization
Encrypted values in AI responses are automatically decrypted and displayed with visual highlighting.
- Auto-decrypt responses
- Visual highlighting
- Toggle original/encrypted
- Copy decrypted values
5 Anonymization Methods
Choose the right method for each message: Encrypt (reversible), Replace, Mask, Redact, or Hash.
- Encrypt with personal keys
- Replace with fake data
- Mask partially
- Redact completely
Compliance Presets
Pre-configured detection profiles synced from your account. GDPR, HIPAA, PCI-DSS, and country-specific presets.
- 85+ country presets
- GDPR/HIPAA ready
- Custom presets
- Searchable selector
File Anonymization
Anonymize text files before uploading to AI chats. Supports .txt, .md, .csv, .json, .xml, and more.
- Drag-and-drop files
- Preview before upload
- De-anonymize in responses
- Up to 50KB files
48 Languages
Full PII detection support for 48 languages including RTL languages (Arabic, Hebrew, Persian, Urdu).
- Auto language detection
- Multi-language messages
- RTL support
- Regional entity formats
5 Anonymization Methods
Same methods as Desktop App and Office Add-in - choose based on your compliance requirements
Encrypt
Reversible with key
Replace
Fake data
Mask
Partial hide
Redact
Complete removal
Hash
SHA-256
Intelligent De-anonymization
When AI responds with encrypted values, the extension automatically decrypts and highlights them
Auto-Decrypt
Both user messages and AI responses automatically decrypted
Visual Highlight
Green gradient with entity badges for easy identification
Toggle View
Switch between original and encrypted values instantly
Copy Buttons
Copy individual values or entire decrypted messages
Rich Tooltips
Hover to see entity type, key name, and encrypted value
Zero-Knowledge Security
Your password never leaves your device - same security as Desktop App
Enterprise Deployment
Deploy the extension organization-wide with enforced policies, managed presets, and centralized encryption keys
Admin Enforcement
IT administrators can enforce protection policies, preventing users from disabling anonymization on approved sites.
Managed Presets
Deploy organization-specific presets that define which entities to detect and how to anonymize them.
Encryption Policies
Enforce encryption method with organization-managed keys. Ensure all AI interactions use reversible anonymization.
Custom Entities
Define custom entity patterns for internal identifiers, project codes, or proprietary data formats.
Audit Logging
Track anonymization events for compliance reporting. Integration with SIEM systems available.
Bulk Deployment
Deploy via Group Policy, MDM, or enterprise browser management. Pre-configured with organization settings.
Custom Extension Packaging
We can package the extension with your organization's branding, pre-configured settings, and locked-down policies.
- Custom branding and icons
- Pre-configured API credentials
- Enforced site restrictions
- Locked anonymization methods
- Mandatory encryption keys
- Disabled user overrides
- Silent installation support
- Automatic updates from your server
Current & Planned Features
The extension is actively developed with new features planned based on user feedback
Currently Available (v1.0.141)
- Text message anonymization
- File anonymization (.txt, .md, .csv, .json, .xml, .yaml)
- 5 anonymization methods
- Real-time response decryption
- 85+ country presets
- 48 language support
- Encryption key management
- Toggle original/encrypted view
Planned (Roadmap)
- All file formats (PDF, DOCX, XLSX) like Desktop App
- Batch file processing
- Image anonymization
- Chrome Web Store publication
- Firefox and Edge extensions
- More AI platform connectors
- Offline mode with local cache
- Advanced analytics dashboard
Powered by the Same API
The Chrome Extension uses exactly the same API as our other products. If you're already using anonym.legal, the extension works with your existing presets, encryption keys, and settings.
Plan Availability
The Chrome Extension is available on all paid plans
Free plan users can upgrade to access the Chrome Extension. Business plans include custom deployment support.
Data Loss Prevention Built for Browser-Based AI
Traditional enterprise DLP was designed for file transfers and email — not for the new reality where employees type sensitive data directly into ChatGPT, Claude, and Gemini. anonym.legal's Chrome Extension delivers DLP where the data actually leaks: inside the browser, before the prompt reaches the AI provider.
of employees paste sensitive data into AI tools (LayerX 2025)
of data exfiltration now happens via AI tools
to deploy vs weeks for enterprise DLP
Frequently Asked Questions — Browser DLP for AI
Comment puis-je empêcher mon équipe de coller accidentellement des données clients dans ChatGPT ?
L'extension Chrome d'anonym.legal intercepte le contenu du presse-papiers avant qu'il n'atteigne les chatbots IA (ChatGPT, Claude, Gemini, DeepSeek, Perplexity), détectant et remplaçant automatiquement les PII par des jetons anonymisés. La détection des PII utilise l'API hébergée par anonym.legal dans l'UE — aucune donnée n'est envoyée au fournisseur d'IA tant qu'elle n'a pas été assainie. L'extension fonctionne de manière transparente, ne nécessitant aucun changement de flux de travail de votre équipe.
Des extensions Chrome malveillantes ont volé 900 000 conversations ChatGPT — comment puis-je savoir qu'une extension de confidentialité est sûre ?
L'extension Chrome d'anonym.legal utilise Manifest V3 (la dernière norme de sécurité de Chrome) avec des autorisations minimales — elle ne s'active que sur les sites de chatbots IA que vous activez explicitement. La détection des PII utilise l'API hébergée par anonym.legal dans l'UE avec une conception à connaissance nulle : le texte est analysé en mémoire et n'est jamais stocké. Le modèle optional_host_permissions de l'extension signifie qu'elle ne peut pas accéder à un site que vous n'avez pas explicitement autorisé.
Puis-je utiliser ChatGPT pour des tâches de support client sans violer le GDPR ?
L'extension Chrome d'anonym.legal anonymise les PII des clients avant qu'elles n'atteignent ChatGPT, transformant les vrais noms, adresses et identifiants en jetons anonymisés. Comme seul le texte assaini atteint les serveurs d'OpenAI, aucune donnée personnelle n'est traitée par le fournisseur d'IA — éliminant ainsi la préoccupation concernant le transfert de données selon le GDPR. La fonction de cryptage réversible (sur les plans payants) permet de restaurer les noms d'origine dans la réponse de ChatGPT pour la communication finale avec le client.
Comment puis-je empêcher les employés d'envoyer accidentellement des PII clients à ChatGPT dans les réponses de support ?
L'extension Chrome détecte automatiquement les PII dans le texte soumis aux chatbots IA et les remplace par des jetons anonymisés avant la soumission. Cela se fait de manière transparente — les employés tapent ou collent normalement, et l'extension intercepte le contenu au niveau du navigateur. Elle prend en charge ChatGPT, Claude, Gemini, DeepSeek et Perplexity avec des contrôles d'activation par site.
Comment puis-je vérifier qu'une extension de confidentialité Chrome ne collecte pas mes données ?
L'extension Chrome d'anonym.legal utilise Manifest V3 avec optional_host_permissions — elle ne peut pas accéder à un site web à moins que vous ne lui accordiez explicitement l'autorisation via la fenêtre contextuelle de l'extension. La détection des PII se fait via l'API hébergée par anonym.legal dans l'UE avec une architecture à connaissance nulle : le texte est analysé en transit et n'est jamais stocké. L'extension ne demande aucune autorisation de collecte de données en arrière-plan et s'active uniquement sur les sites de chatbots IA que vous avez activés.
Les développeurs collent des variables d'environnement et des secrets dans Claude pour le débogage — comment pouvons-nous le détecter au niveau du navigateur ?
L'extension Chrome détecte les clés API, les jetons JWT, les chaînes de connexion de base de données et les variables d'environnement dans le texte soumis aux chatbots IA, les remplaçant par des espaces réservés sûrs avant la transmission. Pour Claude spécifiquement, le serveur MCP fournit une intégration plus profonde au niveau de l'outil IA. Ensemble, ils créent une défense à deux niveaux contre l'exposition accidentelle de secrets dans les flux de travail des développeurs.
Nous devons partager des cas cliniques avec une IA pour l'apprentissage — mais les noms des patients et les dates de naissance ne peuvent pas être inclus. Comment ?
L'extension Chrome détecte automatiquement les noms des patients, les dates de naissance, les MRN et d'autres PHI avant que le texte n'atteigne le chatbot IA. Les cliniciens collent l'étude de cas normalement — l'extension intercepte et anonymise toutes les PHI en temps réel, n'envoyant que du texte dé-identifié à l'IA. Cela permet un apprentissage clinique assisté par IA tout en respectant les exigences de dé-identification HIPAA.
From the Blog
View all articlesAI Coding Assistants Leak Production PII
Unit test fixtures with real customer records. Log files with production data for debugging. GitHub found 39 million secrets leaked in 2024.
Internal Wiki PII: Confluence Customer Data
Support teams document processes with screenshots of customer accounts. Over 3 years, that's thousands of GDPR data minimization violations in your.
Screenshot PII: Leaks in Internal Tools
Slack, Teams, Jira, and email regularly receive screenshots containing customer PII. This access-control violation bypasses every DLP tool.
Interested in the Chrome Extension?
Contact us to request testing access or discuss enterprise deployment options. We'll help you evaluate the extension for your organization's AI privacy needs.
About this page
We update this page when our platform or the law changes.
Read our founder note for how we work.
Each change shows up in the timestamp at the top.
Related reading
- Common questions
- Glossary
- How tokens work
- Security posture
- Where we comply
- What we detect
- Case studies
- Release notes
We follow these rules
- GDPR (EU 2016/679).
- ISO/IEC 27001:2022.
- NIS2 (EU 2022/2555).
- HIPAA safe harbor under 45 CFR § 164.514(b)(2).
Our promise
We do not sell your data.
We do not train models on your text.
We store your files in Germany.
You can delete your account at any time.
You own your work.
Where we run
Our servers live in Falkenstein, Germany.
We use Hetzner. They hold ISO 27001 certification.
All data stays in the EU.
Backups run every day.
Need help?
Email support@anonym.legal.
We reply within one business day.
How we test
We run a full check suite on every release.
Each surface gets its own sweep script and report.
Human reviewers spot-check the output each week.
We track recall and precision on a labelled set.
Bad runs block the deploy.
What we never do
- We never sell your information to third parties.
- We never train models on what you upload.
- We never keep your work after you delete it.
- We never share keys with any outside firm.
- We never run ads inside the product.
Plans in plain words
We sell credits, not seats.
One credit covers one short job.
Long jobs use a few credits each.
You can top up at any time.
Unused credits roll over each month.
Read the plans page for current rates.
Who built this
A small team of engineers and lawyers built this.
We ship from Europe and work in the open.
Our founder note spells out why we started.
Where to start
- Open the web app and try a sample file.
- Learn how credits get counted.
- See current plans and limits.
- Meet the team behind the product.
How the parts fit
A browser add-on cleans text inside Chrome.
A Word plug-in handles drafts in Office.
A small desktop tool works on whole folders.
An agent protocol link feeds large models safely.
All four share one core engine and one rule set.
Words from our team
We started this work after a lunch about cookies.
One friend kept getting odd ads on her phone.
We asked why a court file leaked through a draft.
We sketched the first build on a napkin that week.
By month three we had a tiny demo for a friend.
She used it on her first case the next day.
Common questions we hear
Can the tool read scanned PDFs? Yes, with OCR.
Does it work on long files? Yes, in small chunks.
Can I roll my own rule set? Yes, save it as a preset.
Does it run offline? The desktop build runs offline.
Do you keep my files? No, the cloud build wipes after each run.
Will it learn from my work? No, we never train on inputs.
A short tour of the workflow
Upload a file or paste a snippet of prose.
Pick the entities you want gone from the draft.
Choose a method: replace, mask, hash, encrypt, or redact.
Press run and watch the side panel show each hit.
Skim the result and tweak any rule that misfired.
Save the cleaned file or send it to a teammate.