Any model
ChatGPT, Claude, Gemini & more
0 bytes
Personal data to any server
100%
Runs in your browser
The gap
Model speed vs procurement
New AI models launch weekly. IT approval takes months. Teams test ChatGPT, Claude, Gemini, and others anyway. That's shadow AI - and it's already happening in your org.
Sensitive data follows every prompt
Teams paste real documents into tools they're testing. Names, IBANs, AHV numbers, diagnoses, financial data - all exposed to model providers with no visibility or control.
One layer for every model
PrivacyLayer works across every AI tool - browser extension or SDK. One control layer. No IT rollout. No data policy rewrite. Teams stay flexible. Compliance stays intact.
How it works
01
Paste or upload
Drop in a PDF, paste text, or use the browser extension. 50+ detection patterns scan your content and replace every personal identifier with a safe placeholder - locally, in your browser.
02
Send to any AI
The cleaned version goes to ChatGPT, Claude, Gemini - or any other tool. The model works with placeholders. It never sees real names, addresses, IDs, or financial data.
03
Get the real answer back
The AI responds using placeholders. PrivacyLayer swaps them back to real values. You read a natural, complete response - the AI never knew the actual names or numbers.
Chrome Extension
Works inside ChatGPT, Claude, Gemini and Perplexity.
No tab switching. No copy-paste. Click one button inside the chat — your data never reaches the AI.
Your message
Passenger complaint — [NAME_01], DOB [DOB_01], AHV [AHV_01], IBAN [IBAN_01]
ChatGPT
Dear Maria Bernasconi, thank you for bringing this to our attention. We sincerely apologize for the inconvenience...
Open DevTools → Network tab → zero outbound requests with personal data. Verify it yourself.
ChatGPT
supported
Claude
supported
Gemini
supported
Perplexity
supported
One click
Click Protect. Tokens replace real data. The AI sees only placeholders. Click again to undo.
Auto-restore
When the AI responds with tokens, real values come back automatically — highlighted in green, right inside the chat.
Verify yourself
Open DevTools, Network tab. Zero personal data in outbound requests. Verify it yourself.
Get the extension
Chrome Web Store submission in progress. Join the waitlist for early access.
See it in action
From exposed prompt to safe AI response in seconds.
01
Without PrivacyLayer
02
Extension detects PII
03
Safe prompt sent
04
Real answer back
“Every time we use AI for a real case, someone has to manually strip out the names, IBANs, and insurance numbers first. That's 10 minutes of friction before every single task. If PrivacyLayer removes that, it's gone instantly.”
Sandra
Operations · Healthcare, Zurich
How can you be sure your data stays private?
All scanning, redaction, and encryption happens in JavaScript in your browser tab. Open the Network tab - zero outgoing requests with personal data. No backend. Not a promise - a technical guarantee you can verify yourself.
Data flow
The AI model (greyed) receives only anonymized text - it operates inside the same pipeline as any other vendor.
What we detect and protect
Compliance
Built for the regulatory reality of enterprise AI.
Every regulation that governs personal data - HIPAA, GDPR, the EU AI Act, Swiss DSG - shares one requirement: don't expose it unnecessarily. PrivacyLayer enforces that at the prompt level, before data reaches any model.
EU AI Act
Article 10 requires AI deployments to avoid processing unnecessary personal data. PrivacyLayer strips it before the model ever sees it - making compliance automatic.
HIPAA Safe Harbor
All 18 HIPAA identifiers detected and replaced. De-identified output is not PHI and can be sent to any AI provider without violating HIPAA.
GDPR Article 4
No personal data leaves your device. GDPR only governs personal data - anonymized data is out of scope. PrivacyLayer anonymizes before transmission.
Swiss DSG / nDSG
Built with Swiss data standards in mind. AHV numbers, CH-IBANs, and Swiss address formats are detected by default.
Also relevant for teams working under CCPA, SOC 2, ISO 27001, and PCI-DSS requirements.
For developers
If you build AI-powered apps, PrivacyLayer drops into your existing code in one line.
import { wrapLanguageModel } from "ai";import { privacyLayer } from "privacylayer";// Before - personal data goes straight to the modelstreamText({ model, messages });// After - one line. Zero personal data leaves your app.streamText({model: wrapLanguageModel(model, privacyLayer()),messages,});