Never accidentally paste sensitive data into AI again.

Redact AI is a Chrome extension that finds names, addresses, phone numbers, secrets and card numbers in the box you’re about to paste into ChatGPT, Claude, Gemini or Copilot, and replaces them with placeholders. The model and the rules run inside your browser. The text never reaches our servers, because we don’t have any.

Chrome Web Store Try the live demo

The problem

You are pasting everything into the model.

The fastest way to get an AI answer is the fastest way to leak information. Customer emails, support transcripts, SQL with primary keys, a CV with someone’s home address, a Stripe key in a stack trace. It all goes through the same composer, every day, by everyone.

01

The composer is a doorway.

Once a draft hits “Send” it leaves the device. Provider terms vary, retention varies, training-eligibility varies, jurisdictions vary. The only universally safe assumption is: what you sent, you sent.

02

People can’t self-redact at speed.

Manual scrubbing is slow, boring, and the failure mode is silent. Eventually the one time you forget is the time it matters: a phone number in a screenshot description, a token in a curl example, a co-worker’s legal name in a draft message.

03

“Just don’t paste sensitive things” fails.

Policy is not a control. Without a tool that runs before the network call, every keystroke is one hurried Cmd-Enter away from a regrettable disclosure.

How it works

Local AI detection. Zero outbound prompts.

Redact AI is a small local AI model that caches to your browser and runs on your own CPU to scrub PII. The model and its rules run entirely in your browser — no data ever leaves your machine.

  1. You write your prompt.

    The extension reads the composer text on click or AltShiftR. Up to 32,000 characters per draft. 

    Hey ChatGPT, can you rewrite this for our customer
Sarah Chen at sarah.chen@acme.io?
Her account is 4242 4242 4242 4242
and a friendly tone please.

  2. Your draft is rewritten in place.

    A small lightweight model runs using your own CPU so data never leaves your machine. It detects and replaces PII in a single pass.

    Each span becomes a typed placeholder so the model still has structural signal: [REDACTED:person], [REDACTED:email], [REDACTED:card]. You review, edit, then send. 

    Hey ChatGPT, can you rewrite this for our customer
[REDACTED:person] at [REDACTED:email]?
Her account is [REDACTED:card]
and a friendly tone please.

Try it now

Paste anything. Watch the rule layer work.

This page runs the same deterministic rule engine bundled in Redact AI, directly in your browser tab. The full extension also runs the ONNX privacy model on top, which catches additional prose-style entities.

Input · your draft 0 chars

Nothing is uploaded; processing stays in this tab. Try the seeds below or paste your own.

Output · what would be sent 0 redactions

    Where it works

    Two surfaces. The chat box, and the PDF.

    A

    Chat composer

    Floating Redact button + global shortcut, on the four major hosts.

    ChatGPT Claude Gemini · AI Studio Microsoft Copilot
    • Inline review before send. Edit any placeholder back if needed.
    • ProseMirror-aware: writes back into the editor model so undo, formatting and cursor stay sane.
    • Progress shows on the button label, never as toast spam. ChatGPT stays smooth even during the first model download.
    B

    PDF redactor

    Open from the popup. Scan the text layer, pick what to keep, export a flattened redacted PDF.

    • Per-page scan with toggleable findings before you export.
    • Exported PDFs are visually flattened: text under the bar isn’t recoverable from the file’s text layer.
    • Ships with pdf.js standard fonts and CMaps, so Helvetica-style and CJK PDFs extract reliably.

    What we catch

    The rule layer, on the record.

    Below is the deterministic side. Each row is a real rule from the extension’s bundled rule engine. The model on top adds prose detections (people, organisations, places) the rules can’t reasonably express.

    Category Sample input Placeholder
    Email alex.johnson@acme.io [REDACTED:email]
    URL-encoded email user%40example.com [REDACTED:email]
    Phone, Australian +61 400 123 456 / (02) 9123 4567 [REDACTED:phone]
    Phone, US / general (415) 555-2671 [REDACTED:phone]
    Phone, UK +44 20 7946 0958 [REDACTED:phone]
    Credit card (Luhn-valid) 4242 4242 4242 4242 [REDACTED:card]
    Account / 4-4-4 ref 1234-5678-9012 [REDACTED:account]
    SSN shape 123-45-6789 [REDACTED:ssn]
    Australian Business Number 12 345 678 901 [REDACTED:abn]
    IPv4 address 10.0.42.7 [REDACTED:ip]
    Stripe-style secret sk_live_51HabcDeFG… [REDACTED:secret]
    JWT bearer token eyJhbGc.eyJzdWI.SflKxw… [REDACTED:secret]
    ISO date 2026-05-15 [REDACTED:date]
    Written date + zone 06 May 2026, 18:15 AEST [REDACTED:date]
    Driver licence shape A1234567 [REDACTED:license]
    Passport book number B12345678 [REDACTED:passport]
    Person, prose Dr. Sarah Chen [REDACTED:person]
    US street address (one-line) 221 Baker St, Brooklyn, NY 11201 [REDACTED:address]
    Card expiry · CVV (labelled) exp 09/27 · CVV 123 [REDACTED:card_exp] [REDACTED:cvv]
    Internal account / employee ID ACC-204519-K · E-10453 [REDACTED:account] [REDACTED:employee_id]

    On top of this, the ONNX model emits BIOES-tagged spans for free-form names, organisations, locations and dates. Where a model span and a rule span overlap, the merger collapses them to a single placeholder so the same fact isn’t double-redacted.

    Privacy posture

    Where your text goes (and where it doesn’t).

    You Composer · PDF Offscreen doc Model + rules You Redacted draft
    OpenAI Anthropic Google Microsoft Your draft text never reaches any of these.

    • The model runs in your browser.

      Inference runs in a Chrome MV3 offscreen document via ONNX Runtime Web — no background API call, no server.

    • Model weights only — your text never goes to a server.

      On first launch, model weights download into IndexedDB. That is the only network call. Your text never leaves the device.

    • Rules and model ship inside the extension.

      The rule layer and the detection pipeline are part of the package you install. No external dependencies at redaction time.

    • It is a redaction aid, not a guarantee.

      Detection can miss or over-mask. Review the output before sending. The button puts the human back in the loop on purpose.

    Get it

    Install in a minute. First redaction in seconds.

    Redact AI is distributed only through the Chrome Web Store. The first launch may download model weights into IndexedDB; after that, redactions stay local and fast.

    1. 1

      Install from the Chrome Web Store

      Open the store listing for Redact AI and click Add to Chrome. A direct install link will be added here once the listing is live.

    2. 2

      Pin it on your toolbar

      Use the puzzle icon in Chrome to pin Redact AI so the popup (including Open PDF redactor) stays one click away.

    3. 3

      Try it on a real chat

      Open ChatGPT, Claude, Gemini or Copilot. Click the floating Redact control, or hit AltShiftR. The button label shows weight-download progress on first use.