100% on-device · no telemetry

Stop pasting secrets into ChatGPT & other AI chats.

PasteGuard is a free Chrome extension that warns you before your clipboard hits ChatGPT, Claude, Gemini, Copilot, DeepSeek, Perplexity, Grok, or Mistral. Detection runs locally on your device. The text never leaves your browser.

Install free Chrome · Edge · Brave See detection rules →
Free forever (core) Open-source detection No account needed
Sensitive data detected
Review before pasting into ChatGPT.
AWS access key
AKIA••••••••••••MPLE
Why was this flagged? Ignore for this session Add to allowlist
Anthropic API key
sk-ant-••••••••••••••••cdef
Why was this flagged? Ignore for this session Add to allowlist
US Social Security Number
123-•••-6789
Why was this flagged? Ignore for this session Add to allowlist
Cancel
Redact and continue
Send anyway
The problem

Cyberhaven measured 11% of ChatGPT pastes as confidential. Two years later, individual workers still have nothing.

Source: Cyberhaven, "What we learned from analyzing 1.6M workers' ChatGPT use," 2023. Pasted content included source code, customer records, regulated data, and confidential business material. Enterprise DLP exists, costs hundreds per seat, and itself routes the secret through a third-party cloud.

How it works

Three detection layers.

Zero data leaves your browser.

PasteGuard runs entirely inside your Chrome tab. When you paste, type, or click Send, it scans the text in milliseconds and surfaces what looks sensitive before it goes to the AI.

Regex layer, 25 detectors

  • API keys: Anthropic, OpenAI, AWS, Stripe, GitHub, npm, plus 15 more
  • Personal info: SSN, credit card, IBAN, US passport
  • Cryptographic: private keys, JWTs, webhook secrets

About 10 ms scan. Near-zero false positives.

Your own rules

  • Healthcare: patient record numbers, NPI
  • Legal: case numbers, client matter IDs
  • HR: employee codes, payroll references
  • Sales: customer account IDs, deal codes

Add a pattern in 30 seconds. Live tester verifies before saving.

Semantic layer Pro

  • Customer names mentioned in context
  • Internal codenames (Project Falcon, Atlas, etc.)
  • Confidential signals: pricing, salary, M&A, layoffs

Uses Chrome's built-in Gemini Nano AI. Runs on your laptop.

Supported sites

Works on every major AI chat.

  • ChatGPTchatgpt.com
  • Claudeclaude.ai
  • Geminigemini.google.com
  • Microsoft Copilotcopilot.microsoft.com
  • DeepSeekchat.deepseek.com
  • Perplexityperplexity.ai
  • Grokgrok.com, x.com/i/grok
  • Mistral Le Chatchat.mistral.ai
Detection coverage

25 detectors out of the box.

Family What it catches Count
AI vendor keys Anthropic, OpenAI (legacy/proj/svc), Google AI, HF, Replicate, Groq, Perplexity, OpenRouter 10
Cloud / infrastructure AWS access & secret keys, PEM private keys, DB connection strings, Google service accounts 5
SaaS / developer tokens Stripe key & webhook, GitHub PAT & fine-grained, Slack, npm, JWT 7
Identity & financial PII US SSN (formatted + context-aware), credit card (Luhn-validated), IBAN, US passport 4
Generic + custom High-entropy heuristic, custom user-defined regex patterns
Try it yourself

Paste something below.

Detection runs right here on this page.

Same detector as the extension. Same modal. Same masking. The text you type never leaves this tab, just like in the real product. Click a sample or type your own.

Sample inputs
Or type / paste your own
0 characters · 0 findings
Privacy stance

The privacy story is the product.

Most "DLP for AI" tools route your text through their own cloud to classify it. Which means your secret is now in two places instead of one. PasteGuard runs everything on your device. We can't see your text. We don't want to.

Verified at build time

Zero outbound network calls from PasteGuard's code.

No telemetry
Not even anonymous error reports. We don't know you exist.
No cloud classifier
The 25 detectors are regex. The semantic layer uses Chrome's local Gemini Nano. Nothing crosses the network.
No account required
Install. Use. Done. No sign-up wall, no email, no tracking pixel.
Open-source detection rules
Every regex pattern and every semantic prompt is published on GitHub. Audit yourself.
Audit log stays local
The "N pastes scanned" counter lives in chrome.storage.local. It stores counts only, never the text.
Uninstall = clean slate
Remove the extension and every byte we stored goes with it. Chrome handles cleanup automatically.
Not just keys

Customer records, internal codenames, salary references.

If you work in customer success, legal, HR, or finance, your sensitive data isn't an API key. It's a name, a case number, a comp band, a deal codename. PasteGuard catches those too.

  • Custom regex for industry-specific IDs (MRN, case number, employee code)
  • Allowlist legitimate customer names you reference often
  • Semantic layer flags codenames and confidential signals (Pro)
Sensitive data detected
Review before pasting into Claude.
You typed: "Help me write a follow-up email to Sarah Chen at Globex Industries (account #GBX-4521). She mentioned the Project Atlas pricing of $89k/seat. Compensation review for her team is set at $145k base + 0.3% equity."
Customer record
"Sarah Chen at Globex Industries (account #GBX-4521)"
Why? Ignore for this session
Internal codename + pricing
"Project Atlas pricing of $89k/seat"
Why? Ignore for this session
Compensation reference
"$145k base + 0.3% equity"
Why? Ignore for this session
Cancel
Redact and continue
Send anyway
Pricing

Free forever for the basics. Pro for the rest.

The core product, modal warnings on every site with the most common secret types, is free. Always will be. Pro adds the modern AI-vendor keys and the semantic layer.

Free
$0 forever

Everything you need to stop the obvious leaks.

  • All 8 AI chat sites supported
  • 18 core detectors (SSN, credit card, AWS, GitHub PATs, Stripe, Slack, JWT, PEM, IBAN, npm, Google service account, plus more)
  • 5 custom regex rules
  • 10 allowlist entries
  • Balanced sensitivity profile
  • Modal with Cancel / Redact / Send anyway + per-finding Ignore + Add to allowlist
  • 7-day rolling audit log (counts only)
Install free
Most popular
Pro
$4.9939 / month/ year

Built for developers and AI-power-users.

  • Everything in Free
  • 7 modern AI vendor key detectors (Anthropic, OpenAI, Google AI, Hugging Face, Replicate, Groq, Perplexity, OpenRouter)
  • Semantic layer: Gemini Nano detects customer names, codenames, confidential signals
  • Unlimited custom regex rules + allowlist
  • Loose + Strict sensitivity profiles
  • Full audit log viewer + CSV export
  • Settings export / import + pause-for-1-hour
  • Priority email support
Install & upgrade
FAQ

Questions worth asking before you install.

How do I verify nothing actually leaves my browser?

Open Chrome DevTools → Network tab → filter by the extension ID. Paste anything sensitive. You'll see zero outbound requests. Our manifest declares no host_permissions for any remote origin. Only the 8 AI chat sites the content script runs on, and we never send their contents anywhere. The detection rules are published at github.com/Matteo-Coder2/pasteguard-rules so you can audit exactly what we look for.

Will this slow Chrome down or break ChatGPT?

Cold-start payload is 44 KB (14 KB gzipped). Detection runs in under 20 ms on a typical paste. The modal's React tree only loads when a finding actually triggers. Most pastes pay zero cost. We hook the paste event at the document level (not site-specific selectors), so when ChatGPT redesigns their UI, PasteGuard keeps working.

It's free. What's the catch?

The core (18 detectors, all 8 sites) is free forever. Not a 14-day trial. We make money from Pro ($4.99/mo) which adds the modern AI-vendor key detectors and the on-device semantic layer. We literally cannot sell your data because nothing leaves your device. No telemetry, no analytics, no account required. Full stop.

Why not just use Cyberhaven, Nightfall, or another DLP?

Those are enterprise tools sold with annual contracts. Most importantly: they're cloud DLP. To classify your text they route it to their servers, which means your secret is now in two places instead of one. PasteGuard is on-device, no contract, designed for the individual worker without a corporate IT department. We're not the right tool for SOC2-compliant orgs; for everyone else we're more truthful about the privacy model.

What about files, images, drag-and-drop, and voice input?

Out of scope for v0.1. PasteGuard intercepts paste, typed-text-then-Enter, and Send-button clicks. If you drag a screenshot of a customer dashboard into ChatGPT, we don't scan the image. If you dictate a customer name via voice, we never see it. If you attach a PDF, it goes straight to the AI service. We're a smart safety net for keyboard/clipboard input. Not a full compliance product. Combine with judgment.

I work in a regulated industry. Will it catch my specific identifiers?

Out of the box, the 25 built-in detectors cover the universal "secret-shaped" things: API keys, SSNs, credit cards, IBANs, PEM keys, etc. For industry-specific patterns. Medical record numbers, court case IDs, employee codes, CUSIP/ISIN security IDs. You add a custom regex rule in Options. The live tester verifies the pattern before saving. For HIPAA/SOX/GLBA compliance you still need a real DLP; PasteGuard is a personal safety net, not a compliance certification.

Why does it need permission for x.com?

Grok opens as a sidebar inside x.com that can appear on any URL (a tweet, a profile, the timeline). To protect that sidebar, the content script has to load on every x.com page. But the actual scanning is gated to composers with Grok-specific markers. Tweet drafts and reply boxes are explicitly ignored. We never read their contents. The full caveat is in our privacy policy.

What if I paste the same customer name 50 times a day?

Click "Add to allowlist" on the row once. We won't flag that exact text again on any site. Or click "Ignore for this session" for a one-tab pass. There's no nag, Pro is mentioned once in the Options page and never interrupts a paste flow.

Does the semantic layer work on every computer?

It requires Chrome 138+ and either a discrete GPU with more than 4 GB VRAM, or 16+ GB of RAM with a modern CPU. About 22 GB of free disk is also needed for Chrome's local AI model. On unsupported hardware, the 25 regex detectors still work. Only the AI-based detectors (customer name, codename, confidential signal) degrade. The extension is honest about which detectors are unavailable on your machine.

What happens if PasteGuard gets acquired or shut down?

The detection rules are MIT-licensed and live in a public GitHub repo. They survive us. The extension binary lives on Chrome Web Store and stops getting updates if we abandon it; you can still use the last-published version. We have no plans to sell to a data-mining company; if that ever changes, the rules repo is the fork-friendly escape hatch.

Can my employer or IT detect that I have this installed?

Yes. Managed Chrome installations can list installed extensions by ID. We don't hide. If your organization has an extension allowlist and PasteGuard isn't on it, ask IT to add the extension ID. We're not designed for stealth use against employer policy.

Be the first to install.

We're in Chrome Web Store review now. Drop your email and we'll send one message the day PasteGuard goes live. No spam, no newsletters, no retargeting pixels.

Free forever for the core. Pro tier joins the same waitlist.