Catch what shouldn't be sent. Hide what shouldn't be seen.

A local browser extension. On AI chats, it catches API keys, passwords, and private URLs before you press send. Anywhere else, the Visual Redactor redacts elements, text, or any screen region — for the moments you're about to screenshot or share a screen.

100% local. Your prompts never leave your browser.

Install free See how it works
chatgpt.com — Redactopia active
Prompt
Matches Live

Works where you already chat with AI

ChatGPT
Claude
Gemini
Perplexity
Poe

Coverage varies a little by browser. And you can add any other AI site yourself — more below.

The Redactopia Advantage

Built for you. Not for someone else's database.

Many prompt scanners ship your text to a server first. Redactopia doesn't. The scan happens on your machine, runs in the same instant you press send, and never leaves the page.

See the privacy details →

How it works

Three small steps. All of them in your browser.

An illustration of Redactopia intercepting a prompt that contains sensitive data.
Prompt
Send the production key sk_live_4eC39H to noah@example.com
Sensitive data detected · 2 items
Redact all Send anyway

  1. Type normally.

    Redactopia watches the composer as you write. No interruptions, no slowdown.

  2. Get warned.

    Risky bits get outlined right in your prompt as you type, with a running count in the corner. Try to send with something sensitive still there and a warning steps in before it leaves.

  3. Decide.

    Redact each match to a clear label, edit yourself, or send the original anyway. Always your call.

Detect

Spot sensitive data before it slips out

  • Catches emails, phone numbers, IDs, API keys, tokens, secrets, bank details, and sensitive URLs — 22 categories in all.
  • Fires the moment you press send. Not buried in a settings menu somewhere.
  • The warning shows up right where you were already working. No new tab, no context switch.
  • Tune detection per site (Pro). Turn categories on or off for one AI site without touching the others — two tabs can even run different rules at once.
Prompt scan
My email is dev@company.io and the token is ghp_xxxxxxxxxxxx
Email Token
! 2 sensitive items found. Review before sending.
Review

See what was flagged

  • Every match shows what was found and why, so you can decide quickly.
  • Review, redact, or send anyway, every single time. Your choice.
  • Nothing happens behind your back. No silent rewrites, no auto-anything.
Sensitive info detected
2 items found in your prompt
Email address
dev@company.io
API token
ghp_xxx…xxx
Redact

Replace private details with clean labels — or coherent tokens

  • Turns sensitive text into clean labels. The AI still understands the shape; the original never leaves your machine.
  • Need the AI to keep the thread? Coded mode (Pro) gives each value a consistent token — [EMAIL_1], [EMAIL_2] — so it can still tell two people apart while the real data stays with you.
  • Want to scan or redact something outside an AI chat? Right-click any text, pick "Redact selection with Redactopia," and the side panel handles the rest.
  • Or paste straight into the Redactor card in the side panel. Same result.
Compare two clients — same plan?
Original jane@client.com · john@client.com
Label [email redacted] · [email redacted]
Coded · Pro [EMAIL_1] · [EMAIL_2]

Labels protect the data. Coded protects it and keeps the two people distinct — so the AI still reasons, while the originals never leave your machine.

Visual Redactor

Hide anything on screen before a screenshot

  • Click an element to redact it. Or drag to redact a text selection or any rectangle on the page.
  • Or hit auto-redact — one click scans the whole page and redacts every detected value at once, the same detection that guards your AI prompts.
  • Not sure what's exposed? Review page scans the whole page and lists the sensitive values it finds, so you can redact them before you share your screen.
  • One permission upfront. After that the dock opens on any page, no site-by-site prompts.
  • Redactions come back on reload. The records are stored locally — never anywhere else.
Visual Redactor
Click to redact element username
Drag to redact text confidential
Drag to redact area ████████████
Auto-redact detected ████ ████████
One broad permission · redactions stored locally
Custom AI sites

Works on AI sites we don't ship with

  • Add any AI site by hostname. Same scanner, same warning. With Visual Redactor on, no extra permission prompt; the broad grant already covers it.
  • The send is actually paused, not just warned about. If the auto-detect over-trips on a complex layout, one click on ✦ pins the real send button and the over-trapping goes away.
  • Many popular AI sites are pre-calibrated and apply automatically the moment you add them, so for most sites there's nothing to set up.
Custom AI sites
chat.mistral.ai Auto
pi.ai Auto
your-internal-llm.corp
Auto-covered with Visual Redactor on · calibrate ✦ to pin send

What it catches

Built-in detection categories, each one a pattern with a validator where it matters. And if those don't cover what you need, add your own in the Custom Patterns card.

JWT three-segment base64url, header decode eyJhbGciOiJIUzI1NiJ9…
API keys (vendor prefix) prefix table sk_live_… · ghp_… · xoxb-…
AWS access keys AKIA + 16 uppercase AKIAIOSFODNN7EXAMPLE
PEM private keys header line match -----BEGIN … PRIVATE KEY-----
Passwords key-value heuristic password=… · pass: …
Credentials in token-URLs user:pass@host https://u:p@host/…
Credit card numbers Luhn-validated, 13–19 digits 4242 4242 4242 4242
SSN (US format) ###-##-#### with area-group rules 123-45-6789
Database credentials connection string scheme postgresql://u:p@host/db
Discord tokens three-part base64url MTIz….GcXx.abc…
National ID numbers 15 country formats AB 12 34 56 C · 123-456-789
Crypto wallet addresses BTC base58/bech32 + ETH 0x-hex 0x52908400… · bc1qw508d6… · 1BvBMSEY…
IBAN (bank account) ISO 13616 mod-97 checksum DE89 3704 0044 0532 0130 00
Bank routing numbers (US) ABA, context-anchored + mod-10 routing number: 021000021
Webhook URLs Slack / Discord host + path secret https://hooks.slack.com/services/T…/B…/XXXX
Email addresses RFC-ish user@host.tld
Phone numbers (US) 10-digit, separator tolerant (555) 123-4567
International phone E.164 +[country code][number] +44 7911 123456
Private IP addresses RFC 1918 + localhost 192.168.1.1 · 10.0.0.50
Internal URLs .internal · .local · localhost staging.internal
Secret-like strings (entropy) Shannon entropy, alphabet-aware, context keywords Long random-looking values near “token”, “key”, “secret”
AWS ARNs arn:aws:service:region:account:resource arn:aws:iam::123456789012:user/Bob

Every pattern above — including API keys, entropy-based secrets, and database credentials — is detected for free. No paywall, no account, no upgrade required.

Four promises

Each one verifiable.
Each one local.

01
Before-send protection

Checks happen the instant you press send. You always get a chance to catch leaks before they leave the page.

Active by default
02
Per-site control

Turn protection off on one site without touching the others. Settings save automatically; nothing global to remember to switch back.

03
Hide what's on screen

The Visual Redactor redacts any element, text, or screen region. One permission upfront, no per-site prompts. Redactions persist across reloads.

04
Only the sites you allow

No background access to unrelated tabs. AI-chat protection runs only on sites Redactopia ships with or ones you add.

Private by design.

Nothing about your prompts leaves your browser. No history. No telemetry. No accounts. No identifiers.

Read the full privacy policy →

Everything essential stays free

Free forever for the protection that matters. Pro lifts the limits for power users.

Free For everyone
$0 forever

Essential privacy protection, free for good.

Install free
Most popular
Pro For power users
$3.99 /mo

Unlimited everything.

Get Pro
What's included Free Pro
AI-chat protection on all supported sites
All 22 detection categories (entropy, API keys, secrets)
Per-finding selective redaction
Sidepanel Redactor + right-click redact
Visual Redactor — element redaction
Visual Redactor — text redaction 3 previews Unlimited
Visual Redactor — area redaction 3 previews Unlimited
Visual Redactor — auto-redact (wand) 3 previews Unlimited
Custom detection patterns Up to 5 Unlimited
Custom AI sites Up to 3 Unlimited
Coded redaction — consistent tokens like [EMAIL_1]
Per-site detection rules — each AI site its own settings
Custom redaction labels — edit inline on the page

Frequently asked

The questions we hear most. Short answers.

No. The scan runs entirely in your browser. Your prompts aren't sent to us, aren't stored anywhere, aren't shared with anyone. The only network request the extension ever makes is an optional Pro license check, and it never includes your prompts.

Chrome and Edge are both first-class and nearly identical. There's one Chrome-only AI site; the Copilot question below covers why. Firefox isn't supported yet — it uses a different extension API, so it needs its own build, which we haven't shipped. It's on the roadmap, with no firm date yet.

Add them yourself. Open the side panel → Custom AI sites → type a hostname. If the Visual Redactor is on, the broad permission already covers it and no extra prompt appears. If it is off, your browser asks for that site specifically. Once added, the same scanner and warning modal apply there too. If the warning fires on the wrong button (some sites have complex layouts), click the ✦ next to the site and pin the real send button. If a site later changes its layout and that calibration goes stale, Redactopia flags it — the on-page counter gets louder and a ⚠ appears on the site's side-panel row — so you can re-pin it instead of being falsely confident.

No. The scanner runs on a debounced check, not on every keystroke, so typing stays smooth in normal use.

A warning modal pops up over the page with the matched items called out. Four buttons: redact every match to a clean label, review and edit yourself, open the Redactor side panel for deeper edits, or send the original anyway. You're never blocked, only paused.

Yes, on the Chrome build. Copilot is a Microsoft product, and Edge, also Microsoft, doesn't allow third-party extensions to run on Microsoft's own pages. That's a platform rule that applies to all extensions equally, not something Redactopia-specific. If you want Copilot coverage, use Chrome. Everything else works the same in both builds.

It's on the roadmap. The goal is to publish the source so anyone can verify the privacy claims and build their own copy. No firm date yet — we'll announce when it's ready. The built extension bundle is already inspectable in your browser's extension folder.

Yes. Custom Patterns let you write your own regex-based checks, useful for org-specific stuff like internal ticket IDs or employee codes. They're stored locally — with an optional toggle to sync them across your own devices through your browser's own sync — and run alongside the built-in detectors. There's also a Browse library button with a growing set of starter patterns for common shapes if you don't want to start from scratch.