Privacy & Security

Privacy model

InputGuard is browser-native AI DLP built so scanned prompt, paste, and file contents stay in the browser. Here is exactly how that works.

Detection runs locally

InputGuard scans content inside the browser, on the device, before anything is submitted to an AI tool. It inspects:

  • Pasted text
  • Prompts
  • Text attachments

Detection happens locally. The matching logic and policy evaluation run in the extension itself, not on a server.

Scanned content is not uploaded

Organizations do not receive the content InputGuard scans. That means they do not receive:

  • Prompt text
  • Pasted content
  • File contents
  • Full sensitive values
  • Full URLs, query strings, or URL hashes

The scanned content stays on the device

Because detection is local, prompt text, pasted content, and file contents are not transmitted to InputGuard or to your organization for scanning. Managed audit upload can include event metadata and, when required, locally redacted justification text.

Metadata visibility

So administrators can understand risk and enforce policy, organizations may receive metadata about a detection rather than the scanned content. Metadata can include:

  • Detection category (for example, “credit card” or “API key”)
  • Action, outcome, severity, and match counts
  • Site hostname or domain, without full URL paths or query strings
  • Device and installation information
  • Policy source and version
  • Attachment counts, file types, and skip reasons
  • Timestamps
  • Locally redacted justification text when a policy requires a reason

For the precise list of what is and isn’t stored, see What data is stored and Audit metadata.