Security & architecture
Detection happens where the prompt is written.
By the time a prompt reaches an external service, the exposure has already happened. So InputGuard checks it in the browser first — browser-native AI DLP with local detection, metadata-only audit records, and no prompt content stored by default.
Free for individuals • per-device pricing for organizations
- Detection on device
- Metadata-only audit
- Browser-native AI DLP
- No prompt content stored
- No continuous scanning
Architecture
Browser-native by design.
Input is scanned where it's written, the policy decision is made on the device, and audit records describe what happened — Data Loss Prevention controls without sending prompt content away to be inspected.
AI tool input
Paste, prompt, or text attachment
Local detection
Secrets & PII matched on-device
Policy decision
Warn · guide · redact · block
Central management
Policy rollout, devices, audit metadata
Sees what happened — site, category, action — not the prompt text.
Where detection happens
Most tools inspect after the data leaves. InputGuard checks before.
Traditional DLP was designed around email, files, endpoints, and network traffic. AI tools introduced prompts, uploads, and browser workflows as a new path for sensitive data to leave. InputGuard extends Data Loss Prevention controls into those workflows, before the exposure.
By the inspection point, the content has already left the browser — the exposure happened first.
Nothing leaves the browser to be scanned. Detection and the policy decision both happen on the device.
What it touches
Clear about what is analyzed — and what is never kept.
Scanning reads input in the moment to find sensitive values — that's not the same as storing it. InputGuard does the first, not the second.
Analyzed locally, in the moment
- Pasted text on protected AI sites
- Prompt text at submit time
- Supported text attachments (TXT, CSV, JSON, Markdown, logs)
Never stored by default
- Prompt text
- Pasted content
- Attachment contents
- Full sensitive values
- Full URLs
Metadata-only auditing
An audit trail that describes events, not content.
The record answers what happened — which site, what category, how many matches, which action — without ever including the sensitive value itself.
- Site origin / domain
- app.aitool.com
- Detected categories
- Credential
- Match count
- 1
- Policy action
- Redact
- Redaction status
- Applied
For organizations
Centralized control with the same privacy posture.
The portal is an optional management layer. It changes who manages policy and sees audit metadata — not where detection happens or whether prompt content is uploaded.
Managed deployment
Each OS gets a deployment package — a macOS configuration profile, a Windows registry policy, or a Linux managed policy JSON, plus an enrollment script — built on standard Chrome enterprise policy, so rollout fits your existing MDM and endpoint tooling.
Policy, not surveillance
Controls govern which sites are protected and how InputGuard responds — not what employees write.
No remote code execution
The extension never downloads or runs remote code. Detection logic ships inside the extension.
Clear cloud boundary
Cloud services handle policy, device, and audit-metadata workflows — they don't replace local detection or collect prompt content.
Visibility you can defend, privacy you can explain.
Protect your own AI input, or bring the same protection to your whole team.
Free for individuals • per-device pricing for organizations