Most "private AI" stories end with a footnote: your data is encrypted in transit, processed on our servers, and deleted within 30 days. That's still a story about someone else holding your data. SOWA Privacy was built around a different premise — if the sensitive part of a prompt never has to leave your machine, the safest place to anonymize it is right where you typed it.
Here is what that looks like in practice, and how the four pieces fit together.
1. A client-side security layer, not another cloud
SOWA Privacy is a browser extension. There is no SOWA proxy your traffic flows through, no managed cluster doing the masking, no API your IT team has to whitelist. The detection model, the placeholder mapping, and the un-masking all run locally, inside the extension, inside your browser tab.
That design choice is the whole product. A privacy tool that ships your prompts to a third party for "processing" has merely moved the trust boundary; it hasn't shrunk it. We wanted a layer that could honestly say we never see your data — and the only way to say that is to not be in the data path at all.
2. Local real-time analysis
As soon as you start typing into ChatGPT, Claude, Gemini, or any other supported chatbot, SOWA Privacy reads the text inside the page and runs a local detection pass over it. The text never reaches our servers because there are no servers to reach — the models live inside the extension and execute on your device.
The practical effect: there is no upload-then-anonymize round trip. By the time a sensitive token is recognized, the masked version is already on its way into the input field, ahead of the send button.
3. Automated anonymization with neutral placeholders
Detection covers the categories that get teams into trouble: personal names, email addresses, phone numbers, IBANs and account numbers, addresses, identifiers like patient or case numbers, and health-related terms. Each match is swapped for a neutral placeholder — [PERSON_1], [ACCOUNT_2], [DIAGNOSIS_3], and so on — and the mapping between placeholder and original is kept locally for the duration of the conversation.
The placeholder format is deliberately boring. The model on the other side still gets enough structure to reason about a person, an account, or a diagnosis, and to produce a useful answer, without ever seeing the underlying value.
If anonymization happens on a server, the server saw the data. SOWA Privacy is local-first because there is no other way to credibly say "we don't have it."
4. Provider-independent by design
Because SOWA Privacy works on the page in your browser, it doesn't care which AI is at the other end. ChatGPT, Claude, Gemini, and the other chatbots we support don't need to be modified, don't need a custom API key, and don't need to know SOWA exists. The same extension protects you across all of them.
That matters when teams rotate between providers, when a single user keeps three tabs open for different tasks, or when an organisation wants to standardise on a privacy layer without standardising on a single AI vendor.
5. Seamless de-anonymization on the way back
An answer full of [PERSON_1] tokens would be unreadable. So when the AI responds, SOWA Privacy looks at the reply as it arrives in the page and reverses the substitution: each placeholder is swapped back to the original value, locally, before you ever see it. The user-facing experience is identical to using the chatbot directly — only the data flow has changed.
The original names, numbers, and details exist in two places: your screen and your machine's memory for the session. They do not exist on the AI provider's servers, and they do not exist on ours.
Why we built it this way
Three constraints shaped the architecture:
- No setup. Install the extension, open a chatbot, start typing like usual.
- No cloud. The fewer parties that touch a sensitive prompt, the fewer parties can leak.
- No compromise. The replies you read are as useful as the ones you would have gotten without protection thanks to the placeholders.
You can see the full walkthrough on the How it works page, or jump straight to installing the extension and trying it on your next prompt.