What does SOWA Privacy do?

SOWA Privacy is a Chrome extension that detects and replaces sensitive data in AI prompts locally – in your browser – before the prompt reaches ChatGPT, Claude, Gemini, or any other AI tool.

Is SOWA Privacy free?

Yes. The Starter plan is free forever and includes 30+ regex patterns, basic NER detection, and TXT file scanning. Pro (4.99 EUR per month), Business (7.99 EUR per user per month), and Enterprise (custom) unlock additional features.

Which AI tools does SOWA Privacy work with?

SOWA Privacy works with ChatGPT, Claude, Gemini, Microsoft Copilot, Grok, Perplexity, HuggingFace Chat, and any self-hosted OpenAI-compatible interface.

Is SOWA Privacy GDPR compliant?

SOWA Privacy is designed for GDPR compliance. All detection runs locally in the browser, no prompt data is transmitted to SOWA servers, and the source code is open-source under MIT license for full auditability.

Does SOWA Privacy send my data to any server?

No. Detection runs entirely in your browser using local regex, ONNX-based NER models, and optionally local LLMs. Only the placeholder-replaced prompt is forwarded to the AI provider you choose.

FAQ | SOWA Privacy

Does SOWA Privacy store my data?

Detection and replacement run locally inside your browser. We don’t operate servers that receive your prompts. Sensitive source data stays on your device; the placeholder-replaced prompt is forwarded to the AI provider you choose. Optional audit logging on Business and Enterprise plans is hashed locally and shipped only to the server you nominate – not to ours.

Which AI models does the solution work with?

SOWA Privacy is provider-agnostic. It works as a Chrome extension that intercepts text in the input fields of common web-based chatbots like ChatGPT, Claude, and Gemini, replacing sensitive entities with placeholders before the prompt is submitted. No API integration or DNS change is required.

How is the data anonymized?

Sensitive data classes (such as names, addresses, IBANs, medical diagnoses) are detected by local machine-learning models on the device and replaced with neutral placeholders (e.g. [PERSON_1]) before the prompt is sent. The mapping between original values and placeholders is stored locally so the AI's response can be re-personalised in your browser. This is pseudonymisation under GDPR Art. 4(5): the source data never leaves the device, but it remains reversible there.

What is the difference between Starter and Enterprise?

We provide the basic anonymization as open-source to ensure absolute transparency. The Enterprise plan additionally offers Single Sign-On (SSO), central policy management for the entire organization, and audit reporting.

Does SOWA Privacy support GDPR-conscious AI usage?

SOWA Privacy is designed to support GDPR-conscious AI usage. Detection happens locally in the user’s browser, and sensitive content is replaced with placeholders before transmission to the AI provider. Re-identification requires the local mapping dictionary, which stays on the user’s device. We sign DPAs and provide compliance documentation on request. Compliance ultimately depends on your organisation's controls; we provide the technical building blocks.

Does SOWA Privacy affect my browser’s performance?

SOWA Privacy is optimized for minimal resource usage. The local ML models are compact and run efficiently in the browser. Anonymization happens in real time – typically in under 100 milliseconds – so you won’t notice any perceptible difference during use.

How quickly can SOWA Privacy be deployed?

The Starter plan can be installed as a Chrome extension in minutes – no server setup or IT department required. For the Enterprise plan, we offer a guided implementation with SSO integration, policy configuration, and employee onboarding, typically completed within 1–2 business days.

Can I define custom anonymization rules?

Yes. In the Enterprise plan, administrators can centrally configure industry-specific data classes, custom detection patterns, and exception rules. This allows you to specifically protect internal project names, customer numbers, or medical terminology, for example.

Why do you say "anonymization and pseudonymization"?

Both happen, depending on the workflow. When a placeholder replaces sensitive content and the original-to-placeholder mapping is kept on the user’s device – so the AI's response can be re-personalised in your browser – the operation is pseudonymisation under GDPR Art. 4(5): reversible by the holder of the dictionary, but only locally. When a value is replaced and discarded with no mapping retained, the operation is anonymisation. We use both terms because the technical reality differs by use case, and we’d rather be precise than market a single buzzword.

How does SOWA Privacy actually work in my browser?

SOWA Privacy operates in two modes. Mode A – In-browser intercept: on supported chatbot sites (ChatGPT, Claude, Gemini), the extension watches what you type, runs detection locally, and replaces sensitive entities with placeholders before the message is submitted. The mapping is held in your browser so the response can be re-personalised on its way back. Mode B – Built-in chat with your own API keys: the side panel can send already-anonymised text directly to AI APIs (e.g. OpenAI, Mistral) using keys you provide and store locally. In both modes, detection runs in the browser and the source data does not leave your device.