Security | SOWA Privacy

Data flow at a glance

SOWA Privacy is a Chrome extension. The path your text takes when you use a supported AI chatbot:

You type into the chatbot's input field.Text never leaves the browser at this stage.
The extension's content script reads the input and runs detection locally.Regex + a local NER model executed in your browser via WebAssembly / WebGPU.
Detected entities are replaced with neutral placeholders (e.g. [PERSON_1]).The original-to-placeholder mapping is stored in chrome.storage.local on your device.
The placeholder-replaced prompt is submitted to the chatbot's normal endpoint.The AI provider sees only the anonymised text. SOWA Privacy does not sit between you and the provider as a network proxy.
When the AI's response arrives, the extension re-personalises placeholders in your browser using the local mapping.You read the response with the real names; the AI provider never saw them.

For optional audit logging on Business and Enterprise plans, action records are hashed locally and shipped only to a server you nominate (your own infrastructure or a tenant we host for you under contract). They are not sent to a SOWA-operated central log.

Browser permissions and why each is needed

Manifest V3 Chrome extension permissions, with the rationale per permission:

activeTab — read content of the currently active tab so detection can run on the input field you're typing in.
scripting — inject the content script that watches input fields on supported chatbot sites.
storage — save your settings, mapping dictionary, and (optionally) audit log entries locally in your browser.
tabs — identify which chatbot site you're on so the right adapter is loaded.
contextMenus — provide right-click options for ad-hoc anonymisation / re-personalisation of selected text.
downloads — let you export anonymised documents, dictionary entries, and audit logs to your device.
sidePanel — render the extension's side panel (used by the optional built-in chat with your own API keys).
windows — manage extension popup / panel lifecycle.

The content script declares <all_urls> so detection can be available on any AI chatbot you use, including future ones we add support for. Permissions are static, declared in the public Manifest, and observable in chrome://extensions/?id=….

Optional customer-controlled audit logging

Audit logging is opt-in on Business and Enterprise plans and tracks actions, not chat content. Examples of what goes into a record:

"scan performed on chatbot.example.com"
"file redacted (PDF, 12 entities)"
"dictionary entry exported"

What it does not contain: prompt text, AI response text, original sensitive values, or placeholder mappings.

Records are hashed locally before transmission to the server you nominate. Enterprise customers may host the audit-log endpoint inside their own compliance perimeter so SOWA Privacy never touches the data path.

Known limitations

We'd rather be specific than confident. Things SOWA Privacy does not do or cannot guarantee:

False negatives are possible. No NER model achieves 100% recall on every entity type, language, or formatting variant. We tune for precision and continually improve coverage; we do not promise zero leaks.
False positives happen. Aggressive detection sometimes masks values that aren't sensitive. The user has manual override and an exception list; admins on Business / Enterprise can centrally tune these.
Browser-only. SOWA Privacy works inside the Chrome browser. The desktop apps for ChatGPT, Claude, Gemini etc. are not covered.
Chrome only on launch. Edge, Brave (Chromium-based) testing is in progress; Firefox is on the roadmap.
Not a DLP suite. SOWA Privacy is an in-the-moment privacy layer for AI chat workflows. It works alongside Microsoft Purview, Zscaler, Nightfall, and other DLP / CASB tooling — not as a replacement.
Browser security boundary. Local storage protections are bounded by your browser and OS. Compromise of the device compromises the dictionary.

Open source and auditability

The detection core is published at github.com/Sowa-Privacy. Anyone can read the code that processes prompts, confirm that it does not write to disk except for the explicitly documented local stores, and verify that no telemetry is collected. We treat the repository as the authoritative reference for the claims on this page.

Reporting a vulnerability

If you believe you've found a security issue, please contact us before disclosing publicly. We aim to acknowledge within two business days and provide an initial assessment within five.

Email: security@sowaprivacy.com (monitored mailbox; PGP key publication pending — to be added before public launch)

We do not currently run a paid bug bounty programme. We do publicly credit reporters in release notes upon request.

Compliance documentation pack

For procurement and DPO reviews, the following are available on request via the contact form:

Data Processing Agreement (DPA)
Sub-processor list
Audit-log architecture notes
Penetration-test summary (when available)

We do not currently hold SOC 2, ISO 27001, or other formal certifications and we will not claim them until they are issued.