What does SOWA Privacy do?

SOWA Privacy is a Chrome extension that detects and replaces sensitive data in AI prompts locally – in your browser – before the prompt reaches ChatGPT, Claude, Gemini, or any other AI tool.

Is SOWA Privacy free?

Yes. The Starter plan is free forever and includes 30+ regex patterns, basic NER detection, and TXT file scanning. Pro (4.99 EUR per month), Business (7.99 EUR per user per month), and Enterprise (custom) unlock additional features.

Which AI tools does SOWA Privacy work with?

SOWA Privacy works with ChatGPT, Claude, Gemini, Microsoft Copilot, Grok, Perplexity, HuggingFace Chat, and any self-hosted OpenAI-compatible interface.

Is SOWA Privacy GDPR compliant?

SOWA Privacy is designed for GDPR compliance. All detection runs locally in the browser, no prompt data is transmitted to SOWA servers, and the source code is open-source under MIT license for full auditability.

Does SOWA Privacy send my data to any server?

No. Detection runs entirely in your browser using local regex, ONNX-based NER models, and optionally local LLMs. Only the placeholder-replaced prompt is forwarded to the AI provider you choose.

AI Privacy for Business

Every business is an AI business now

The fastest-growing class of AI users isn't the regulated enterprise. It's the marketer drafting an outreach email with a customer list. The recruiter summarising CVs in ChatGPT. The ops lead pasting a vendor contract for a quick re-read. The sales rep asking Claude to clean up notes from a deal call. Every one of those interactions exposes data the company hasn't authorised to share.

Most businesses cannot ban AI – the productivity lift is real, and "no" is not a policy that survives contact with a team that has a Q4 to ship. The realistic move is to keep the tool, anonymise the data, and give the IT team something to enforce.

What SOWA detects

Three layers run locally in every employee's browser: regex for structured identifiers, an optional multilingual NER layer for names and organisations, and a user-managed blacklist for the terms unique to your business.

Customer data

The classic CRM-shaped PII.

customer namesemailsphone numberscompany namescontract valuedeal stage

Employee & HR data

Always in someone's prompt – screening, reviews, comp.

employee namessalaryperformance ratingscandidate CVsoffer detailsdisciplinary notes

Supplier & partner

Vendor relationships and contract terms.

supplier namescontract termspricingSLA breachesNDA-covered material

Internal & ops

What gets pasted from internal tools.

internal docsroadmapsOKRsincident reportscredentialsAPI keys

Why this matters for Business

GDPR – the default lawful basis problem

Most businesses lack a clear lawful basis for handing customer or employee data to a US-based AI vendor on an ad-hoc, unlogged basis. Anonymising the prompt removes the personal data from the equation entirely: the AI sees [CUSTOMER_1] and [REGION_2], not the real names. That's a stronger position than a Data Processing Agreement reviewed once and forgotten.

NDAs and confidentiality undertakings

Every business has commercial NDAs, partner contracts, and customer agreements that don't anticipate "we pasted this into ChatGPT". SOWA Privacy keeps the actual sensitive terms on the workstation – the AI sees the structure of the question, not the identifying detail.

Trade secrets and competitive risk

The single biggest under-priced risk is staff casually leaking strategy, pricing, or upcoming product details into a vendor's training pipeline. Local-first detection draws the boundary at the browser, before that conversation ever happens.

Roll it out across your team

From Settings → Detection → Custom rules & lists, an IT lead or DPO can:

Add company-specific terms (product codenames, customer-list aliases, internal acronyms) to the Blacklist.
Whitelist public-facing terms (your product name, public partners, marketing language) so the team isn't constantly bypassing flags.
Add custom regex rules for internal identifiers (employee ID format, ticket IDs, deal IDs).
Export a .sowa.json ruleset and ship it via the team's existing Chrome management profile – every workstation gets the same policy on day one.

SOWA Privacy works alongside your DLP stack, not in place of it. Browser-level anonymisation closes the AI-prompt gap that traditional endpoint and email DLP weren't designed to catch.

Talk to sales See how it works Compare alternatives