What does SOWA Privacy do?

SOWA Privacy is a Chrome extension that detects and replaces sensitive data in AI prompts locally – in your browser – before the prompt reaches ChatGPT, Claude, Gemini, or any other AI tool.

Is SOWA Privacy free?

Yes. The Starter plan is free forever and includes 30+ regex patterns, basic NER detection, and TXT file scanning. Pro (4.99 EUR per month), Business (7.99 EUR per user per month), and Enterprise (custom) unlock additional features.

Which AI tools does SOWA Privacy work with?

SOWA Privacy works with ChatGPT, Claude, Gemini, Microsoft Copilot, Grok, Perplexity, HuggingFace Chat, and any self-hosted OpenAI-compatible interface.

Is SOWA Privacy GDPR compliant?

SOWA Privacy is designed for GDPR compliance. All detection runs locally in the browser, no prompt data is transmitted to SOWA servers, and the source code is open-source under MIT license for full auditability.

Does SOWA Privacy send my data to any server?

No. Detection runs entirely in your browser using local regex, ONNX-based NER models, and optionally local LLMs. Only the placeholder-replaced prompt is forwarded to the AI provider you choose.

AI Privacy for finance & legal

What ships out of the box

Two of the four built-in industry presets in SOWA Privacy cover finance and legal workflows directly. Either preset is one click away in Settings → Detection → PII Presets, and you can compose both at once via Custom rules & lists.

Legal preset – clients / cases / parties

Captures the vocabulary of cases, parties, courts, and instruments. The examples below show common English legal vocabulary; add firm-specific terms via the custom Blacklist.

Roles & parties

attorneylawyercounselsolicitorbarristerplaintiffdefendantjudgeprosecutornotaryclientclaimantrespondentwitnessexpert witnessguardian

Case identifiers & documents

case numberdocketproceedingjudgmentrulingordercomplaintindictmentappealpower of attorneycontractaddendumNDA

Institutions

law firmdistrict courtregional courtcourt of appealsupreme courtprosecutor's office

Finance preset – accounts / transactions / loans

Covers account-level identifiers, banking products, transaction primitives, and the paper trail.

Accounts & balances

account numberbalancebank accountsort coderouting numberaccount statement

Products

loanmortgagecash loancredit lineleasingfixed depositsavings accountretirement accountISA

Transactions

transactionwire transferpaymentdepositwithdrawalPINauthorisationtokenSMS code

Documents

invoicetax returnreceiptproof of incomeannual tax declarationbank statement

Both presets layer on top of the always-on regex packs – emails, phone numbers, IBAN, BIC/SWIFT, credit card numbers, national tax IDs, and a dozen others.

Why this matters for finance & legal

Attorney-client privilege

Privilege is paper-thin once data crosses an organisational boundary. Pasting privileged correspondence into a public AI tool may not, on its own, waive the privilege under every jurisdiction – but it is almost always treated as a disclosure to a third-party processor, with all the consent and audit obligations that come with it. SOWA flips the default: the AI sees [CLIENT_1] and [CASE_2], not the names and case numbers.

Banking secrecy & MiFID II

Customer financial data is subject to banking secrecy in every EU member state. Names paired with account numbers, transaction history, or product holdings are protected – exactly the data shape SOWA is built to catch. MiFID II's recordkeeping requirements also assume the bank knows where its customer data is going; uncontrolled AI prompts undermine that.

Local detection – zero data egress

Detection runs entirely in the browser. No SOWA server sees your prompt content. The optional NER model is downloaded once from HuggingFace and then runs offline; the optional WebLLM model runs on the local GPU. The only network call SOWA makes (other than the AI vendor you chose) is a sparse entitlement check that contains no PII, no prompts, and no audit data.

Tailor it to your firm or desk

Add firm-specific identifiers (matter numbers, internal client IDs, deal codes) to the Blacklist in Settings.
Add safe boilerplate (your firm name, jurisdiction names, public-record reference numbers) to the Whitelist.
Add custom regex rules for instrument identifiers (e.g. ISINs, CUSIPs, internal reference codes).
Export the resulting preset as .sowa.json and ship it to every workstation via an IT policy.

This is a technical control, not legal advice. Each firm or bank needs its own assessment of which AI vendors are admissible at all, and what residual risk remains after anonymisation. SOWA Privacy is one strong layer in a larger compliance stack – not a substitute for one.

Try for free See how it works Read the security model