What does SOWA Privacy do?

SOWA Privacy is a Chrome extension that detects and replaces sensitive data in AI prompts locally – in your browser – before the prompt reaches ChatGPT, Claude, Gemini, or any other AI tool.

Is SOWA Privacy free?

Yes. The Starter plan is free forever and includes 30+ regex patterns, basic NER detection, and TXT file scanning. Pro (4.99 EUR per month), Business (7.99 EUR per user per month), and Enterprise (custom) unlock additional features.

Which AI tools does SOWA Privacy work with?

SOWA Privacy works with ChatGPT, Claude, Gemini, Microsoft Copilot, Grok, Perplexity, HuggingFace Chat, and any self-hosted OpenAI-compatible interface.

Is SOWA Privacy GDPR compliant?

SOWA Privacy is designed for GDPR compliance. All detection runs locally in the browser, no prompt data is transmitted to SOWA servers, and the source code is open-source under MIT license for full auditability.

Does SOWA Privacy send my data to any server?

No. Detection runs entirely in your browser using local regex, ONNX-based NER models, and optionally local LLMs. Only the placeholder-replaced prompt is forwarded to the AI provider you choose.

AI Privacy for healthcare

What ships out of the box

SOWA Privacy comes with a built-in Medical preset blacklist – every term below is flagged as personal data automatically, in addition to the regex layer (emails, phone numbers, IBANs, national IDs) and the optional multilingual NER layer.

The preset is enabled with a single click in Settings → Detection → PII Presets (pick "med"). The examples below show common English clinical vocabulary; add organisation-specific terms via the custom Blacklist.

Clinical roles

Roles that, paired with a name, identify a clinical relationship.

doctorphysicianpatientnursetherapistphysiotherapistpsychologistpsychiatristmidwifepharmacistparamedicsurgeonradiologist

Documents & processes

Anything that signals an existing patient record.

prescriptiondiagnosismedical recordhealth recordlab resulttest resulttreatment plantherapyrehabilitationreferraldischarge summarycase historycare plan

Institutions

Hospital and clinic identifiers.

hospitalclinicoutpatient clinicwardNHSmedical centre

Sensitive diagnoses

Conditions that trigger GDPR Art. 9 special-category protections.

cancertumourdepressionHIVAIDStuberculosisdiabetes

Why this matters for healthcare

GDPR Article 9 – special category data

Health data is one of the categories given extra protection under GDPR Art. 9 – it cannot be processed without a specific lawful basis (explicit consent, vital interests, public health, etc.). Pasting a patient note into ChatGPT without anonymisation is a Art. 9 processing event that most healthcare providers cannot justify.

SOWA Privacy moves the boundary: by the time the text leaves the browser, the protected categories have already been replaced with placeholders. The AI sees [NAME_1] and [CONDITION_2], not "Anna Smith – depression".

HIPAA – covered entities and PHI

For US healthcare providers covered by HIPAA, the same logic applies to Protected Health Information. The anonymisation step happens before any third-party processor (the AI vendor) sees the data, which keeps the upstream relationship inside the original consent boundary instead of expanding it.

Local detection – no cloud round-trip

The detection itself runs entirely in your browser. The regex layer and the medical blacklist need zero network. The optional NER layer downloads a 65 MB model once (HuggingFace) and then runs offline forever. No patient text reaches any SOWA server – SOWA doesn't have one.

Tailor it to your workflow

The Medical preset is the floor, not the ceiling. From Settings → Detection → Custom rules & lists you can:

Add hospital-specific identifiers (employee badge numbers, internal ward codes, study IDs) to the Blacklist.
Add safe boilerplate (drug names you cite frequently, public study titles) to the Whitelist so SOWA stops flagging them.
Add custom regex rules for clinical IDs that match a specific format (e.g. MRN-\d{8}).
Export and import presets as .sowa.json files so an IT admin can ship a standard rule set to every workstation.

SOWA Privacy is a privacy tool, not legal advice. Anonymising prompts is a strong technical mitigation, but each organisation needs to confirm its own data-handling agreements with AI vendors and document the residual risk for its DPIA.

Try for free See how it works Read the security model