What does SOWA Privacy do?

SOWA Privacy is a Chrome extension that detects and replaces sensitive data in AI prompts locally – in your browser – before the prompt reaches ChatGPT, Claude, Gemini, or any other AI tool.

Is SOWA Privacy free?

Yes. The Starter plan is free forever and includes 30+ regex patterns, basic NER detection, and TXT file scanning. Pro (4.99 EUR per month), Business (7.99 EUR per user per month), and Enterprise (custom) unlock additional features.

Which AI tools does SOWA Privacy work with?

SOWA Privacy works with ChatGPT, Claude, Gemini, Microsoft Copilot, Grok, Perplexity, HuggingFace Chat, and any self-hosted OpenAI-compatible interface.

Is SOWA Privacy GDPR compliant?

SOWA Privacy is designed for GDPR compliance. All detection runs locally in the browser, no prompt data is transmitted to SOWA servers, and the source code is open-source under MIT license for full auditability.

Does SOWA Privacy send my data to any server?

No. Detection runs entirely in your browser using local regex, ONNX-based NER models, and optionally local LLMs. Only the placeholder-replaced prompt is forwarded to the AI provider you choose.

AI Privacy for the public sector

Why public administration can't paste into the cloud

Ministries, municipalities, and agencies hold some of the most sensitive data there is – citizen identities, benefit claims, tax records, case files, law-enforcement notes. The moment a caseworker pastes that into a public AI chatbot, the data leaves national infrastructure and lands on a third-party provider's servers, often outside the EU.

That collides with three hard constraints public bodies work under:

GDPR & lawful basis. Public-sector processing needs a clear legal basis; sending citizen data to a foreign AI vendor rarely has one.
Digital sovereignty. European and national mandates push public bodies away from uncontrolled dependence on non-EU cloud providers.
Official & statutory secrecy. Tax secrecy, social secrecy, and administrative confidentiality don't pause because a tool is convenient.

SOWA Privacy lets staff use modern AI without any of that data leaving the device in the first place.

What SOWA detects

Three layers run locally, in the browser, before a single character is sent: a regex layer for structured identifiers, an optional multilingual NER layer for names and places, and a user-managed blacklist for the terms specific to your authority.

Citizen identifiers

Structured IDs caught by the regex layer.

tax IDnational IDnational insurance numberpassport no.driving licence no.IBAN

Case & file markers

Terms that signal an active administrative record.

case numberfile referenceapplicantapplicant nameclaim numberreference no.

People & roles

Caught contextually by the NER layer.

citizen namesaddressescaseworkerofficialcivil servant

Sensitive context

Special-category data under GDPR Art. 9.

benefitswelfareasylumcriminal recordhealth statussocial assistance

Built for sovereignty, by design

Local-first – nothing to send away

Detection runs entirely on the workstation. The regex layer and the blacklist need zero network. The optional NER model downloads once and then runs offline forever. No citizen text reaches a SOWA Privacy server – there isn't one.

Auditable & open

The detection engine is open-source (MIT). A public body's IT or security team can read every line, run it in their own environment, and verify exactly what does – and does not – happen to the data.

It complements your stack, it doesn't replace it

SOWA sits in front of whatever AI assistant staff already use. It's the local privacy layer that makes those tools usable under public-sector rules, not another cloud dependency.

Roll it out across the authority

From Settings → Detection → Custom rules & lists, IT administrators can standardise detection for the whole organisation:

Add authority-specific identifiers – internal file-number formats, department codes, register IDs – to the Blacklist.
Add custom regex for the formats unique to your administration, such as case references like AZ-1234/26.
Whitelist public, non-sensitive boilerplate so staff aren't slowed by false positives.
Export the rule set as a .sowa.json file and distribute it to every workstation for a consistent baseline.

SOWA Privacy is a privacy tool, not legal advice. Local anonymisation is a strong technical safeguard, but each authority should confirm its own legal basis, data-processing agreements, and DPIA before adopting any AI workflow.

Try for free See how it works Read the security model