Protects sensitive data before you press Enter.
GuardianAI is a Chrome extension that scans every prompt you type into Claude and ChatGPT before it reaches the AI — catching sensitive data like ID numbers, passwords, API keys, and email addresses before you accidentally share them. Everything runs locally in your browser. No cloud, no login, no storage of your prompts. Built in South Africa with POPIA compliance built in from day one.
| Type | Risk | POPIA |
|---|---|---|
| SA ID numbers | 🔴 HIGH | §26 |
| AWS access keys | 🔴 HIGH | §19 |
| JWT tokens | 🔴 HIGH | §19 |
| Private key blocks | 🔴 HIGH | §19 |
| Connection strings | 🔴 HIGH | §19 |
| Email addresses | 🟡 MEDIUM | §11 |
| SA phone numbers | 🟡 MEDIUM | §11 |
| Custom keywords | 🔴 HIGH | — |
| Source code patterns | 🟢 LOW (silent) | — |
| Settings | Keywords | Audit Log |
|---|---|---|
![]() |
![]() |
![]() |
- You type a prompt into Claude or ChatGPT
- GuardianAI scans it locally — 9 pattern types + your custom keywords
- Risk is assigned — HIGH blocks submission, MEDIUM shows a warning, LOW is silent
- You decide — Replace sensitive content in place, send anyway, or cancel
- Event logged locally — metadata only, never your prompt text
- ✅ 100% local — nothing leaves your browser
- ✅ No cloud, no server, no API calls
- ✅ No prompt text ever stored
- ✅ Verifiable via Chrome DevTools Network tab — zero outbound requests
- ✅ Audit log stores metadata only (timestamp, site, risk level, action)
GuardianAI is currently in private pilot and not yet available on the Chrome Web Store.
To install the pilot build:
- Download
guardian-ai-0.5.2.zipand unzip to a permanent location - Open Chrome and go to
chrome://extensions - Enable Developer mode (top-right toggle)
- Click Load unpacked and select the
guardian-aifolder - The GuardianAI shield icon appears in your toolbar — pin it
- The onboarding guide opens automatically
Do not delete the unzipped folder — Chrome loads the extension from it each time.
- Unified warning banner — red for HIGH risk, amber for MEDIUM
- Replace in place — rewrites sensitive content with redaction tokens directly in the input field
- Ignore & Scan After — pause scanning while you finish typing, then scan the full prompt at once
- POPIA compliance mode — tags detections with relevant POPIA sections (§11, §19, §26)
- Compliance mode dropdown — Off / POPIA / UK GDPR (coming soon) / CCPA (coming soon)
- Custom keywords — add your own sensitive terms via the popup or CSV import
- Enter/Send blocking — optionally block submission while a warning is active
- Auto-sanitize silent mode — automatically replace sensitive content with no interruption
- Local audit log — last 50 events, exportable as CSV
- Light and dark mode
- Keyboard shortcut —
Alt+Shift+Striggers a manual scan
| Setting | Options |
|---|---|
| Extension enabled | On / Off |
| Compliance mode | Off / POPIA / UK GDPR (soon) / CCPA (soon) |
| Block threshold | Medium + High / High only |
| Auto-sanitize | Off / Silent |
| Enter/Send blocking | Off / Block on High / Block on Medium+High |
| Theme | Dark / Light |
- Microsoft Copilot support
- UK GDPR compliance mode
- CCPA compliance mode
- Detection history and insights
- Chrome Web Store submission
- Real-time webhook reporting to admin
- Central policy pack push via MDM
- Admin dashboard
- Policy enforcement and lockdown
- Org-level audit log
- Claude desktop app support via MCP
- Playful mascot UI for schools
- Gamification and badges
- Teacher dashboard
- SA digital citizenship curriculum alignment
GuardianAI includes a POPIA (Protection of Personal Information Act) compliance mode for South African users. When enabled, every detection is tagged with the relevant section of the Act:
- §11 — Personal Information (emails, phone numbers)
- §19 — Security Safeguards (credentials, keys, connection strings)
- §26 — Special Personal Information (SA ID numbers)
POPIA mode helps identify potentially regulated data. It does not guarantee legal compliance. Consult your Information Officer.
- Chrome Extension Manifest V3
- Vanilla JavaScript — no framework dependencies
- Shadow DOM for overlay UI (no CSS conflicts with host pages)
chrome.storage.localfor all persistence- Range-based DOM replacement (no layout shift)
- MutationObserver for SPA reconnect
guardian-ai/
├── manifest.json
├── background/
│ └── service-worker.js
├── content/
│ ├── detector.js # Detection engine — pure function
│ ├── sanitizer.js # Redaction logic
│ ├── siteConfig.js # Per-site selectors
│ ├── auditLog.js # 50-event ring buffer
│ ├── popia.js # POPIA section mappings
│ ├── overlay.js # Unified banner UI
│ ├── overlay.css # Shadow DOM scoped styles
│ └── content.js # Orchestrator
├── popup/
│ ├── popup.html
│ ├── popup.js
│ └── popup.css
├── onboarding/
│ ├── onboarding.html
│ ├── onboarding.css
│ └── onboarding.js
├── rules/
│ └── defaultKeywords.json
└── assets/
├── icons/
└── fonts/
| Platform | Status |
|---|---|
| claude.ai | ✅ Active |
| chatgpt.com | 🔧 In progress |
| gemini.google.com | 📋 Planned |
| copilot.microsoft.com | 📋 Planned |
All rights reserved. GuardianAI is proprietary software. The name, logo, and brand identity may not be used without written permission.
- Website: guardianai.co.za
- Email: hello@jtctech.co.za
- Built in South Africa 🇿🇦
- Built by Jon Boyle
GuardianAI — Protects sensitive data before you press Enter.


