Privly scrubber

Privly Scrubber is a minimal browser extension that masks or redacts secrets and PII inside chatboxes and AI prompt before the message is sent—protecting sensitive data without disrupting your flow.

Comment

Inspiration

As a Site Reliability Engineer and Cybersecurity specialist, protecting sensitive information is at the core of my work. Every organization wants to harness the power of AI for faster diagnostics and support—but no one wants to risk leaking internal details like PII, service names, or database structures in the process. I found myself repeatedly copying logs into a text editor, scrubbing out sensitive elements manually, and then pasting into an AI interface. Doing this multiple times a day became inefficient, tedious, and frankly, a little frustrating. That’s what sparked the idea for Privly Scrubber—a tool to remove the friction and risk from this everyday task.

What it does

Privly Scrubber protects your sensitive data while letting you take full advantage of AI tools, without ever risking a leak. Here's how it works:

  • Monitors what you type or paste into AI chat interfaces in real-time.
  • Finds sensitive terms—including company-specific identifiers, personal data, microservice names, and schema references—entirely locally. Nothing leaves your machine.
  • Replaces matches with clear tokens like <EMAIL>, <SERVICE_NAME>, or <DB_SCHEMA>, ensuring clarity without exposing risk.
  • Lets you review the redacted text before it’s ever sent, so you’re always in control.
  • Includes a simple, customizable panel for adding terms, keywords, or regex patterns unique to your team or environment.

Whether you're troubleshooting a Kubernetes deployment or asking for help with SQL logs, Privly Scrubber is your trusted buffer between privacy and productivity.

How we built it

Privly Scrubber is built as a three-part ecosystem designed for speed, scalability, and security:

React Web App

  • Serves as the user-facing dashboard for managing accounts, viewing activity, managing subscription and licence ping.
  • Built with React + Vite for ultra-fast development and hot module reloading.
  • Styled with Tailwind CSS for clean, responsive UI components.
  • State is managed with Zustand, offering lightweight persistence without the overhead of heavier frameworks.
  • Embraces a component-based architecture, making the UI reusable and maintainable across future builds.

Chrome Extension

  • Delivers real-time privacy protection directly in the browser.
  • Fully compliant with Manifest V3, ensuring compatibility with modern Chrome versions.
  • Uses background scripts for persistent monitoring and content scripts to intercept and scrub data inline before it’s sent.
  • Includes a responsive popup UI for quick toggles and user settings on the fly.

Node.js API & Backend

  • The backend runs on Express.js, handling business logic, user authentication, and integration layers.
  • Powered by Supabase as a backend-as-a-service for rapid delivery and prototyping.
  • Uses PostgreSQL with real-time subscriptions for push-based data sync.
  • Implements Row-Level Security (RLS) to isolate user data and enforce fine-grained access control.

Key Implementation Highlights

  • Bolt.new-integrated security features, including:
    • End-to-end Stripe integration for subscription management
    • Webhook-driven updates to handle plan changes and enforce limits
    • Usage tracking and quota enforcement tied to each subscription tier

Challenges I Ran Into

  • Extension-Webapp Communication: Establishing secure and consistent real-time communication between the web application and the browser extension presented its own set of hurdles, including managing readiness states, request/response lifecycles, and ensuring data synchronization across different browser contexts.
  • Performant Client-Side Detection: Developing a sensitive data detection engine that operates in real-time directly within the browser, without impacting typing performance, demanded significant optimization and careful selection of algorithms for efficiency.
  • Highlighting Sensitive Text Without Breaking Formatting: Initially, I tried underlining individual pieces of detected sensitive data—but ran into constant formatting issues across various AI chat boxes. The results were inconsistent, sometimes even unreadable. With tight deadlines, I pivoted to a simpler and more reliable solution: highlight the entire prompt if it contains any sensitive elements. It sacrificed a bit of granularity but delivered a clean and stable user experience every time.

Accomplishments That I'm Proud Of

  • Complete Full-Stack SaaS Platform: As a solo Developer and as a first time fullstack experience, I built an entire privacy protection ecosystem with web app, browser extension, subscription management and payment process in record time using Bolt.new.
  • Privacy-First Architecture: I successfully implemented a core principle of privacy by ensuring all sensitive data detection and scrubbing occurs entirely client-side within the browser extension. This means user data never leaves their device, a significant achievement in data security.
  • Modern Extension Architecture: Built a tool that lets developers and other users move faster with AI—without sacrificing safety or compliance.
  • Real-time Privacy Analytics: Created a comprehensive dashboard that visualizes privacy threats and protection metrics in real-time using Recharts.

What I Learned

  • Browser Extension Ecosystem: Gained deep understanding of Chrome extension APIs, content script injection, and background service workers.
  • Comprehensive State Management: Managing complex application state across a React frontend, Zustand stores, local storage, and a browser extension provided valuable insights into designing scalable and maintainable data flows.
  • SaaS Business Logic: Implemented subscription management, usage quotas, and tiered pricing models with proper webhook handling.
  • Understanding Inter-Process Communication (IPC): I learned how browser extensions rely on IPC—Inter-Process Communication—to bridge the gap between isolated environments like a React dashboard and background scripts. Anytime the frontend requests data, it sends a message via chrome.runtime.sendMessage, which transmits a JSON payload behind the scenes.

What's Next for Privly Scrubber

  • Expanding Enterprise Capabilities: My immediate focus is on implementing the "Coming Soon" features for the Enterprise plan, including organization-wide rule sharing (infosec team manage a company-wide rules from a central dashboard. Each workstation browser extension auto-syncs), advanced compliance reporting, SSO integration, and dedicated support.
  • Multi-Browser Support: Expand beyond Chrome to Firefox and Safari extensions with cross-browser compatibility layers.
  • Mobile Application: Develop React Native apps for iOS and Android to extend privacy protection to mobile browsing.
  • Enhanced User Customization: I plan to introduce more granular user preferences, such as dark mode, auto-scrubbing options, and customizable tooltips, to give users greater control over their experience.
  • Deepening AI Integration: I will continue to refine and expand the local AI heuristic detection capabilities to improve accuracy and broaden the range of sensitive data patterns that can be recognized.
  • IDE plug-ins: for VS Code and JetBrains so devs can scrub before commits or Slack posts.

Privly Scrubber is just the start—I'm shaping a world where AI moves fast and privacy never falls behind.

Built With

  • aes-gcm-encryption
  • and-various-npm-packages-including-react-router
  • bolt.new
  • bolt.new-ai-development-platform
  • built-with:-react
  • chrome-extension-(manifest-v3)
  • express.js
  • indexeddb
  • javascript-(es6+)
  • lucide-icons
  • netlify
  • node.js
  • react
  • recharts
  • stripe
  • supabase-(postgresql)
  • tailwind-css
  • vercel-deployment
  • vite
  • websockets
  • zustand
Share this project:

Updates