PromptShield

Stop leaking personal info into AI. PromptShield flags names, SSNs, and more in your prompts and redacts them before you send, all 100% on your device.

Comment

Inspiration

Seeing our own parents send tax files with PII to AI without any restrictions. Someone in our family pasted a full tax return into ChatGPT just to ask a question about a line item, name, income, Social Security number, all of it, without a second thought. They weren't being careless. They just couldn't see what they were handing over, or that it could be retained, trained on, or exposed in a breach. That blindness is the whole problem: people treat AI chatbots like a private assistant, but the most sensitive things they type leave their hands the moment they hit send, and they can't take it back.

What it does

PromptShield scans what you're about to paste into an AI chatbot before you send it, flags the personal and sensitive information inside, and hands you a clean, redacted version to use instead. It catches the major identifiers, names, SSNs, cards, emails, phone numbers, dates, and locations, using a fast pattern-matching layer plus an on-device AI model for the context that patterns miss. It also scans images and screenshots, finds the sensitive regions, and produces an auto-redacted copy with those areas blacked out. Crucially, the whole scan runs locally on your own device: your data never has to leave your machine to be protected, which you can verify by running it with the wifi off. It's delivered as a web app and a Chrome extension that sits right inside the chatbot's text box.

How we built it

We built it using AI specifically Claude for most of it also with human written code in the form of other open-source libraries made by other people that we integrate to simplify code and use a reliable alternative from writing it all from scratch.

Challenges we ran into

The biggest challenge was the privacy paradox at the heart of the idea: a tool that protects you from giving data to AI shouldn't itself ship your data off to a server to check it. Resolving that pushed us to move the whole engine on-device, which traded a powerful cloud model for a smaller local one, a real accuracy tradeoff we had to design around. Getting the on-device models to load and run reliably offline (and caching them so the first scan isn't slow) took real work.

Accomplishments that we're proud of

We built something that genuinely runs entirely on the user's device, and we can prove it live by pulling the wifi and watching it still work. For a privacy tool, that's the strongest possible claim: we're not asking anyone to trust a data policy, because there's no server in the loop to trust. We're also proud that it does both text and images, since screenshots are where the worst accidental leaks hide and most tools only handle text.

What we learned

We learned how crowded the "AI data protection" space actually is, and that our real edge wasn't inventing a new concept but choosing a different architecture (fully local) and a different customer (the individual, not the enterprise IT department). We learned the practical limits of on-device models, that they reliably nail the major identifiers but lag a big cloud model on subtle phrasing, and that being upfront about that tradeoff is stronger than hiding it.

What's next for PromptShield

Sharper on-device coverage of subtle and context-dependent cases, so the local model closes more of the gap with cloud models. Native integration built directly into the AI tools rather than bolted on as an extension and marketing ourselfs as a "3rd party seal of approval" to both help users feel safe and to build the AI company's reputation as taking responsibility for keeping user data safe.

Share this project:

Updates