Browser-Level PII Anonymization for AI Chat

Evidence & Data Points

• Malicious Chrome extensions harvest AI chat histories (ChatGPT, Claude, Gemini) containing PII that users pasted into conversations. The attack vector exploits browser extension permissions to read DOM content across AI chat interfaces, exfiltrating conversation histories that contain names, address

Solution

The Solution: How anonym.legal Addresses This Pre-Send Anonymization The anonym.legal Chrome Extension (v1.1.37, Manifest V3) intercepts text in AI chat input fields before submission. It detects 285+ entity types including names, email addresses, phone numbers, credit card numbers, and government IDs. PII is replaced with anonymized tokens (e.g., [PERSON_1], [EMAIL_ADDRESS_1]) before the message reaches the AI service. Reversible Encryption For workflows requiring the original data, AES-256-GCM encryption replaces PII with encrypted tokens. The encryption key never leaves the user's browser. The AI service processes anonymized text; the user decrypts the response locally. Supported AI Services ChatGPT (ProseMirror editor, execCommand('insertText')) and Perplexity (Lexical editor) are full

Try Free

Compliance Context

Compliance Mapping This pain point intersects with GDPR Article 32 (security of processing), GDPR Article 33 (breach notification within 72 hours), and CCPA data breach provisions. Pre-send anonymization eliminates the breach scenario entirely. anonym.legal's GDPR, HIPAA, PCI-DSS, ISO 27001 compliance coverage, combined with Hetzner Germany, ISO 27001 hosting, provides documented technical measures organizations can reference in their compliance documentation.