Shield: AI Privacy for ChatGPT & Claude

About

🛡️ INFINIUM SHIELD — AI PRIVACY FIREWALL
Every message you send to ChatGPT, Claude, or Gemini passes through their servers — and stays there. Shield intercepts your prompts before they leave your browser, replaces sensitive data with safe tokens, and swaps them back in the AI's response. You get the same answer. The AI never sees your real data.
Works automatically. Zero configuration. No account required.
─────────────────────────────────────
WHAT SHIELD PROTECTS
─────────────────────────────────────
Shield automatically detects and masks 19 categories of sensitive data:
🔴 CRITICAL

API keys — AWS, OpenAI, Anthropic, GitHub, Slack and generic api:/token:/bearer: patterns
Passwords — all common password field formats
Database connection strings — PostgreSQL, MySQL, MongoDB, Redis and more
JWT tokens
Private keys — RSA, EC, OpenSSH, PGP
Secret environment variables

🟡 WARNING

Email addresses
Phone numbers
Credit card numbers
Private IP addresses (RFC 1918)
Social Security Numbers (SSN)

🟢 INFO

URLs containing embedded credentials
Internal hostnames (*.internal, *.corp, *.local)
System file paths
Personal names

─────────────────────────────────────
HOW IT WORKS
─────────────────────────────────────

You type a message in ChatGPT, Claude, or Gemini
You press Enter or click Send
Shield intercepts the prompt in milliseconds
Sensitive values are replaced with tokens: [EMAIL_1], [API_KEY_1], [PASSWORD_1]
The clean prompt is sent to the AI
When the AI responds, tokens are swapped back to real values
You read natural, accurate text — your data was never exposed

The entire process is invisible. You work exactly as you normally would.
─────────────────────────────────────
PRIVACY GUARANTEE
─────────────────────────────────────
Shield is built on a single principle: your data never leaves your device without your knowledge.
FREE TIER — 100% LOCAL

All processing happens inside your browser
Zero data sent to any server — ever
No account required, no registration, no email
No analytics, no telemetry, no tracking
Works fully offline
Open to inspection — no hidden background requests

PRO TIER — METADATA ONLY

Your actual prompt content is still never transmitted
The audit log records only: which AI tool, how many items were masked, what categories (EMAIL, API_KEY etc.)
Real values are never logged, never sent, never stored on our servers
Custom rules are synced as plain text terms — no prompt content, ever

This architecture means Shield is privacy-preserving by design, not just by policy.
─────────────────────────────────────
GDPR & COMPLIANCE
─────────────────────────────────────
For organisations operating under GDPR, HIPAA, SOC 2, or similar data protection frameworks, sharing personal data with third-party AI providers without proper safeguards creates significant compliance risk.
Shield addresses this by ensuring:

Personal data (emails, names, phone numbers) is masked before transmission
Credentials and secrets never leave the browser in plaintext
No personal data is processed by InfiniUm Tools in the free tier
Pro tier processing is limited to non-personal metadata
Data minimisation principle is enforced by architecture, not policy

Shield does not replace a full data protection programme, but it significantly reduces the surface area of accidental data exposure when using AI tools.
─────────────────────────────────────
SUPPORTED AI PLATFORMS
─────────────────────────────────────
✅ ChatGPT (chatgpt.com + chat.openai.com)
✅ Claude (claude.ai)
✅ Gemini (gemini.google.com)
─────────────────────────────────────
FREE vs PRO
─────────────────────────────────────
FREE — Forever, no account needed
✓ All 19 built-in detection rules
✓ Automatic interception on ChatGPT, Claude & Gemini
✓ Token swap in AI responses
✓ Popup showing what was masked
✓ Per-site and global on/off toggle
✓ 100% local — nothing sent anywhere
PRO — $8/month via infinium.tools
✓ Everything in Free
✓ Custom rules — protect your project names, client names, internal codenames
✓ Sync custom rules across all your browsers and devices
✓ Advanced detection — .env files, cloud credentials (AWS/GCP/Azure), Stripe keys, code secrets
✓ Full audit log — what was masked, when, on which AI tool
✓ Priority support
─────────────────────────────────────
PERFECT FOR
─────────────────────────────────────
👨‍💻 Developers — Stop accidentally sharing API keys, database passwords and secrets when asking AI for help with code
🏢 Companies & Teams — Protect confidential project names, client data and internal information
⚖️ Legal & Compliance Teams — Reduce GDPR exposure when staff use AI tools for document review
🏥 Healthcare — Prevent inadvertent sharing of patient-related information with AI systems
🔐 Security Teams — Enforce data hygiene across AI tool usage without blocking productivity
─────────────────────────────────────
PERMISSIONS EXPLAINED
─────────────────────────────────────
Shield requests only what it needs to function:

storage — Save your settings and statistics locally in your browser
tabs — Detect which AI site you have open to show the correct status in the popup
alarms — Pro only: schedule daily rule sync in the background

Shield does NOT request access to your browsing history, bookmarks, clipboard, or any data unrelated to the AI sites it protects.
─────────────────────────────────────
OPEN & TRANSPARENT
─────────────────────────────────────
InfiniUm Shield is built by InfiniUm Tools, a developer-focused platform providing security, DevOps and SEO tools at infinium.tools.
Privacy Policy: https://infinium.tools/privacy
Support: [email protected]
Website: https://infinium.tools/shield
─────────────────────────────────────
FREQUENTLY ASKED QUESTIONS
─────────────────────────────────────
Q: Does Shield read my conversations?
A: No. Shield intercepts your outgoing message at the moment you press Send, replaces sensitive values with tokens, and never stores or transmits the content.
Q: Does the AI know it's getting masked data?
A: The AI receives clean, readable text with tokens like [EMAIL_1] in place of sensitive values. Most AI tools handle this naturally and give useful responses.
Q: Will masking break the AI's answer?
A: No. Shield only masks values, not context. The AI understands what you're asking — it just doesn't see the real credentials. When it responds, tokens are swapped back so you read natural text.
Q: Is this GDPR compliant?
A: The free tier processes nothing outside your browser, making it fully compliant. The Pro tier transmits only non-personal metadata. Always consult your organisation's DPO for a full compliance assessment.
Q: What happens if I uninstall Shield?
A: Nothing. Shield stores only your settings and statistics locally. Uninstalling removes everything. No data remains on any server.
Q: Can I use Shield on Firefox?
A: A Firefox version is in development. Check infinium.tools/shield for updates.

ADDITIONAL CONTENT (append to description to fill remaining space)
─────────────────────────────────────
A REAL EXAMPLE
─────────────────────────────────────
Without Shield, pasting this into ChatGPT:
"Can you help debug this? DB: postgres://admin:[email protected]:5432/prod
The user auth token is: eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyIjoiam9obn0.abc123
Contact the client at [email protected] if it fails"
...sends your database password, JWT token, internal hostname, and a real email address directly to OpenAI's servers. That data is stored, potentially used for training, and subject to any future breach.
With Shield, the same message becomes:
"Can you help debug this? DB: [DB_CONN_1]
The user auth token is: [JWT_1]
Contact the client at [EMAIL_1] if it fails"
The AI gives you exactly the same debugging help. Your credentials and personal data never left your browser.
─────────────────────────────────────
DETECTION ENGINE — TECHNICAL DETAILS
─────────────────────────────────────
Shield uses a multi-pass regex engine running entirely inside your browser tab. Each rule is compiled once and applied in priority order: Critical → Warning → Info.
Token mapping works as follows:

Each unique sensitive value gets its own numbered token: [EMAIL_1], [EMAIL_2]
The token map is stored in memory for the current session
When the AI responds, all tokens are replaced with original values before you read the text
Starting a new conversation clears the token map completely
Nothing is written to disk except your settings and statistics

The engine runs in under 10 milliseconds on typical prompts — imperceptible to the user.
─────────────────────────────────────
ENTERPRISE DEPLOYMENT
─────────────────────────────────────
Shield can be deployed across an organisation using Chrome's managed extension policies. IT administrators can:

Force-install Shield on all managed Chrome profiles via Google Workspace Admin
Pre-configure the extension as enabled by default
Distribute Pro API keys via managed storage policies
Monitor usage via the Pro audit log endpoint

This makes Shield suitable for large-scale deployments where individual configuration is not practical.
For enterprise licensing and volume Pro plans, contact: [email protected]
─────────────────────────────────────
COMPLIANCE USE CASES
─────────────────────────────────────
GDPR (EU General Data Protection Regulation)
Article 5 of GDPR requires personal data to be processed lawfully and minimised. When employees use AI tools, they may inadvertently share personal data — names, emails, phone numbers — with third-party processors without a proper legal basis. Shield reduces this risk by masking personal data before transmission, helping organisations meet their data minimisation obligations.
HIPAA (US Health Insurance Portability and Accountability Act)
Healthcare organisations using AI tools for documentation, research, or administrative tasks risk exposing Protected Health Information (PHI). Shield masks emails, phone numbers, and personal names before they reach AI systems, reducing exposure of PHI to unauthorised third-party processors.
SOC 2 (Service Organisation Control 2)
SOC 2 Type II audits assess an organisation's information security practices. Uncontrolled use of AI tools by employees creates risks around data availability, confidentiality, and privacy — all SOC 2 trust criteria. Shield provides a technical control that reduces the likelihood of confidential data leaving the organisation's control boundary.
ISO 27001
Information security management systems under ISO 27001 require organisations to identify and treat risks to information assets. AI tools represent an emerging risk category. Shield provides a measurable, auditable control for this risk.
Note: Shield is a technical control, not a compliance certification. It significantly reduces risk but does not guarantee compliance. Always consult your organisation's legal and compliance teams.
─────────────────────────────────────
WHAT SHIELD DOES NOT DO
─────────────────────────────────────
Transparency about limitations is important:
✗ Shield does not encrypt your prompts — it masks them
✗ Shield does not prevent you from manually typing sensitive data
✗ Shield does not protect data you copy-paste after the mask runs
✗ Shield does not modify data in file uploads or attachments
✗ Shield does not work on AI tools not listed in the supported platforms
✗ Shield does not guarantee 100% detection of all sensitive data — novel formats may be missed
✗ Shield is not a substitute for a comprehensive data protection programme
✗ Shield does not protect against social engineering or intentional data sharing
For critical security requirements, Shield should be one layer of a broader data protection strategy.
─────────────────────────────────────
WHAT HAPPENS TO YOUR DATA
─────────────────────────────────────
FREE TIER — Complete data inventory:

Settings (on/off, per-site toggles): stored locally in chrome.storage.local
Statistics (total masked count, categories): stored locally in chrome.storage.local
Last scan findings (token names, not values): stored locally in chrome.storage.local
Token map (value → token mappings): stored in memory only, cleared on new conversation
Network requests made: ZERO

PRO TIER — Complete data inventory:

Everything above (still local)
Shield API key: stored locally in chrome.storage.local
Audit log entries sent to server: site name, masked count, category types only
Custom terms synced to server: plain text terms you explicitly added
Actual prompt content: NEVER transmitted, NEVER stored, NEVER logged

InfiniUm Tools does not sell, share, rent or transfer any user data to third parties for any purpose.
─────────────────────────────────────
SUPPORTED BROWSERS
─────────────────────────────────────
✅ Chrome (this extension)
✅ Firefox — available at addons.mozilla.org (search "InfiniUm Shield")
✅ Edge — available at microsoftedge.microsoft.com/addons (search "InfiniUm Shield")
✅ Brave — install directly from Chrome Web Store, works out of the box
─────────────────────────────────────
EXTENDED FAQ
─────────────────────────────────────
Q: Can the AI tell that tokens have replaced real values?
A: Yes — the AI sees tokens like [EMAIL_1] in your prompt. Most AI models handle this naturally, understand the context, and give helpful responses. You can even tell the AI "the tokens represent masked values" if needed.
Q: What if Shield masks something it shouldn't?
A: The global toggle and per-site toggle let you disable Shield instantly. For fine-tuned control, you can also reload the page to clear the token map and start fresh.
Q: Does Shield slow down my browser?
A: No measurably. The detection engine runs in under 10ms on typical prompts. Shield has no persistent background activity in the free tier — it only activates when you press Send on a supported AI site.
Q: Is the source code available?
A: We are working toward open-sourcing the core detection engine. For security research inquiries, contact [email protected].
Q: Does Shield work in Incognito/Private mode?
A: Not by default. To enable Shield in Incognito, go to chrome://extensions → Shield → "Allow in Incognito". Your settings will not persist between Incognito sessions.
Q: What is the Pro audit log used for?
A: The audit log helps security teams understand AI tool usage patterns — how often employees are masking data, which categories (API keys, emails etc.) are most common, and which AI tools are being used. It does not contain any actual prompt content.
Q: How do I get my Shield API key for Pro?
A: After subscribing at infinium.tools/shield, your API key is emailed to you immediately and also shown in your InfiniUm dashboard. Paste it into the Shield popup → Pro tab → Connect.
Q: What happens if my Pro subscription lapses?
A: Shield automatically downgrades to the free tier on the next daily sync. Your custom rules are preserved locally. The 19 built-in detection rules continue working — you never lose basic protection.
Q: Can I use Shield for free forever?
A: Yes. The free tier has no trial period, no expiry, and no feature degradation over time. The 19 built-in rules and automatic interception are free permanently.
Q: Is InfiniUm Tools based in the EU?
A: InfiniUm Tools operates with EU-based infrastructure (Frankfurt, Germany) and complies with GDPR requirements. Contact: [email protected]
─────────────────────────────────────
VERSION HISTORY
─────────────────────────────────────
v1.2.0 — Current

Added Pro tier with custom rule sync, audit log and advanced detection
Extended detection: Stripe keys, Azure strings, GCP credentials, .env files
Improved API key detection: api:, token:, bearer:, auth: patterns
Performance improvements to detection engine
Firefox compatible version available

v1.0.0 — Initial release

19 built-in PII detection rules
Works on ChatGPT, Claude and Gemini
Token map with automatic de-anonymisation in responses
Per-site and global toggles
Free, no account required