Drawbridge
On-device PII pseudonymization for AI chat, powered by the Rampart model. Real values never leave your machine.
As of July 2026, Drawbridge has — users in the Privacy & Security category.
Usersno change0%
—
—
Ratingno change0%
—
— reviews
Reviewsno change0%
—
Version
0.1.1
Manifest V3
History
1 snapshotsTracking since Jul 8, 2026.
Not enough history yet for this metric — the chart fills in as we collect more snapshots.
View as table
| Date | Users | Rating | Reviews | Version |
|---|---|---|---|---|
| Jul 8, 2026 | — | — | — | 0.1.1 |
| Now | — | — | — | 0.1.1 |
Permissions & access
- Permissions
- storageoffscreenscripting
- Host access
- https://claude.ai/*, https://huggingface.co/*, https://*.huggingface.co/*, https://*.hf.co/*
Screenshots
About
Drawbridge protects your personal information before it reaches AI chat sites. Powered by the on-device Rampart model, it detects names, addresses, phone numbers, emails, SSNs, credit cards, and more — then replaces them with stable placeholder tokens like [GIVEN_NAME_1] before your message is sent. The AI site only ever sees the placeholder, while Drawbridge restores the real values in replies right on your device. How it works: - As you type, detected PII is highlighted in the composer and a chip shows how many items will be protected. - When you hit send, the real prompt is swapped for a protected version on the wire. - When the AI replies, placeholder tokens are restored to real values locally before they reach your eyes. Key features: - On-device processing: the 14.7 MB Rampart model runs locally in your browser via WebGPU/WASM. No data sent to any external service for detection. - Fail-closed by default: if the model can't scan a message in time, sending is blocked rather than letting raw text through. - Supports claude.ai (first surface; architecture is site-agnostic). Honest limitations: - Rampart is ~98.4% recall — a strong first line of defense, not a guarantee. - Text messages only; attachments, file uploads, and pasted images are not scanned. - Interception covers fetch only (claude.ai uses fetch today). - Session tables are in-memory only; after a browser restart, historical placeholders may not restore correctly until a new conversation starts. Permissions: - Storage: to save your settings locally. - Scripting: to inject content scripts on supported sites. - Offscreen: to host the Rampart model in a dedicated execution context.
Technical
- Version
- 0.1.1
- Manifest
- V3
- Size
- 18.19MiB
- Min Chrome
- 121
- Languages
- 1
- Featured
- No
Metadata
- ID
- kkfpdkkoanbhhomoalcfnbcgiccpdebf
- Developer ID
- u0b30f813140ef384785e93011a30f254
- Developer Email
- [email protected]
- Created
- Jul 7, 2026
- Last Updated (Store)
- Jul 7, 2026
- Last Scraped
- Jul 8, 2026
- Website
- —
- Support URL
- —
- Privacy Policy
- https://sprice.github.io/drawbridge/privacy_policy.html
Data sourced from the Chrome Web Store · last verified Jul 8, 2026.