100% on-device · no tracking

Stop pasting secrets into ChatGPT & other AI chats.

Heedful is a free Chrome extension that warns you before your clipboard hits ChatGPT, Claude, Gemini, Copilot, DeepSeek, Perplexity, Grok, Mistral, Poe, You.com, Character.AI or Meta AI. Detection runs locally on your device. The text never leaves your browser.

See detection rules →
Free forever (core) Open-source detection No account needed
Sensitive data detected
Review before pasting into ChatGPT.
AWS access key
AKIAIOSFODNN7EXAMPLE
Why was this flagged? Ignore for this session Add to allowlist
Anthropic API key
sk-ant-api03-aBcDeFgHiJkLmNoPqRsTuVwX
Why was this flagged? Ignore for this session Add to allowlist
US Social Security Number
555-55-5555
Why was this flagged? Ignore for this session Add to allowlist
Cancel
Redact and continue
Send anyway
The problem

Cyberhaven measured 11% of ChatGPT pastes as confidential. Two years later, individual workers still have nothing.

Source: Cyberhaven, "What we learned from analyzing 1.6M workers' ChatGPT use," 2023. Pasted content included source code, customer records, regulated data, and confidential business material. Enterprise DLP exists, costs hundreds per seat, and itself routes the secret through a third-party cloud.

How it works

Three detection layers.

Zero data leaves your browser.

Heedful runs entirely inside your Chrome tab. When you paste, type, or click Send, it scans the text in milliseconds and surfaces what looks sensitive before it goes to the AI.

Regex layer, 75+ detectors

  • API keys: Anthropic, OpenAI, AWS, Stripe, GitHub, npm, plus 15 more
  • Personal info: SSN, credit card, IBAN, passport, DB connection strings
  • International PII: 16 countries including all EU member states, UK, Canada, Australia, India, Brazil, Mexico
  • Cryptographic: private keys, JWTs, webhook secrets

About 10 ms scan. Near-zero false positives.

Your own rules

  • Healthcare: patient record numbers, NPI
  • Legal: case numbers, client matter IDs
  • HR: employee codes, payroll references
  • Sales: customer account IDs, deal codes

Add a pattern in 30 seconds. Live tester verifies before saving.

Semantic layer Pro

  • Customer names mentioned in context
  • Internal codenames (Project Falcon, Atlas, etc.)
  • Confidential signals: pricing, salary, M&A, layoffs

Uses Chrome's built-in Gemini Nano AI. Runs on your laptop.

Supported sites

Works on 12 major AI chat sites.

  • ChatGPTchatgpt.com
  • Claudeclaude.ai
  • Geminigemini.google.com
  • Microsoft Copilotcopilot.microsoft.com
  • DeepSeekchat.deepseek.com
  • Perplexityperplexity.ai
  • Grokgrok.com, x.com/i/grok
  • Mistral Le Chatchat.mistral.ai
  • Poepoe.com
  • You.comyou.com
  • Character.AIcharacter.ai
  • Meta AImeta.ai
Detection coverage

75+ detectors out of the box.

Family What it catches Count
AI vendor keys Anthropic, OpenAI (legacy/proj/svc), Google AI, HF, Replicate, Groq, Perplexity, OpenRouter 10
Cloud / infrastructure AWS access & secret keys, PEM private keys, DB connection strings, Google service accounts 5
SaaS / developer tokens Stripe key & webhook, GitHub PAT & fine-grained, Slack, npm, JWT 7
Identity & financial PII US SSN (formatted + context-aware), credit card (Luhn-validated), IBAN, US passport, EIN, ITIN 6
International PII UK, Italy, Spain, Germany, France, Netherlands, Belgium, Portugal, Sweden, Switzerland, Brazil, Canada, Australia, India, Mexico — national IDs, tax numbers, bank accounts, health identifiers 47
Generic + custom High-entropy heuristic, custom user-defined regex patterns
Try it yourself

Paste something below.

Detection runs right here on this page.

Same detector as the extension. Same modal. Same masking. The text you type never leaves this tab, just like in the real product. Click a sample or type your own.

Sample inputs
Or type / paste your own
0 characters · 0 findings
Privacy stance

The privacy story is the product.

Most "DLP for AI" tools route your text through their own cloud to classify it. Which means your secret is now in two places instead of one. Heedful runs everything on your device. We can't see your text. We don't want to.

Verified at build time

Zero outbound network calls from Heedful's code.

No tracking
No analytics, no error reports, no usage data. We have no way of knowing you installed it.
No cloud classifier
The 75+ detectors are regex. The semantic layer uses Chrome's local Gemini Nano. Nothing crosses the network.
No account required
Install. Use. Done. No sign-up wall, no email, no tracking pixel.
Open-source detection rules
Every regex pattern and every semantic prompt is published on GitHub. Audit yourself.
Audit log stays local
The "N pastes scanned" counter lives in chrome.storage.local. It stores counts only, never the text.
Uninstall = clean slate
Remove the extension and every byte we stored goes with it. Chrome handles cleanup automatically.
Not just keys

Customer records, internal codenames, salary references.

If you work in customer success, legal, HR, or finance, your sensitive data isn't an API key. It's a name, a case number, a comp band, a deal codename. Heedful catches those too.

  • Custom regex for industry-specific IDs (MRN, case number, employee code)
  • Allowlist legitimate customer names you reference often
  • Semantic layer flags codenames and confidential signals (Pro)
Sensitive data detected
Review before pasting into Claude.
You typed: "Help me write a follow-up email to Sarah Chen at Globex Industries (account #GBX-4521). She mentioned the Project Atlas pricing of $89k/seat. Compensation review for her team is set at $145k base + 0.3% equity."
Customer record
Redact
"Sarah Chen at Globex Industries (account #GBX-4521)"
Why? Ignore for this session
Internal codename + pricing
Redact
"Project Atlas pricing of $89k/seat"
Why? Ignore for this session
Compensation reference
Redact
"$145k base + 0.3% equity"
Why? Ignore for this session
Cancel
Redact and continue
Send anyway
Pricing

Free forever for the basics. Pro for the rest.

The core product, modal warnings on every site with the most common secret types, is free. Always will be. Pro adds the modern AI-vendor keys and the semantic layer.

Free
$0 forever

Everything you need to stop the obvious leaks.

  • All 12 AI chat sites supported
  • 75+ detectors: secrets, US PII, and international PII across 16 countries
  • Industry compliance presets: HIPAA, PCI DSS, SOC2, GDPR, Financial, Legal
  • File scanning: check text, PDF and Word documents before uploading
  • 5 custom regex rules
  • 10 allowlist entries
  • Balanced sensitivity profile
  • Modal with Cancel / Redact / Send anyway + per-finding Ignore + Add to allowlist
  • 7-day rolling audit log (counts only)
Install free
Most popular
Pro
$4.9939 / month/ year

Built for developers and AI-power-users.

  • Everything in Free
  • 7 modern AI vendor key detectors (Anthropic, OpenAI, Google AI, Hugging Face, Replicate, Groq, Perplexity, OpenRouter)
  • Semantic layer: Gemini Nano detects customer names, codenames, confidential signals
  • Unlimited custom regex rules + allowlist
  • Loose + Strict sensitivity profiles
  • Full audit log viewer + CSV export
  • Settings export / import + pause-for-1-hour
  • Priority email support
Install & upgrade
FAQ

Questions worth asking before you install.

How do I verify nothing actually leaves my browser?

Open Chrome DevTools → Network tab → filter by the extension ID. Paste anything sensitive. You'll see zero outbound requests. Our manifest declares no host_permissions for any remote origin. Only the 12 AI chat sites the content script runs on, and we never send their contents anywhere. The detection rules are published at github.com/Matteo-Coder2/pasteguard-rules so you can audit exactly what we look for.

Will this slow Chrome down or break ChatGPT?

Cold-start payload is 44 KB (14 KB gzipped). Detection runs in under 20 ms on a typical paste. The modal's React tree only loads when a finding actually triggers. Most pastes pay zero cost. We hook the paste event at the document level (not site-specific selectors), so when ChatGPT redesigns their UI, Heedful keeps working.

It's free. What's the catch?

The core (75+ detectors, all 12 sites, industry presets, file scanning) is free forever. Not a 14-day trial. We make money from Pro ($4.99/mo) which adds the on-device semantic layer, unlimited custom rules, and priority support. We literally cannot sell your data because nothing leaves your device. No tracking, no analytics, no account required. Full stop.

Why not just use Cyberhaven, Nightfall, or another DLP?

Those are enterprise tools sold with annual contracts. Most importantly: they're cloud DLP. To classify your text they route it to their servers, which means your secret is now in two places instead of one. Heedful is on-device, no contract, designed for the individual worker without a corporate IT department. We're not the right tool for SOC2-compliant orgs; for everyone else we're more truthful about the privacy model.

What about files, images, drag-and-drop, and voice input?

Heedful intercepts paste, typed-text-then-Enter, and Send-button clicks. It also scans text, PDF and Word files you drop onto the Scan page before uploading. If you drag a screenshot of a customer dashboard into ChatGPT, we don't scan the image. If you dictate a customer name via voice, we never see it. We're a smart safety net for keyboard, clipboard and document input. Not a full compliance product. Combine with judgment.

I work in a regulated industry. Will it catch my specific identifiers?

Out of the box, the 75+ built-in detectors cover secrets, US PII, and national identifiers across 16 countries. Six industry presets (HIPAA, PCI DSS, SOC2, GDPR, Financial, Legal) let you turn on the right detectors for your regulatory context in one click. For identifiers specific to your organisation, add a custom regex rule in Options — the live tester verifies it before saving. Heedful is a personal safety net, not a compliance certification.

Why does it need permission for x.com?

Grok opens as a sidebar inside x.com that can appear on any URL (a tweet, a profile, the timeline). To protect that sidebar, the content script has to load on every x.com page. But the actual scanning is gated to composers with Grok-specific markers. Tweet drafts and reply boxes are explicitly ignored. We never read their contents. The full caveat is in our privacy policy.

What if I paste the same customer name 50 times a day?

Click "Add to allowlist" on the row once. We won't flag that exact text again on any site. Or click "Ignore for this session" for a one-tab pass. There's no nag, Pro is mentioned once in the Options page and never interrupts a paste flow.

Does the semantic layer work on every computer?

It requires Chrome 138+ and either a discrete GPU with more than 4 GB VRAM, or 16+ GB of RAM with a modern CPU. About 22 GB of free disk is also needed for Chrome's local AI model. On unsupported hardware, the 25 regex detectors still work. Only the AI-based detectors (customer name, codename, confidential signal) degrade. The extension is honest about which detectors are unavailable on your machine.

What happens if Heedful gets acquired or shut down?

The detection rules are MIT-licensed and live in a public GitHub repo. They survive us. The extension binary lives on Chrome Web Store and stops getting updates if we abandon it; you can still use the last-published version. We have no plans to sell to a data-mining company; if that ever changes, the rules repo is the fork-friendly escape hatch.

Can my employer or IT detect that I have this installed?

Yes. Managed Chrome installations can list installed extensions by ID. We don't hide. If your organization has an extension allowlist and Heedful isn't on it, ask IT to add the extension ID. We're not designed for stealth use against employer policy.

Install Heedful.

Free forever for the core. Pro adds Gemini Nano semantic detection, unlimited custom rules, and priority support.

Add to Chrome — free
No account required.