Someone on your team is about to paste a password into ChatGPT. We'll catch the next one.

PromptSpotter spots customer data, credentials, and confidential files before they leave the browser — on ChatGPT, Claude, Gemini, Copilot, and 5 more. We can't read prompts. We don't need to.

Start free — no card → See an example
5 free seats forever No card to start 5-min setup Cancel any time

AI data loss prevention for the tools your team already uses

  • ChatGPT
  • Claude
  • Gemini
  • Copilot
  • Perplexity
  • Grok
  • DeepSeek
  • Mistral
  • Notion AI

The reality

AI in the workplace is already happening. Sensitive data is already going with it.

80%+

of workers use unapproved AI tools at work, including security professionals

UpGuard, 2025

27%

of data pasted into AI tools is sensitive (up from 11% the year before)

Cyberhaven, 2024

~50%

of organizations admit to inputting employee or non-public data into GenAI tools

Cisco Data Privacy Benchmark, 2025

$4.6M

average cost of a shadow-AI-related breach

IBM Cost of a Data Breach, 2025

Samsung learned the hard way: 3 source-code leaks in 20 days after their semiconductor division lifted its ChatGPT ban. Read more →

Try it

Don't take our word for it. Try it.

Type into the box below. The detector runs in your browser — nothing reaches our server. Same engine ships in the extension.

Your prompt ChatGPT

Don't have one handy? · · · · · ·

Just to check — this looks sensitive.

We spotted something that shouldn't reach an AI tool.

    Nothing sensitive detected. Looks safe to send.

    This isn't a stripped-down demo — it's the actual production engine, the same JavaScript bundle that ships in the Chrome extension. 24 built-in rules, 600+ patterns. Runs entirely in your browser: nothing is sent to our servers, ever.

    The promise

    We stop the leak. We don't read the prompt.

    The rules engine runs in the browser, on the page, before your message leaves. Only the outcome — which rule fired, when, by whom — reaches our backend. Never the content.

    Engine runs in your browser, never our servers
    Event logs contain rule IDs only — no prompt content, ever
    Open-source detection rules you can audit

    Most DLP tools are themselves a privacy risk. We can't be — even if we wanted to be.

    Security overview → Privacy policy → Subprocessors →

    The example

    Things your team is probably typing right now.

    These are the prompts that look harmless but quietly leak data — the moments where everyone wishes someone had a quiet word.

    Works the same on Claude, Gemini, Copilot, Perplexity, and 5 more.

    Before / after

    Same prompt. Two very different days.

    A password pasted into ChatGPT can end up in a training set, a log file, or a third-party processor. Once it's out, it's out. Here's the same moment, with and without PromptSpotter.

    Without PromptSpotter

    An engineer pastes a production database password into ChatGPT to debug a failing deploy.

    • The prompt leaves the browser and reaches OpenAI's servers
    • The password is retained per OpenAI's data policy — you don't control how long
    • You find out weeks later, if at all — usually from a credential scan or an audit
    • Rotation, incident report, and an awkward conversation with the team
    With PromptSpotter

    Same engineer. Same paste. The warning fires before the message leaves the page.

    • The detector spots the password shape in-browser, in milliseconds
    • The engineer clicks "Remove and send" — their question still gets answered
    • You see one line in the activity feed: password rule fired on Copilot at 14:02
    • No prompt content stored. No rotation. No incident report.

    Coverage

    26 built-in detectors. 600+ patterns. Your own rules in 30 seconds.

    Out of the box, we catch the things every team leaks. Then you add the things specific to your business — without writing regex.

    Built in

    What we catch out of the box

    • Credentials & API keys — AWS, Google Cloud, Azure, OpenAI, Stripe, GitHub, Slack, Twilio, JWT secrets, database connection strings, .env files, private keys (PEM)
    • Personal data — emails, phone numbers, credit cards (Luhn-checked), SSN, BSN, NHS, IBAN, dates of birth, passports, driver licenses
    • Business identifiers — invoice numbers, customer IDs, employee IDs, account numbers, POs, SKUs, tax IDs (VAT, GST, EIN), case numbers, ticket refs
    • Short codes & PINs — CVV, OTP, MFA codes, booking refs, wifi passwords, license keys, IMEI, vehicle plates
    • Financial & pricing data — salary, margin, cost prices, contract values, deal sizes, revenue figures, bank balances
    • Documents marked Confidential, internal URLs, source code with embedded secrets
    • Every common file format — PDF, Word (.docx), Excel (.xlsx), PowerPoint (.pptx), CSV, OpenDocument (.odt/.ods/.odp), RTF, HTML, code files, Jupyter notebooks, and 30+ more. Apple iWork and archives flagged as warn-only.
    • Image OCR (opt-in) — screenshots, photos of receipts, dashboards. The most common leak isn't a typed prompt, it's a screenshot of someone else's screen.

    Your business

    Custom rules in 30 seconds — no regex required

    Every company has its own format for customer numbers, project codes, internal SKUs, case files. Paste 2–3 examples and we figure out the pattern.

    You paste:
    ACME-723812 ACME-449201 ACME-998877
    We infer:
    We'll spot anything that starts with ACME- followed by 6 digits.

    Saved once in the admin console, live on every employee's browser within minutes. No security engineer required.

    Add up to 50 custom patterns per company. Built-in detectors expand quarterly based on what real customers ask for.

    Control

    Block what's critical. Warn on the rest. Log everything.

    Not every detection should stop the message. Pick the action per data type, change your mind in two clicks, or let the user remove the sensitive bit and send the rest.

    Block

    Stops the message. Use for things that should never leave the company — credentials, payment data.

    Warn

    Shows a popup. User picks Send anyway, Remove and send, or Cancel. Best for grey areas.

    Log only

    Doesn't interrupt. Records the event for your activity feed. Good for testing new rules.

    Every warning gives the user a one-click Remove and send — they keep their workflow, you keep your data.

    Built for every team

    If your team uses AI, we have you covered.

    Sales

    Customer emails, deal sizes, contract values

    Engineering

    API keys, database URLs, source code

    Finance

    Invoice numbers, account details, payment data

    HR

    Employee IDs, salaries, performance notes

    Legal

    Case numbers, contract terms, confidentiality markers

    Customer Success

    Customer contacts, account numbers, ticket details

    Setup

    5 minutes, 1 person, 0 IT tickets.

    No agent rollout. No network proxy. No procurement cycle. Send links, get protected.

    1

    0 min — Install

    One click from the Chrome Web Store. Same extension on Chrome, Edge, and Brave.

    2

    2 min — Generate links

    Open the admin console, paste your team's emails, get one setup link per person.

    3

    5 min — Send

    Send the links. They click once. Protection is on.

    Enterprise DLP: 6-week procurement, agent rollout, proxy deployment, cert management. We thought there was a faster way.

    Gatekeeper checklist

    What your IT or security lead will ask — answered up front.

    If you're the one pitching this internally, paste these straight into the thread.

    What Chrome permissions does the extension need?

    Only storage, scripting, and activeTab, scoped to a short list of AI tool hostnames. No history, no cookies, no downloads, no <all_urls>. The manifest is public on the Chrome Web Store listing.

    Can it be deployed via Google Workspace or Microsoft Intune?

    Yes. Force-install with the Chrome Enterprise ADMX template — same flow your team already uses for any other managed extension. Email us for the deployment guide →

    Where is event data stored, and for how long?

    Encrypted at rest in the EU (Frankfurt). Free: 30 days. Business: 12 months. Enterprise: configurable. Records hold rule ID, timestamp, AI tool, and seat — never prompt content.

    Do you have a DPA?

    Yes — available without negotiation on any paid tier. Read the DPA →

    What's your security disclosure process?

    Email info@promptspotter.com. We acknowledge within one business day. Full posture, subprocessors, and incident handling on the security page.

    What about SAML SSO and SOC 2?

    Magic-link auth today; SAML on the Enterprise roadmap. SOC 2 Type 1 in progress, Type 2 to follow. We're young — we'd rather tell you than pretend.

    Need to show this to your boss? One page, dark theme, all the answers above plus pricing. Print-friendly.
    Download one-pager (PDF)

    Honest about the limits: a determined employee can disable any browser extension. We log every deactivation so you know. For air-tight enforcement, pair the extension with your MDM — the ADMX template lets you force-install and block removal. Ask us how →

    What we're not

    We're sharp because we're narrow.

    Enterprise DLP suites try to cover every channel. We cover one — the AI prompt box — and we cover it in five minutes.

    ×Not a CASB

    No proxy server, no certificates, no network changes. Install the extension and you're done.

    ×Not an agent

    Nothing runs on the OS. No endpoint software for IT to manage, no privileged access. Just a browser extension.

    ×Not a platform

    No SIEM dashboards, no email DLP, no mobile coverage. We catch leaks in AI tools — that's the whole product.

    Built for SMBs and lean security teams who want sharp protection without the platform tax.

    5 free seats forever

    No card to start. Use it as long as you like.

    14-day Business trial

    Full features when you upgrade. Still no card.

    Cancel in two clicks

    Self-service. We ask why — only so we can improve.

    Pricing

    Published. No demo call required.

    Same detection engine on every tier. You pay for seats, retention, and support — never to unlock protection.

    Free

    $0

    forever

    Up to 5 employees

    • Core detection on all 9 AI tools
    • Warnings + override controls
    • Community support
    Start free — no card
    Most popular

    Business

    $5 /seat/mo

    billed annually · $8/seat monthly

    Unlimited seats

    • Custom detection rules — no regex needed
    • Per-employee setup links
    • Admin console + event history
    • Email support, 1 business day
    14-day trial, no card

    Enterprise

    Custom

    volume + custom terms

    Talk to us

    • SAML SSO (on roadmap)
    • SOC 2 docs (on roadmap)
    • Custom retention + EU data residency
    • MSA + dedicated support
    Talk to sales

    All paid plans include a 14-day trial. Cancel any time.

    Who's using it

    Built for teams that take security seriously.

    We're early. Real customer logos and quotes will sit here once we have permission to use them.

    Placeholder — customer quote

    "A short, real quote from a real security or IT lead will appear here. Something specific about the moment they caught their first real leak."

    — Name, Title, Company
    Placeholder — customer logo

    "A second quote — ideally from a founder or VP at a 20-100 person company, talking about how fast it was to roll out."

    — Name, Title, Company
    Placeholder — customer logo

    "A third quote — engineering or compliance focused. Concrete number or moment, not adjectives."

    — Name, Title, Company

    Want to be one of the first names here? Design partners get free Business for 12 months →

    FAQ

    Honest answers.

    How can you block sensitive data without reading my prompts?

    The detection engine ships inside the browser extension. It runs on the page where your team is typing, just before the message would reach the AI tool. If it spots something sensitive, the warning fires in the browser — before the message leaves. Only the outcome (which rule, when, which tool) reaches our backend. Never the content.

    How is this different from Microsoft Purview?

    Purview is enterprise email/file DLP retrofitted for AI. We're built for AI from day one and deploy in 5 minutes. If you're already on E5 and your IT team owns Purview, stay there. If not, we're faster to ship.

    How is this different from Cyberhaven or Nightfall?

    They're proxy-based platforms aimed at large enterprises with month-long rollouts. We're a single extension you install in minutes, with detection in the browser instead of in a proxy you have to operate. Different shape of customer, different speed.

    Which browsers does it work on?

    Chrome, Edge, and Brave today (anything Chromium-based). Same extension. Firefox and Safari are on the roadmap.

    Can I write custom detection rules?

    Yes — no regex needed. Paste 2–3 examples and we infer the pattern. Or pick from a template library (customer numbers, employee IDs, project codes, etc.).

    What about file uploads?

    We extract text from PDF, Word, Excel, PowerPoint, CSV, OpenDocument, RTF, HTML, and 30+ code formats before the file is sent — same rules apply. Image OCR is opt-in. Apple iWork and archives get a warn-only heads-up since we can't read them.

    How do I sign in?

    Work email, magic link. No passwords. Same form for new and returning customers.

    Can I cancel?

    Self-service in the admin console — no email-back-to-support nonsense. You keep access until the end of the period you've paid for.

    Got a question we didn't cover? info@promptspotter.com — we answer founder-led, usually within a few hours.

    Five minutes from here to protected.

    Free for the first five seats. No card. No call.

    Start free — no card → Talk to sales