Stop Shadow AI data leakage at the prompt
LeakEye PII Shield for AI Prompts enforces policy in the browser: detect sensitive data in prompts across ChatGPT, Claude, DeepSeek, xAI, Perplexity and others, then obfuscate or redact before it leaves the user’s device. Every event is logged and routed into your existing DLP, DSPM or SIEM for investigations and audits.
Prevent breaches by stopping copy/paste exfiltration in real time
Keep productivity by format-preserving obfuscation preserves prompt utility
Prove governance via policy decisions + evidence trails exportable to your security stack
GenAI data-policy violations have been reported as more than doubling year-over-year, with personal or unmanaged accounts still a major source of blind spots.
Use AI at work and home without the anxiety. Available as a free trial.
Most companies now have “don’t paste sensitive data into AI” guidance. But in real work, copy/paste happens fast. LeakEye’s trial extension adds a guardrail in the moment: it catches common identifiers in your prompt and automatically obfuscates or redacts them before you submit.Protect yourself from:
The accidental paste that turns into a policy incident
Sharing your own personal email/phone in a prompt you didn’t mean to expose
Guesswork: “Did I just include something I shouldn’t?”
How it works:
Detects email addresses and phone numbers on supported AI prompt sites.
Auto-fixes based on your choice - either obfuscate (keeps the format, swaps the real value), or redact (replaces with “[REDACTED]”).
Optional “review before send” so you stay in control.
Trial covers email + phone. Enterprise adds org-wide policy control, expanded PII/PHI/PCI and secrets detection, SIEM, DLP, DSPM and LMS integrations, dashboards, and training tied to AI upskilling.
AI Governance Control Plane: Prevent AI leaks. Track usage. Upskill teams.
“Don’t paste sensitive data into AI” is not a control. Shadow AI is already present in most organizations, and unmanaged/personal usage remains a major blind spot.69% of organizations suspect or have evidence employees are using prohibited public GenAI. GenAI data policy violations more than doubled over the past year, with nearly half of users still using personal, unmanaged AI accounts.
#1 Prevent leaks and stop copy/paste exposure at the moment it happens.
Detect sensitive data in prompt text across ChatGPT, Claude, DeepSeek, xAI, Perplexity, and more
Enforce policy in real time and warn, obfuscate (preserve format/context), redact, or block
Keep productivity through context-preserving obfuscation so prompts remain useful without real identifiers
#2 Track usage and turn “unknown usage” into measurable, governable behavior.
See which AI tools are used, by whom, and where sensitive data shows up (by category and trend)
Produce a complete decision trail: what was detected, what action was taken, and why
Send events into your stack (SIEM + DLP/DSPM) for investigations, reporting, and retention
#3 Upskill through AI literacy, and training that is triggered by reality, not reminders.
Auto-assign micro-training when policy is violated (targeted to the data type and scenario)
Track improvement over time by team/role and surface risk reduction in reports
Certify “AI-ready” usage and standardize safe practices as AI adoption accelerates
LeakEye is the missing layer between policy and proof: prompt enforcement + usage visibility + measurable AI literacy.
LeakEye Enterprise: AI Usage & Literacy Control Plane For Business
Closed-loop behavior change for AI governance: prompt violations trigger enforcement and micro-training, and improvements roll up into audit/board reporting.
Prompt Enforcement:
Coverage across sanctioned + unsanctioned AI prompt sites (allowlist/denylist)
Real-time actions: allow, warn, redact, obfuscate, block
Context-preserving obfuscation maps so prompts stay useful (structure retained; values protected)
Expandable detection: PII/PHI/PCI, secrets, credentials, source-code patterns, custom rules and classifiers
Evidence and Integrations:
Centralized event logs with full policy decision trail (who/where/what/action)
Streaming/export to SIEM for detection + investigations, and to DLP/DSPM for classification workflows
Control evidence packs: enforcement rates, exceptions, repeat offenders, remediation history
Audit-friendly retention + access controls
Behavior Change Engine:
Automatic micro-training assigned when policy is violated
Track improvement by team, role, data type, tool, and time
AI literacy certification and “safe-to-use” posture that can gate access (policy-driven)
Manager and compliance reporting that turns usage into measurable risk reduction
Full audit trail of policy edits and approvals
Get an AI Prompt Risk Assessment and Product Demo
We’ll map your AI tools, data risk categories, and current SIEM/DLP/LMS stack, then show how LeakEye enforces prompt policy and produces audit-ready evidence.
EU AI governance expectations increasingly emphasize documentation and record-keeping (logging) for higher-risk contexts; standards like NIST AI RMF and ISO/IEC 42001 also formalize governance programs. LeakEye is built to generate operational evidence at the point of AI use.
Book Your Call Now!
See how LeakEye prevents prompt leaks, tracks AI usage, and improves AI literacy with measurable controls and evidence.
Privacy Policy
# Privacy Policy for LeakEye PII Shield for AI PromptsLast Updated: January 15, 2026## 1. Introduction[LeakEye PII Shield for AI Prompts] (the "Extension") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, how we protect it, and your rights regarding your data. This policy applies to all users of the Extension, regardless of where you are located.If you do not agree with this Privacy Policy, please do not use the Extension.---## 2. What Data Do We Collect?### 2.1 Information You Provide Directly
- Account/Authentication Data (if applicable): Login credentials, email addresses, authentication tokens
- User Input: Any text, files, or information you explicitly enter into the Extension
- Support Communication: Messages sent through support channels or feedback forms
- Payment Information (if applicable): Credit card or other payment method details (processed securely through third-party payment processors)### 2.2 Information Collected Automatically
- Extension Usage Data: Features used, buttons clicked, workflows initiated, and frequency of use
- Performance Data: Error reports, crashes, and performance metrics to improve stability
- Browser/Device Information: Browser version, operating system, and device type
- Timestamps: When you use the Extension### 2.3 Information We Do NOT Collect
- We do not collect your browsing history or monitor websites you visit (unless explicitly required for Extension functionality—see Section 3)
- We do not collect personal data from websites you visit
- We do not read the content of your emails, documents, or personal files (unless you explicitly share them with the Extension)
- We do not collect location data
- We do not collect health, financial, or other sensitive personal information (unless required for Extension functionality)---## 3. How Do We Use Your Data?We use the information we collect for the following purposes:| Purpose | Data Used | Legal Basis |
|---------|-----------|------------|
| Providing the Extension | Usage data, user input, device info | Performance of contract / Legitimate interest |
| Improving the Extension | Usage patterns, error reports, feedback | Legitimate interest (product improvement) |
| Communication | Email address, communication data | Consent / Contractual obligation |
| Security & Fraud Prevention | Usage patterns, authentication data | Legitimate interest (security) |
| Compliance | All data categories as needed | Legal obligation |
| Analytics | Aggregated usage data (anonymized) | Legitimate interest |We limit our use of data strictly to the purposes disclosed in this policy and your Extension listing on the Chrome Web Store.---## 4. Data Sharing & Third Parties### 4.1 Who We Share Data With
We only share your data with third parties when necessary:- Cloud Storage Providers (if applicable): None
- Purpose: Securely store user data
- Data: None- Analytics Services (if applicable): None
- Purpose: Understand usage patterns and improve the Extension
- Data: Aggregated, anonymized usage data only- Payment Processors (if applicable): ExtensionPay, Stripe
- Purpose: Process payments securely
- Data: Payment information only (not stored by us)- Legal/Law Enforcement: Only when required by law or to protect rights, safety, or property### 4.2 What We Do NOT Do
- We do not sell your personal data to third parties
- We do not share data with advertising networks or data brokers
- We do not use your data for personalized advertising targeting
- We do not transfer data to other extensions, apps, or websites without your explicit consent
- We do not share data for credit-worthiness or lending decisions### 4.3 Data Processing Agreements
All third-party partners must comply with this Privacy Policy and applicable data protection laws (GDPR, CCPA, etc.). We require data processing agreements with all service providers who access personal data.---## 5. Data RetentionWe retain your personal data only as long as necessary to:
- Provide the Extension functionality
- Comply with legal obligations
- Resolve disputes
- Enforce agreementsSpecific retention periods:
- Account data: Retained until account deletion
- Usage data: Retained for 24 months for analytics purposes, then aggregated and anonymized
- Support communications: Retained for 24 months after your inquiry is resolved
- Payment information: Not retained by us; processed and retained by third-party payment processors per their policiesYou may request deletion of your data at any time (see Section 7).---## 6. Data SecurityWe implement industry-standard security measures to protect your data:- Encryption in Transit: All data transmitted between your browser and our servers uses HTTPS/TLS encryption
- Encryption at Rest: Sensitive data is encrypted when stored
- Access Controls: Only authorized employees with a legitimate need have access to personal data
- Regular Security Audits: We conduct periodic security reviews and vulnerability assessments
- Secure Coding Practices: We follow OWASP and industry best practices in development
- No Hardcoded Credentials: API keys, tokens, and credentials are never embedded in the Extension codeHowever, no security system is perfect. While we work diligently to protect your data, we cannot guarantee absolute security. You use the Extension at your own risk.---## 7. Your Rights & Data Subject Requests### 7.1 Your Rights (GDPR, CCPA, and similar laws)
Depending on your location, you may have the right to:- Access: Obtain a copy of the personal data we hold about you
- Deletion: Request erasure of your data ("right to be forgotten")
- Correction: Update or correct inaccurate data
- Portability: Receive your data in a structured, machine-readable format
- Opt-Out: Withdraw consent for data processing at any time
- Restrict Processing: Limit how we use your data
- Object: Oppose certain uses of your data (e.g., automated decision-making)### 7.2 How to Exercise Your Rights
To exercise any of these rights, email us at [email protected] with:
- Your name and account email
- Clear description of your request
- Any relevant documentationWe will respond within 30 days (or as required by applicable law). Some requests may take longer depending on complexity.### 7.3 Withdrawal of Consent
If you previously consented to data processing, you may withdraw consent at any time. Withdrawal does not affect the legality of proces
sing prior to withdrawal.---## 8. Regional Privacy Compliance### 8.1 GDPR (European Union)
If you're in the EU, additional rights apply:
- We process data based on your consent, contract performance, or legitimate interests
- You have enhanced rights regarding data processing
- We comply with data protection impact assessment (DPIA) requirements for sensitive processing
- We have a Data Protection Officer (DPO) if required; contact: [optional DPO email]### 8.2 CCPA/CPRA (California)
If you're a California resident:
- You have the right to know what personal data is collected, used, shared, or sold
- You have the right to delete personal data collected from you
- You have the right to opt-out of "sales" or "sharing" of personal data (we do not sell or share your data)
- You have the right to correct inaccurate personal data
- You have the right to limit use of your sensitive personal informationCalifornia residents may submit requests to: [email protected]Do Not Sell My Personal Information: We do not sell personal data. This statement confirms compliance with CCPA.### 8.3 Other U.S. State Laws
We comply with emerging state privacy laws including:
- Virginia (VCDPA)
- Colorado (CPA)
- Connecticut (CTDPA)
- Utah (UCPA)
- Montana (MCDPA)
- Illinois (BIPA)---## 9. Children's PrivacyThe Extension is not intended for users under the age of 13 (or the applicable minimum age of digital consent in your jurisdiction). We do not knowingly collect personal data from children under 13.If we discover we've collected data from a child under 13, we will delete it immediately. If you believe we've collected data from a child under 13, please contact us at [email protected].---## 10. Cookies & Tracking Technologies### 10.1 Local Storage
The Extension may use browser storage (localStorage, sessionStorage, IndexedDB) to save:
- Your preferences and settings
- Session data for functionalityThis data is stored locally on your device and is not transmitted to our servers unless you explicitly sync your settings.### 10.2 Third-Party Scripts
If the Extension loads third-party scripts or resources (e.g., libraries, fonts), those third parties may use cookies or tracking technologies per their own privacy policies.### 10.3 No Cookies for Tracking
We do not use cookies or tracking pixels for behavioral tracking, analytics, or advertising purposes.---## 11. Data Transfers & International ProcessingIf you access the Extension from outside the United States, your data may be transferred to, stored in, and processed in countries other than your country of residence. These countries may have data protection laws different from your country.By using the Extension, you consent to the transfer of your data internationally. We will take appropriate safeguards, including:
- Standard Contractual Clauses (SCCs) for EU-US transfers
- Adequacy decisions where applicable
- Your explicit consent when required---## 12. Third-Party Links & Services
The Extension may contain links to third-party websites or services. We are not responsible for their privacy practices. This Privacy Policy applies only to the Extension; third-party sites have their own privacy policies.When you leave the Extension and visit a third-party site:
- Your data is governed by their privacy policy, not ours
- We recommend reviewing their privacy policies before providing personal data---## 13. Changes to This Privacy PolicyWe may update this Privacy Policy periodically to reflect:
- Changes in our data practices
- New legal requirements
- Technology improvements
- User feedbackWe will notify you of material changes by:
- Posting the updated policy in the Extension with a new "Last Updated" date
- Sending you an email (if you've provided contact information)
- Requiring your consent before material changes take effect (where required by law)Your continued use of the Extension after changes constitutes acceptance of the updated Privacy Policy.---## 14. Contact UsIf you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:OPA Group, Inc.
Email: [email protected]We will respond to inquiries within 30 days.### Data Protection Authority
If you believe we've violated your privacy rights, you may lodge a complaint with your local data protection authority:
- EU: [Local Data Protection Authority]
- California: California Attorney General or CPRA enforcement agencies
- Other regions: Contact your local privacy regulator---## 15. Compliance StatementI certify that the use of information received from Google APIs will adhere to the Chrome Web Store User Data Policy, including the L
imited Use requirements.This Extension complies with:
- Chrome Web Store Developer Program Policies
- GDPR (EU General Data Protection Regulation)
- CCPA/CPRA (California Consumer Privacy Act)
- COPPA (Children's Online Privacy Protection Act)
- Other applicable privacy laws---## Appendix A: Data Processing Quick Reference| Data Type | How Collected | Purpose | Retention | Sharing |
|-----------|---------------|---------|-----------|---------|
| Account Email | User input | Authentication, support | Until account deletion | No |
| Usage Analytics | Automatic | Product improvement | 6 months, then anonymized | Analytics provider only |
| Error Logs | Automatic | Debugging, security | 90 days | Internal only |
| User Settings | Local storage | Preserve preferences | Until deletion | Not shared |
| Payment Info | User input | Transaction processing | Payment processor (not us) | Payment processor only |---## Appendix B: Glossary- Personal Data: Information that identifies or could identify an individual
- Processing: Any operation on data (collecting, using, storing, transferring, deleting)
- Data Subject: The individual whose data is processed
- Data Controller: The entity deciding how/why data is processed (us)
- Data Processor: Third party processing data on behalf of the controller
- Consent: Freely given, specific, informed, and unambiguous agreement to data processing
- Legitimate Interest: A legal basis for processing based on balancing interests
- GDPR: EU regulation on data protection
- CCPA: California consumer privacy law