Privacy-First Extension

SafePasteβ

Protect your sensitive data before it reaches AI assistants. Intercept, analyze, and redact PII/secrets with granular control.

Get Started View on GitHub

The Problem

When using AI assistants like ChatGPT or Google Gemini, users often paste sensitive information:

This data is sent to third-party AI services, potentially violating privacy regulations (GDPR, HIPAA, etc.) and creating security risks.

How SafePaste Works

⌨️

Opt-in Keyboard Shortcut

Use Ctrl + Alt + V (Windows) or Cmd + Alt + V (Mac) to trigger SafePaste. Normal paste works normally.

🔍

Aggressive Detection

Comprehensive regex patterns detect 25+ types of sensitive data with client-side processing.

🖥️

100% Local

All detection happens in your browser. No external API calls, no data transmission, no storage.

🎯

Granular Control

Three paste options: Mask All, Paste Original, or Custom Select individual entities to redact.

🔒

Complete Privacy

No external libraries. Self-contained detection logic. Ghost Map exists only in browser memory.

Chrome Web Store Ready

Self-contained, minimal permissions, fully compliant with Chrome Web Store policies.

Detected Entity Types

The aggressive PII detector can identify 25+ types of sensitive information:

Personal Information

  • Phone Numbers (various formats)
  • Email Addresses
  • SSNs (US Social Security Numbers)
  • Passport Numbers
  • Driver License
  • Date of Birth
  • Person Names

Financial Information

  • Credit Cards (Visa, Mastercard, Amex, Discover)
  • Bank Accounts
  • IBAN (with checksum validation)
  • SWIFT Codes
  • Bitcoin Addresses
  • Ethereum Addresses

Network & System

  • IP Addresses (IPv4)
  • IPv6 Addresses
  • MAC Addresses
  • URLs

Security & Authentication

  • API Keys (Stripe, AWS, Google)
  • Passwords
  • JWT Tokens
  • AWS Keys
  • Private Keys (RSA, DSA, EC, OpenSSH, PGP)

See SafePaste in Action

Watch how SafePaste detects and redacts sensitive information before it reaches ChatGPT:

SafePaste working in ChatGPT - showing detected entities and redaction options

Prerequisites

Before installing SafePaste, ensure you have the following installed on your system:

  • Git - For cloning the repository. Download Git
  • Node.js (v20 or higher) and npm - For installing dependencies and building the extension. Download Node.js
  • Google Chrome - For loading and using the extension. Download Chrome

Getting Started

1. Clone the Repository

git clone https://github.com/gautamjkr/safe-paste.git
cd safe-paste
git checkout main

2. Install Dependencies

npm install

3. Build the Extension

npm run build

4. Load in Chrome

  1. Open chrome://extensions/
  2. Enable Developer mode (top right)
  3. Click Load unpacked
  4. Select the dist folder

Usage

Keyboard Shortcuts

Windows: Ctrl + V | Mac: Cmd + V
Normal paste (works as usual)
Windows: Ctrl + Alt + V | Mac: Cmd + Alt + V
SafePaste (triggers PII detection)

Basic Workflow

  1. Navigate to ChatGPT (chatgpt.com) or Gemini (gemini.google.com)
  2. Click in a text area to focus it
  3. Copy content containing PII to your clipboard
  4. Press Ctrl + Alt + V (Windows) or Cmd + Alt + V (Mac) to trigger SafePaste
  5. Ghost Overlay appears showing detected entities
  6. Choose:
    • Paste Masked: Inserts redacted text with placeholders
    • Paste Original: Inserts unmodified text
    • Custom Select: Choose which entities to redact

Example

Input:

My phone number is +1-555-123-4567. 
Email: alice@example.com
Credit card: 4532-1234-5678-9010

Masked Output:

My phone number is <PHONE_NUMBER_1>. 
Email: <EMAIL_ADDRESS_1>
Credit card: <CREDIT_CARD_1>

Security Considerations

What SafePaste Does

  • ✅ Opt-in keyboard shortcut for SafePaste
  • ✅ Aggressive PII detection with 25+ entity types
  • ✅ Client-side regex pattern detection
  • ✅ Granular user control over what gets pasted
  • ✅ 100% local processing in your browser
  • ✅ Never sends data to external servers
  • ✅ Never stores data in databases
  • ✅ No external libraries - self-contained
  • ✅ Chrome Web Store compliant

What SafePaste Doesn't Do

  • ❌ Intercept normal paste operations
  • ❌ Store raw secrets or PII
  • ❌ Send data to third-party services
  • ❌ Make external API calls
  • ❌ Require backend infrastructure
  • ❌ Track user behavior
  • ❌ Use external libraries