Secret Sanitizer is a privacy-first Chrome extension with a single narrow purpose: to prevent accidental disclosure of sensitive information when interacting with AI chat websites. All processing happens locally on your device — no data ever leaves your browser.
KEY POINT: Your secrets stay on your device. Always. No exceptions.
Data Processing
All data processing performed by Secret Sanitizer occurs entirely on your local device. The extension does not transmit, sync, upload, or share any data with external servers or third parties.
Local Storage Usage
The extension uses chrome.storage.local exclusively to store:
- Temporarily masked secret values in an AES-GCM encrypted vault, used to restore originals when you unmask from the popup or copy AI responses via Smart Restore
- Aggregate user statistics (e.g., total and daily count of blocked secrets)
- User preferences, such as enabled or disabled detection patterns and custom websites
All stored data remains local to your browser and is never accessible outside the extension.
Permissions Used
Secret Sanitizer requests only the minimum permissions needed for its single purpose. None of these permissions allow data collection or transmission:
storage — Saves user preferences and local statistics.
scripting — Injects lightweight content scripts to detect and mask secrets on AI chat pages.
alarms — Cleans up expired vault entries every 5 minutes and checks for weekly summary notifications daily.
notifications — Displays a weekly protection summary notification (Sundays) showing aggregate counts only.
activeTab — Reads only the current tab's URL when you open the popup, to show whether the extension is active on that site. No page content is accessed.
Host permissions — Limited to major AI chat domains (chatgpt.com, claude.ai, gemini.google.com, grok.com, and any sites you explicitly add).
No Data Collection
Secret Sanitizer does not collect or transmit:
- Personally identifiable information
- Browsing history or web activity
- Clipboard contents beyond user-initiated paste events
- Health, financial, authentication, or location data
- Analytics, telemetry, or usage tracking
No External Communication
The extension makes no network requests and does not communicate with any remote servers. No data is sold, shared, or disclosed to any third party.
Code Execution
Secret Sanitizer does not execute remote code. All scripts are bundled with the extension package and run locally within the browser.
Supported Websites
By default, Secret Sanitizer works on ChatGPT, Claude, Gemini, and Grok. You can add any custom website with explicit permission.
Data Retention
Vault entries automatically expire after a short retention period (default 15 minutes) and are cleaned up by a periodic background task. All other data (settings, statistics) is stored locally until you manually clear it, uninstall the extension, or clear browser data. There is no external storage.
Your Rights
You have full control over all data stored locally. You can view, modify, export, or delete everything at any time through the extension settings.
Updates to This Policy
We may update this privacy policy to reflect new features. The latest version will always be available at the URL where you accessed this page, with the updated date shown above.
Contact
For questions or concerns regarding this privacy policy, please contact:
- X: @souvik_ghosh975
- GitHub: Secret Sanitizer on GitHub