TeamPromptTeamPrompt
100% client-side · no data leaves your browser

Prompt PII Scanner

Paste any prompt and instantly see what sensitive data it contains — PII, PHI, credentials, payment info — before it reaches ChatGPT, Claude, Gemini, Copilot, or any LLM. Free, no signup, nothing logged.

Detects 15+ categories Luhn-validated card numbers HIPAA & PCI categories Embeddable on any site
Paste your prompt
0 characters No data leaves your browser
Clean
0

Waiting for input

Paste a prompt or pick a sample. Detection runs as you type — nothing is sent to any server.

How it works

Local pattern matching, then a weighted risk score

Every keystroke triggers a scan in your browser. We run validated patterns — Luhn for cards, IBAN structure, AWS key prefixes, JWT three-part shape, PEM block markers, and contextual regexes for PHI and addresses — then weight each finding by severity to produce a 0–100 score.

Critical35 pts

Cards, SSN, AWS keys, private keys

High15 pts

JWTs, API keys, IBAN, PHI codes

Medium6 pts

Email, phone, DOB, addresses

Low2 pts

IP addresses, host names

Multi-find+log10×0.3

Diminishing returns within category

Cap100 max

Score never exceeds 100

Why this exists

Traditional DLP is blind to AI prompts

Network DLP fingerprints files leaving the organization — PDFs, CSVs, images. A 4,000-character ChatGPT prompt is just request body text to api.openai.com. It doesn't look like exfiltration to your network controls, and it doesn't touch endpoint triggers like USB writes or clipboard policy.

A 2023 Cyberhaven study found 11% of employees had pasted confidential company data into ChatGPT — and that's before considering Claude, Gemini, Copilot, Perplexity, and dozens of other tools. Three years later, the rate has only grown.

This scanner is the awareness layer. For organization-wide enforcement — automatic redaction, policy violations logged to your SIEM, role-based exceptions for legal/finance — see TeamPrompt AI DLP.

Embed

Put this scanner on your site

Free to embed on internal wikis, security training pages, blog posts, or vendor portals. Same client-side guarantee — nothing is sent to any server. A small "Powered by TeamPrompt" link sits at the bottom of the widget.

Embed code
<iframe
  src="https://teamprompt.app/embed/prompt-pii-scanner"
  width="100%"
  height="640"
  style="border:1px solid #e5e7eb;border-radius:12px"
  title="Prompt PII Scanner by TeamPrompt"
  loading="lazy"
></iframe>
FAQ

Common questions

Is anything I paste sent to a server?+

No. The entire scanner runs in your browser using JavaScript pattern matching and Luhn validation. There are no network calls, no telemetry on the content, and nothing is stored. You can verify by opening DevTools → Network and watching that pasting a prompt produces zero requests.

What categories of sensitive data does it detect?+

Credit cards (Luhn-validated), US Social Security Numbers, AWS access/secret keys, generic API keys (Stripe, GitHub, GitLab, Slack, SendGrid, bearer tokens), JWTs, PEM private keys, IBANs, ICD-10 diagnosis codes, medical record numbers, dates of birth, US street addresses, passport numbers, email addresses, phone numbers, and IP addresses.

How accurate is detection?+

Detection is heuristic. High-confidence categories (Luhn-valid card numbers, well-formed AWS keys, PEM blocks) have low false-positive rates. Broader patterns (street addresses, ICD-10 codes, generic API keys) trade some precision for recall and may flag legitimate text. Always review the redacted output before assuming a prompt is safe.

Can I embed this scanner on my own site?+

Yes. Use the iframe snippet on this page. The embedded version preserves the same client-side guarantee — nothing leaves the user's browser — and links back to teamprompt.app for attribution.

Will this replace my enterprise DLP?+

No. This is an awareness tool, not a control. For organization-wide enforcement, you need server-side or browser-extension DLP that can block, redact, or log policy violations across every prompt — which is what TeamPrompt's commercial product does.

What's the difference between this and ChatGPT Enterprise's data controls?+

ChatGPT Enterprise commits to not train on your prompts and isolates them from other tenants. It does not detect or redact sensitive content inside the prompts you send — that's the gap this scanner (and prompt DLP generally) addresses. The two are complementary.

Ready for organization-wide prompt DLP?

This scanner runs locally per-prompt. TeamPrompt enforces it across every employee, every AI tool, in real time — with logging, exceptions, and SIEM export.

Start freeSee how AI DLP works