100% Local Processing
All PII detection and masking runs inside your browser. Zero network calls, zero servers, zero telemetry. Your data physically cannot leave your device.
Open Source · MIT License · v2.1
Mask your data before
AI chatbots see it
CLOKR automatically detects and masks emails, credit cards, IBANs, tax codes and other sensitive data before they reach ChatGPT, Claude or Gemini. 100% local processing. Zero servers. Zero tracking.
mario.rossi@gmail.com
→
[EMAIL_1]
+39 333 1234567
→
[PHONE_1]
RSSMRA85M01H501Z
→
[CF_1]
IT60X0542811101000000123456
→
[IBAN_1]
4111 1111 1111 1111
→
[CARD_1]
Features
Privacy by design, not by promise
Every architectural decision in CLOKR is engineered to ensure your sensitive data never leaves your browser.
Real-time Interception
CLOKR intercepts the Enter key and Send button before the AI platform processes your input. PII is masked before the HTTP request fires.
Cryptographic Validation
Not just regex: Luhn algorithm for credit cards, MOD-97 for IBANs, official checksum for Italian tax codes. Minimizes false positives.
Automatic De-masking
AI sees placeholders, you read original values. CLOKR restores masked data in AI responses automatically, so your experience remains seamless.
Anti-injection Placeholders
Placeholders use Unicode guillemets and random session IDs, making them impossible to predict or forge from the AI side.
Multi-platform Support
Full support for ChatGPT, Claude, and Google Gemini. Dedicated adapters handle each platform's unique DOM structure, including Shadow DOM.
How It Works
Three steps, zero data leaks
CLOKR operates as an invisible shield between you and the AI. Here's what happens when you hit Enter.
Detect
The PII detection engine scans your input using pattern matching with cryptographic validation (Luhn, MOD-97, checksum) to identify real sensitive data with minimal false positives.
Mask
Each detected PII item is replaced with an anonymous, session-unique placeholder. The original value is stored only in browser memory — never persisted to disk or sent anywhere.
Send
The masked text is sent to the AI platform. The AI generates its response using placeholders. CLOKR then restores original values in the response for your eyes only.
Protected Data
What CLOKR catches
Eight categories of PII, each with robust detection and validation logic.
| Data Type | Validation | Example |
|---|---|---|
| RFC 5322 Regex | user@domain.com → [EMAIL_1] | |
| 📱 Phone | Prefix Filter + Length | +39 333 1234567 → [PHONE_1] |
| 🪪 Codice Fiscale | Checksum Algorithm | RSSMRA85M01H501Z → [CF_1] |
| 🏦 IBAN | MOD-97 (ISO 13616) | IT60X054281110... → [IBAN_1] |
| 💳 Credit Card | Luhn + Circuit Check | 4111 1111 1111 1111 → [CARD_1] |
| 🌐 IP Address | IPv4 + IPv6 | 192.168.1.1 → [IP_1] |
| 📅 Date of Birth | Plausibility Filter | 15/03/1985 → [DATE_1] |
| 🏥 Tessera Sanitaria | Pattern + Length | 80380... → [TS_1] |
Security Architecture
Built for zero trust
Every layer of CLOKR is designed with the assumption that nothing outside the browser can be trusted.
Zero Network Calls
The extension never contacts any server. No analytics, no telemetry, no heartbeat.
Manifest V3
Modern Chrome extension format with restricted APIs and enforced Content Security Policy.
Minimal Permissions
Only activeTab and storage. No tabs, no webRequest, no host permissions.
Private State via Closures
Internal maps (original↔placeholder) are encapsulated in IIFEs, inaccessible to page scripts.
Session-only Memory
PII mappings live in RAM. Never persisted to disk, localStorage, or extension storage.
XSS-safe UI
Popup rendered with createElement exclusively — no innerHTML with dynamic data.
FAQ
Frequently asked questions
Does CLOKR send my data to any server?
No. CLOKR makes zero network calls. All PII detection and masking happens entirely inside your browser using local regex engines and validation algorithms (Luhn for credit cards, MOD-97 for IBANs, official checksum for Italian tax codes). No telemetry, no analytics, no backend.
Which AI platforms does CLOKR support?
CLOKR supports ChatGPT (chat.openai.com and chatgpt.com), Claude (claude.ai), and Google Gemini (gemini.google.com). Each platform has a dedicated adapter that handles its unique DOM structure.
Is CLOKR open source?
Yes. CLOKR is fully open source under the MIT license. The entire codebase is available on GitHub for audit, contribution, and review. There are no hidden components, no obfuscated code, and no server-side dependencies.
Can CLOKR help with GDPR compliance?
CLOKR helps prevent accidental transmission of personal data to third-party AI services, which is a common GDPR risk. By masking PII before it leaves the browser, it acts as a client-side DLP layer. However, CLOKR is a technical tool, not legal advice — organizations should consult their Data Protection Officer for full compliance.
How does CLOKR handle AI responses that contain my placeholders?
CLOKR continuously monitors the AI's response stream. When it detects placeholders in the output, it automatically replaces them with the original values. The AI only ever sees anonymous tokens — you read the real data seamlessly.
What permissions does CLOKR require?
Only two: activeTab (to read and modify the AI chatbot page content) and storage (to persist your on/off preference and masked item counter). No tabs permission, no webRequest, no host permissions, no clipboard access.
How does CLOKR differ from other AI privacy extensions?
Unlike tools that route data through their servers, CLOKR processes everything locally. It uses cryptographic-grade validation (not just regex), employs anti-injection placeholders with random session IDs, requires only minimal permissions, and is fully open source under MIT.
Stop leaking data to AI.
Start protecting it.
Free, open source, and ready in 10 seconds.