Pre-prompt inspection ChatGPT · Claude · Copilot

If it's sensitive, we spot it before it reaches the AI.

Passwords and keys. Customer and personal data. Financial details. Confidential files. Even the sensitive things that don't follow a fixed format, like a name or a home address. Tracehold recognises all of it right on the device — local by default, before anything leaves the browser — so your team keeps using AI and your secrets stay yours.

Checks happen on the device It rarely cries wolf Reads images and documents too
chat.openai.com — Tracehold watching

REC-204 · OUTBOUND PROMPT · REDACT

"Help me reply to María Ortiz — her account IBAN ES91…4521, and here's the server password (redacted)."
Caught before it left the browser
A customer name, a bank account and a password. Hidden from the AI — the rest of the message still went through.
[ Detection scope · what we look for ]

The sensitive data your team shares without thinking

These are the everyday leaks — pasted into a chatbot to save five minutes. Tracehold knows what each of them looks like.

Passwords & keys

Login credentials, API keys and access tokens for cloud, code and AI accounts — the kind of secret that should never be pasted anywhere.

Customer & personal data

Names, emails, ID numbers, addresses and health information — including the special categories that GDPR treats with extra care.

Financial details

Card numbers, bank accounts (IBANs), payslips and salary figures — spotted reliably, not just guessed from the shape of the digits.

Confidential files

Contracts, internal documents, "CONFIDENTIAL" and NDA material, and deal-related content you don't want leaving the building.

And the data with no fixed format. A card number always looks like a card number. But a person's name, a home address or a date of birth can be written a thousand ways. Tracehold uses smart detection that recognises this kind of free-form personal information too — the data a simple keyword search would miss every time.
[ Contextual NLP · beyond patterns · on-device ]

It catches the data that doesn't follow a pattern

Most "data protection" only spots things with a strict shape — a card number, a postcode. Real sensitive data is messier than that. Someone's name, their address, their date of birth, the salary on a payslip: there's no fixed format to match.

Tracehold reads the language the way a person would, so it recognises this free-form personal information in context — even buried in the middle of an ordinary sentence. And it does this on the device: by default, the actual words never leave the machine to be analysed — any server-side reading is an explicit admin opt-in.

Names, addresses, dates of birth

The everyday personal details that have no fixed shape — recognised in plain sentences, not just in forms.

Tunable to your appetite

Decide how cautious it should be, and whether to warn, hide the data, or just quietly observe.

The data stays put

The analysis happens locally by default. The sensitive text isn't copied off the device to make the decision unless an admin deliberately enables a server-side option.

Your own watchlist, on top

Add the client names, project codenames or executives that matter to you, and Tracehold flags them too — even though they'd otherwise read as ordinary text with no fixed shape at all.

A message like this:
"Draft a reply to María Ortiz, born 02/04/1991, who lives at Calle Mayor 14, Madrid, about her payslip."

A customer's name

Recognised even though it's just words.

A date of birth and a home address

Personal data with no rigid format.

A payslip reference

Financial and personal in one go.

[ OCR + file scan · images & documents ]

It reads screenshots and files, not just typed text

A secret hidden in a screenshot or a PDF is still a leak. Tracehold reads the text inside images and documents before they reach an AI tool — and it does it on the device, so the file's contents stay with you.

Screenshots & images

Pasting a screenshot of a console, an invoice or an ID card? Tracehold reads the text in it and treats it like any other sensitive content.

Documents & attachments

PDFs, Word files and spreadsheets are scanned too — so a contract or a customer list doesn't slip through as an upload.

Stays private by default

The reading happens locally, in two layers, before anything reaches a server. The rare fallback — only when a browser can't read images locally, or an admin opts into it — still sends back just the detection result, never the extracted text itself.

chatly.ai — file upload blocked

Real product recording, illustrative sample data — a .env file is caught and the upload is blocked before it ever reaches the AI.

[ Precision · low false-positive ]

Alerts you can trust, not noise you'll ignore

The fastest way to make a security tool useless is to flood people with false alarms. Tracehold is built to be precise, so when it speaks up, it's worth listening.

It checks, it doesn't guess

A card or bank account number is verified to be real before it raises a flag. Numbers that just look the part don't trigger an alert.

Test and example data is ignored

The obvious placeholder values developers paste in every day are recognised as harmless and left alone — so test data never cries wolf.

You can tune and make exceptions

Set how strict it should be, and create targeted exceptions for the cases that matter to you — without leaving gaps in your coverage.

Many checks, working together — with a strict pecking order. Spotting sensitive data isn't one trick — it's several, layered so each one covers the others' blind spots. A verified secret, like a real card number or a working access key, can never be talked out of being flagged by the contextual layer: that layer can add confirmation or quiet down low-risk noise, but it can't overrule a match that's already been technically verified. The result is detection that's both broad and accurate, instead of a blunt filter that blocks everything or misses the real risks.
[ Keep work flowing · redact ]

Don't just block it — hide the sensitive part and let the rest go

Blocking everything frustrates people and pushes them to a tool you can't see. So when Tracehold finds something sensitive in a message, it can simply hide or strip that one piece — the password, the account number, the customer's name — and let the rest of the prompt carry on to the AI.

The employee keeps working. The AI still gets a useful question. By default, the sensitive value never leaves the machine. And before anything is sent, Tracehold double-checks that no original secret slipped through — if one did, the message is stopped, not sent.

Redact Block

The rest still works

Only the sensitive bit is swapped out, so the AI can still answer the actual question.

A final safety check

Right before sending, Tracehold confirms nothing sensitive remains — or it stops the message.

A clear heads-up

The person sees what was caught and why, and you get an audit trail — without the prompt being stored.

What the employee wrote:
"Rotate the key AKIA…7Q on the account ES91…4521."
What actually gets sent:
"Rotate the key key (hidden) on the account ES91 **** 4521."
By default, the secret stayed on the device. The question still gets answered.
[ Coverage · every channel ]

The same protection, wherever AI gets used

The same detection runs across every way your people reach an AI — so a leak can't simply move to a channel you weren't watching.

The browser

ChatGPT, Claude, Gemini, Copilot and 300+ other AI tools and sites we track by name — plus a live heuristic that flags AI services we haven't catalogued yet, so unapproved "shadow AI" doesn't slip through just because it's new.

The desktop

Desktop apps and email get the same coverage, so protection follows your people beyond the browser tab.

Developer tools

It works with the developer and terminal tools your engineers already use — where some of the most valuable secrets live.

See coverage on every device

[ FAQ · detection questions ]

What buyers ask about detection

What kinds of sensitive data does it actually catch?
Passwords and access keys; customer and personal data like names, emails, ID numbers and health information; financial details such as card numbers, bank accounts and salaries; and confidential files like contracts and internal documents. Crucially, it also catches free-form personal data that has no fixed format — a name or a home address written in the middle of a sentence — which simpler tools miss.
How does it catch data that doesn't follow a fixed pattern?
It reads the language in context, the way a person would, instead of only matching rigid shapes like a postcode or an account number. That lets it recognise names, addresses, dates of birth and similar details even when they appear in ordinary text. This analysis runs on the device, so the actual words are never copied off the machine to make the decision.
Will it flood my team with false alarms?
No — it's built to be precise. Things like card and bank account numbers are verified as real before anything is flagged, and obvious test or placeholder values are recognised and ignored. You can also tune how strict it is and create targeted exceptions, so alerts stay meaningful instead of becoming noise people learn to ignore.
Does it scan images and documents, or only typed text?
Both. It reads the text inside screenshots and images, and scans documents like PDFs, Word files and spreadsheets — so a secret hidden in an attachment or a screenshot is caught just like one that's typed. This reading happens on the device by default, so the file's contents stay with you unless an admin deliberately enables a server-side option.
If something sensitive is found, do you just block the whole message?
Not necessarily. Tracehold can hide or strip just the sensitive part — the password, the account number, the name — and let the rest of the prompt continue to the AI. The employee keeps working, the AI still gets a useful question, and the sensitive value never leaves the device. Before sending, it double-checks nothing slipped through; if it did, the message is stopped.
Where does the detection run — and does our data leave the machine?
Detection happens on the device, right at the source, before anything is sent to an AI tool. By default the prompt itself never leaves the browser — only the essentials reach us, like what type of thing was caught and how severe. The same detection covers the browser, the desktop and developer tools, so coverage doesn't have gaps to exploit.

See what Tracehold would catch in your environment

Book a short demo and we'll show you, on your own data, exactly what would have been spotted and hidden — with zero disruption to your people. Start in observe-only on any channel before you enforce a thing.