Claims and policyholder data don't belong in an AI prompt.
Underwriters, claims handlers and brokers are already pasting claim narratives, policyholder details and medical reports into ChatGPT, Claude and Copilot to draft a letter or summarise a file. Every paste can carry personal data and health data straight out of your control. Tracehold catches it on the device, before it leaves the browser — and maps what it finds to GDPR, NIS2, ISO 27001 and SOC 2.
The moment a handler is about to send claim text to an AI tool, Tracehold sees it — right at the source, before it leaves the machine.
By default the prompt never leaves the browser. In managed deployments, only metadata — type of finding, severity, timestamp — reaches the backend.
Across 2,200+ known AI tools and sites — including policyholder PII and health data written in free form, with no fixed shape.
Built and hosted in the EU (France), with EU data residency.
A claim file is some of the most sensitive data you hold
Insurance runs on exactly the data regulators care about most: identity, finances and health. AI tools make the work faster — and make it far too easy to send that data somewhere it should never go. Here is where the exposure shows up.
Claims narratives
Handlers paste whole claim notes into AI to draft a response or summarise a file — carrying the claimant's circumstances, injuries and account of events straight into a third-party tool.
Policyholder PII
Names, addresses, dates of birth, policy and national ID numbers and bank details end up in prompts when staff ask AI to reformat a quote, a letter or a renewal.
Health & special-category data
Life, health and personal-injury claims are full of medical reports and diagnoses. Under GDPR that's special-category data — and a single careless paste can become a reportable breach.
Caught on the device, before it reaches the AI
A single check on the device decides everything. The network only ever carries the result, never the content of the claim.
See
The moment a handler is about to send claim text to an AI tool, Tracehold sees it — right at the source, before it leaves the machine.
Decide
Detection recognises policyholder PII, financial details and health data — even names and conditions that don't follow a fixed format — and your policy decides what happens.
Protect
The sensitive part is redacted so the rest of the request can still go through, or the whole paste is blocked — and the handler gets a clear, in-context explanation.
Record
Your compliance team gets an audit trail with just the essentials — type, severity, when. The claim text itself stays where it started.
Across the browser, the desktop and Outlook
Claims and underwriting work doesn't only happen on AI websites. Tracehold covers 2,200+ known AI tools and sites with 1,600+ detection patterns, across every surface your teams use.
Free browser extension
Catches sensitive claim and policyholder data the moment it's pasted into an AI tool in the browser — the surface where most of it happens.
Desktop & developer agents
Extends the same on-device detection to desktop apps and to the developer and terminal tools your technical teams rely on.
Outlook add-in
Checks email before it's sent, so a claim file or medical report doesn't leave in an attachment or a forwarded thread.
Claim files already on disk
The desktop agent also scans PDF, Word and Excel files already on the device, and checks documents at the moment they're uploaded into an AI tool — so a scanned claim form or medical report doesn't slip through as a file instead of pasted text.
Detection runs on the device
The check happens right where your team works. By default the prompt — the claim text, the policyholder details, the medical note — never leaves the browser. There's no proxy in the middle and no copy of the claim sent off for analysis.
In managed deployments, only metadata reaches the backend: the type of finding, its severity and a timestamp — never the claim content itself by default. See how we protect your data →
Live compliance mapping, for the rules you answer to
Tracehold maps AI risk to GDPR, NIS2, ISO 27001 and SOC 2 as live compliance mapping — so you can see where you stand and prove it to your DPO, your board and your supervisor.
GDPR
Policyholder PII and health data are exactly what GDPR protects — and health data is special-category. Tracehold keeps it from leaking into AI tools, and gives you the audit trail to show it.
ISO 27001
Tracehold's reporting is mapped to ISO 27001 controls, so your information-security programme can point to real, current evidence of how AI-related data risk is managed.
SOC 2
The same reporting is mapped to SOC 2 trust-services criteria, giving your assessors and clients evidence of ongoing control over AI-related data risk.
NIS2
NIS2 raises the bar on security and incident handling. The metadata trail — type, severity, timestamp — gives you the evidence to demonstrate control and report cleanly.
Rolled out in weeks, with the tools you already run
No proxy, no network surgery, no year-long programme. Tracehold is a browser extension and a set of agents you push with your normal device management — and it plugs into the identity, alerting and SIEM stack your security team already uses.
Single sign-on
Log your people in with Microsoft Entra ID or Okta, tied to your verified domain and scoped to the right team.
SIEM & alerting
Send detection metadata to Splunk or Microsoft Sentinel, and route alerts to Slack or Microsoft Teams.
Push it with MDM
Deploy across the fleet with Microsoft Intune or any standard MDM — and add the Outlook add-in for email.
Start in observe-only mode
Begin by simply watching: see exactly what claim and policyholder data your teams are sending to AI tools today, mapped to GDPR, NIS2, ISO 27001 and SOC 2 — with zero disruption to your people. Turn on redaction and blocking when you're ready.
Most teams go from first call to protected in 2–4 weeks. Built and hosted in the EU (France), with EU data residency.
Honest, published pricing
Start free on the device with no account and no backend. Move up when you need central visibility, compliance mapping and governance.
Free — €0 forever
Runs on the device, no account and no backend. The browser extension catching sensitive data on-device, for individuals and small teams getting started.
See what's includedInsight — €40/user·mo
Central visibility and reporting: adds a managed backend, the compliance mapping & reports, SSO, SIEM and alerting integrations — so security and compliance can see and act on AI risk.
Compare plansGovernance — €60/user·mo
Full control and governance: everything in Insight plus deeper policy, governance and audit controls for regulated insurers that need the most oversight.
Talk to our teamWhat insurers ask us
Does the claim text or medical report leave our environment?
Can Tracehold detect health and special-category data?
Which regulations does the compliance mapping cover?
Are you certified to ISO 27001, SOC 2 or PCI-DSS?
Won't this just push staff to use AI on personal devices?
How fast can we be up and running?
See what your teams are sending to AI today
Book a demo and start in observe-only mode — see exactly what claim, policyholder and health data is going into AI tools across your business, mapped to GDPR, NIS2, ISO 27001 and SOC 2, with zero disruption to your people.