TRUST CENTER

Security you can verify, not just trust.

GPT-Shield is built for the most sensitive data in your company. The whole design rests on one idea: we protect your data by never holding it. Here's exactly how that works.

Local-first

Core detection runs on each machine. Prompts and files are scanned in place — no cloud round-trip to protect them.

Never stores raw values

The sensitive value itself is never written to a log, audit event, lineage edge, or the vault by default. Only salted hashes and token references.

Encrypted at rest

Anything that is persisted — like reversible pseudonymization maps, when enabled — is AES-GCM encrypted, backed by the OS keychain.

Deterministic & auditable

The same input, policy, and version always produce the same result — identical on every surface, and provable from the audit trail.

DATA HANDLING

What we process — and what we never touch.

PROCESSED — LOCALLY, IN MEMORY
  • Prompt text and uploaded files, to detect sensitive data
  • Non-sensitive metadata (surface, destination, app hint)
  • Salted, one-way hashes and stable token references
  • Policy decisions and the action taken (block / redact / pseudonymize)
NEVER STORED OR TRANSMITTED
  • The raw sensitive value — ever, by default
  • Your prompts, sent somewhere to be scanned
  • Plaintext secrets in logs, audit events, or lineage
  • Anything to a third party without your explicit configuration
WHERE IT RUNS

Your data stays in your environment.

Detection, classification, and transformation all happen on the device or in your own infrastructure. There is no required cloud dependency for protection.

On-device & self-hosted

The browser extension and desktop agent run the engine locally; the gateway is self-hostable and OpenAI/Anthropic-compatible. Nothing sensitive leaves the boundary you control.

Optional cloud — payload-free

If you turn on hosted features (like a shared data-flow graph), they receive only de-identified signal — classifications, counts, and hashes — never raw values.

COMPLIANCE & LEGAL

Built to make compliance easier.

By never storing the raw value and keeping processing local, GPT-Shield removes the riskiest part of the data-handling equation. Formal attestations are on the way.

SOC 2 Type II

On our roadmap. We're building toward a formal attestation; ask us where we are today.

GDPR & CCPA

Designed for it: local processing and never storing raw values keeps sensitive data out of scope wherever possible.

DPA on request

Need a data-processing agreement or a security questionnaire completed? We're happy to.

Read our Privacy and Terms, or email noah@gpt-shield.com.

Reviewing GPT-Shield for your organization?

Bring your security questions to a 20-minute walkthrough — we'll show you exactly what crosses the boundary and what never does.

Book a security review

No raw data leaves your machine. Ever.