See it before you send
Sovereign Shield's browser extension is live on the Chrome Web Store: it redacts Swiss, EU and international identifiers before your prompt reaches ChatGPT, Gemini or Claude.
Last week I very nearly pasted my AHV number into a chat box. It’s an easy habit to fall into — you’re mid-thought, the assistant is quick, the number is sitting right there in the email you’re replying to — and one distracted press of Enter would have parked it on someone else’s servers for good.
That near-miss is more or less the whole reason Sovereign Shield exists, and this week it went live on the Chrome Web Store at 0.3.2. The mental model I keep coming back to is a customs desk for your prompts: anything sensitive gets swapped for a neutral placeholder on the way out, the model does its work none the wiser, and the real values are quietly slipped back in when the reply arrives. What you read is an ordinary conversation. The sensitive number, though, never leaves your machine — and there’s no account, no server and no analytics behind any of it, because the whole thing runs locally.
A fair bit has changed since the last build, so here’s the tour.
The headline is that the redaction has stopped being invisible. There’s now a small live count sitting just above the chat box, spelling out what’s about to be kept local — “3 items (Credit card, Email, Swiss AHV / AVS) will be kept local when you send”. Before, it all happened silently, which meant taking it on trust. Now you get to watch the tally add up before you commit to anything.

Coverage has widened, too. What started as a Swiss-only tool now reads twenty different identifier types: Germany, Poland, Portugal and Belgium have come aboard, along with the UK’s NHS number, Brazil, South Africa, China, Canada and India — all of them joining the Swiss, French, Spanish, Italian and Dutch identifiers that were already there. Nine to twenty, if you’re keeping score.

Gemini needed a quieter word. Its stricter “thinking” model had a habit of rejecting the odd send outright, and the culprit turned out to be the way the outgoing request was being put back together. The fix was to rewrite that request byte for byte — touch only the span that actually gets redacted, and leave everything else exactly as the page composed it. Clean prompts sail straight through.

Underneath all of this is a deliberately fussy matcher. Detection is deterministic, so a string only trips the filter when its shape and its check digit both agree — that’s what keeps ordinary text untouched and false positives at zero. The map from real value to placeholder lives in your tab’s memory and nowhere else. The activity log, for its part, notes the type, the time and the site, and never the value itself.
I’d rather be straight about the edges. This is built for structured identifiers — the kind with a checksum you can actually verify. Names and addresses are a different beast entirely; they need a model that reads context, and I’ve left them out on purpose rather than do a half-hearted job of it. One thing done properly beats six done badly.
That’s the update. Sovereign Shield is free and open source, so if any of this sounds useful you can add it to Chrome, prod at the live detector to watch the checks fire, or read the gateway story if you fancy the longer version of how it all started.