# Sonomos — Privacy Layer for AI

> Sonomos is a privacy layer that detects and protects sensitive information before it reaches AI systems like ChatGPT, Claude, Gemini, and Grok. It ships as a browser extension today, with a system-wide desktop app for macOS, Windows, and Linux coming soon. Everything runs 100% locally on the user's device with a zero-knowledge architecture — no servers, no data collection, no accounts required.

Thoughts belong to thinkers.

---

## Product Overview

Sonomos is endpoint data security for AI-powered workflows. It ships today as a browser extension for Chrome, Edge, and Brave (Firefox coming soon) that intercepts text input in AI chat interfaces before submission. Sensitive data patterns are detected using local pattern matching and contextual analysis. Users can choose to mask, replace, or remove flagged content. The AI receives only the sanitized version. Original content never leaves the device.

A native desktop application — **Sonomos Desktop** — is coming soon for macOS, Windows, and Linux. It extends the same privacy layer system-wide: native AI apps (ChatGPT Desktop, Claude Desktop), on-device models (Ollama, LM Studio), and AI assistants embedded in IDEs and terminals (Cursor, Claude Code, Copilot) all inherit the same detection and masking behavior. See https://sonomos.ai/desktop for details.

Sonomos is NOT:
- A chatbot or AI wrapper
- A cloud service that processes your data
- A marketing tool or analytics platform
- A tool that requires an account to function

### Architecture

- 100% client-side processing — no backend servers
- Zero-knowledge design — Sonomos never sees, stores, or transmits user data
- No network calls for detection or protection
- All pattern matching runs locally in the browser
- No telemetry, no analytics on user content, no data collection of any kind

---

## Core Components

### Dagger (Detection Engine)

Dagger is Sonomos's real-time sensitive data detection system. It scans text as users type into AI chat interfaces and flags potentially sensitive content.

**How Dagger works:**
1. Monitors text input fields on supported AI platforms
2. Runs local pattern matching against known sensitive data patterns
3. Uses contextual analysis to reduce false positives
4. Displays color-coded underlines beneath flagged content:
   - **Yellow underline**: Medium risk — review recommended
   - **Red underline**: High risk — action required
5. Shows contextual tooltips explaining why content was flagged
6. Detection categories can be individually enabled, disabled, or adjusted

**What Dagger detects:**
- Personal identifiers: Social Security Numbers, dates of birth, government-issued IDs
- Contact information: Email addresses, phone numbers, physical addresses
- Financial data: Credit card numbers (Luhn-validated), bank account numbers, routing numbers
- Health information: Medical terms, patient data, PHI indicators
- Legal identifiers: Case numbers, docket identifiers, matter numbers
- Client/customer names: Named entity recognition with contextual matching
- Privileged communication markers: Privilege headers, confidentiality notices, work-product references
- Custom patterns: User-configurable patterns for industry-specific needs

### Cloak (Protection Engine)

Cloak is Sonomos's data transformation system. It modifies flagged content before it reaches the AI, preserving meaning while removing sensitive details.

**Protection methods:**
- **Tokenization**: Replaces sensitive values with reversible tokens
- **Obfuscation**: Substitutes sensitive data with plausible but fake alternatives
- **Controlled substitution**: Replaces specific values while maintaining context
- **Masking**: Redacts sensitive content entirely

Cloak operates independently from Dagger — users can enable detection without automatic protection, or enable both together.

### Traffic Light Widget

A persistent visual indicator that shows the current protection status at a glance:
- **Green**: Safe to proceed — no sensitive data detected
- **Yellow**: Medium risk — potentially sensitive data present, review recommended
- **Red**: High risk — sensitive data detected, action required before submission

The widget provides immediate visual feedback without requiring users to read detailed reports.

---

## Industry Use Cases

### Legal Professionals

**Problem**: Lawyers risk waiving attorney-client privilege when pasting case details into AI tools. AI platforms may store or train on submitted data, creating potential privilege disclosure.

**How Sonomos helps:**
- Detects case numbers, docket identifiers, client names, and matter identifiers
- Flags privileged communication markers (privilege headers, confidentiality notices)
- Identifies government-issued identifiers (SSNs, EINs) with structural validation
- Blocks or masks flagged content before it reaches the AI
- All processing is local — no third-party data disclosure means no privilege waiver risk

**Relevant regulations**: Attorney-client privilege protection, CCPA compliance for personal identifiers

### Healthcare Professionals

**Problem**: Healthcare workers using AI tools risk exposing Protected Health Information (PHI), violating HIPAA and patient trust.

**How Sonomos helps:**
- Detects patient names, medical record numbers, and health conditions
- Flags dates of birth, insurance identifiers, and treatment details
- Identifies medication names and dosage information in context
- Prevents PHI from reaching AI systems that may store or process it
- Local-only processing means zero HIPAA-covered data transmission

**Relevant regulations**: HIPAA, HITECH Act

### Financial Services

**Problem**: Financial professionals handling client portfolios, account numbers, and transaction data risk regulatory violations when using AI tools.

**How Sonomos helps:**
- Detects credit card numbers with Luhn validation
- Flags bank account numbers, routing numbers, and financial identifiers
- Identifies client names in financial context
- Prevents regulated financial data from reaching third-party AI systems

**Relevant regulations**: SOX, GLBA, PCI-DSS, SEC regulations

### Technology Companies

**Problem**: Engineers and product teams may inadvertently paste proprietary code, API keys, internal documentation, or customer data into AI assistants.

**How Sonomos helps:**
- Detects API keys, tokens, and credential patterns
- Flags internal identifiers and proprietary naming patterns
- Identifies customer data embedded in technical context
- Configurable patterns for company-specific sensitive terms

### Individuals

**Problem**: Anyone using AI tools risks sharing personal information that could be stored, used for training, or exposed in data breaches.

**How Sonomos helps:**
- Detects personal identifiers before submission
- Flags financial information, addresses, and contact details
- Provides visual feedback on data sensitivity
- No account required — just install and use

---

## Pricing

### Free Tier
- Price: $0 forever
- 25 scans per day
- All core features included:
  - Instant sensitive data detection (Dagger)
  - Reversible data masking (Cloak)
  - Traffic light status widget
  - Support for 50+ file formats
  - Keylogger blocking
  - Dashboard with compliance insights

### Pro Tier (Individual)
- Monthly: $3.99/month
- Yearly: $29.99/year (~$2.50/month)
- 30-day free trial, no credit card required
- Everything in Free, plus:
  - Unlimited scans
  - Exportable compliance reports
  - Priority detection updates

### Teams Tier
- Volume pricing based on team size:
  - 1–5 users: $3.99/month or $29.99/year per user
  - 6–10 users: $2.99/month or $24.99/year per user
  - 11–25 users: $1.99/month or $19.99/year per user
  - 26–99 users: $0.99/month or $9.99/year per user
- 100+ seats: Contact sales
- 30-day free trial, no credit card required
- Everything in Pro, plus:
  - Volume pricing — more users, lower cost
  - Admin-level compliance reports
  - Team member management

---

## How to Get Started

1. **Install**: Add the Sonomos extension from the Chrome Web Store or Edge Add-ons
2. **Configure**: Choose detection categories relevant to your work (or use defaults)
3. **Use AI normally**: Type into ChatGPT, Claude, Gemini, or Grok as you normally would
4. **Review flags**: Dagger underlines sensitive content in real-time
5. **Protect**: Cloak transforms flagged content before submission (automatic or manual)

No account creation required. No setup wizard. Install and start using immediately.

---

## Frequently Asked Questions

**Q: What is Sonomos?**
A: A privacy layer that detects and protects sensitive data before it reaches AI systems like ChatGPT, Claude, or Gemini. Ships as a browser extension today; a system-wide desktop app for macOS, Windows, and Linux is coming soon. Runs 100% locally on your device. No servers, no data transmission, no accounts required.

**Q: Is there a desktop version of Sonomos?**
A: Yes — **Sonomos Desktop** is coming soon for macOS, Windows, and Linux. It extends the same privacy layer to every AI tool on your computer, including native apps (ChatGPT Desktop, Claude Desktop), local LLMs (Ollama, LM Studio), and AI assistants in IDEs and terminals (Cursor, Claude Code, Copilot). 100% on-device. Request early access at https://sonomos.ai/contact or see https://sonomos.ai/desktop for details.

**Q: How does Sonomos protect my data?**
A: Two components: Dagger detects sensitive data in real-time with colored underlines (yellow = medium risk, red = high risk). Cloak transforms flagged data using tokenization or obfuscation before it reaches the AI. Both can be toggled independently.

**Q: Does Sonomos store or collect my data?**
A: No. All processing happens locally in your browser. Nothing is stored, logged, or transmitted. Zero-knowledge architecture means Sonomos never sees your data.

**Q: What does the traffic light indicator mean?**
A: Green = no sensitive data detected. Yellow = potentially sensitive data, review recommended. Red = sensitive data detected, action required.

**Q: Can I control what Sonomos detects?**
A: Yes. Detection categories (personal identifiers, financial data, health info, client names, custom terms) can be individually enabled, disabled, or adjusted for sensitivity level.

**Q: Is Sonomos suitable for regulated industries?**
A: Yes. Designed for lawyers, healthcare professionals, consultants, and others handling confidential data. Local-only processing means no third-party data exposure.

**Q: What AI platforms does Sonomos work with?**
A: The browser extension supports ChatGPT, Claude, Gemini, Grok, and other web-based AI chat interfaces. Sonomos Desktop (coming soon) extends support to native apps like ChatGPT Desktop and Claude Desktop, on-device models like Ollama and LM Studio, and AI assistants in IDEs and terminals such as Cursor, Claude Code, and Copilot.

**Q: Which browsers does the extension support?**
A: Chrome, Edge, and Brave today. Firefox is coming soon.

**Q: How is Sonomos different from other privacy tools?**
A: 100% local processing — no cloud, no servers, no trust required. Visual system state (traffic light) instead of hidden automation. Detection and protection as separate, controllable layers.

**Q: Does Sonomos slow down my browser?**
A: No. Sonomos uses lightweight local pattern matching that runs in milliseconds. It only activates on supported AI platform pages.

**Q: Can I use Sonomos with my team?**
A: Yes. The Teams plan includes volume pricing, admin-level compliance reports, and team member management. See pricing section for details.

---

## Company Information

Sonomos, Inc.
Founded: 2024
Website: https://sonomos.ai
Email: hello@sonomos.ai
Contact page: https://sonomos.ai/contact

### Social Profiles
- X/Twitter: https://x.com/sonomos_AI
- LinkedIn: https://www.linkedin.com/company/sonomos-ai/
- Instagram: https://www.instagram.com/sonomos.ai/
- Facebook: https://www.facebook.com/sonomosai/
- Substack: https://sonomos.substack.com/

---

## All Pages

### Product
- Homepage: https://sonomos.ai/
- Product details: https://sonomos.ai/product
- Pricing: https://sonomos.ai/pricing
- Install: https://sonomos.ai/install
- Changelog: https://sonomos.ai/changelog
- Documentation: https://sonomos.ai/docs

### Industry Pages
- Legal: https://sonomos.ai/who-its-for/legal
- Healthcare: https://sonomos.ai/who-its-for/healthcare
- Financial Services: https://sonomos.ai/who-its-for/financial-services
- Technology: https://sonomos.ai/who-its-for/technology
- Individuals: https://sonomos.ai/who-its-for/individuals

### Company
- Mission: https://sonomos.ai/mission
- Team: https://sonomos.ai/team
- Partners: https://sonomos.ai/partners
- Blog index: https://sonomos.ai/blog
- FAQ: https://sonomos.ai/faq
- Contact: https://sonomos.ai/contact

### Blog Posts
- How to Protect Sensitive Data When Using ChatGPT, Claude, and Gemini (2026 Guide): https://sonomos.ai/blog/protect-sensitive-data-chatgpt-claude-gemini-2026
- AI Data Leakage: 7 Ways Sensitive Information Escapes to LLMs: https://sonomos.ai/blog/ai-data-leakage-7-ways-sensitive-info-escapes-to-llms
- What Is PII Redaction? A Plain-English Guide for AI Users: https://sonomos.ai/blog/what-is-pii-redaction-ai
- Is ChatGPT HIPAA Compliant? A 2026 Guide for Clinicians and Health Tech Teams: https://sonomos.ai/blog/is-chatgpt-hipaa-compliant-2026
- Is Claude HIPAA Compliant? A 2026 Guide for Healthcare Teams: https://sonomos.ai/blog/is-claude-hipaa-compliant-2026
- Is Gemini HIPAA Compliant? A 2026 Guide for Healthcare Teams: https://sonomos.ai/blog/is-gemini-hipaa-compliant-2026
- Is Microsoft Copilot HIPAA Compliant? A 2026 Guide for Healthcare Teams: https://sonomos.ai/blog/is-microsoft-copilot-hipaa-compliant-2026
- Can Lawyers Use ChatGPT? Confidentiality, Privilege, and AI in 2026: https://sonomos.ai/blog/can-lawyers-use-chatgpt-confidentiality-2026
- Prompt Injection Explained: How Attackers Use AI Models to Steal Your Data: https://sonomos.ai/blog/prompt-injection-explained-attacks-defenses
- Financial Services + AI: GLBA, FFIEC, and Securities Compliance for ChatGPT and Claude in 2026: https://sonomos.ai/blog/financial-services-ai-glba-ffiec-compliance-2026
- Source Code in AI Coding Assistants: Keeping Secrets Out of Copilot, ChatGPT, and Claude: https://sonomos.ai/blog/source-code-ai-coding-assistants-engineering-security
- GDPR and AI: A 2026 Compliance Guide for European Teams Using ChatGPT, Claude, and Gemini: https://sonomos.ai/blog/gdpr-ai-compliance-eu-chatgpt-claude-gemini-2026
- AI in Hiring 2026: EEOC, NYC LL144, the EU AI Act, and the Controls That Hold Up: https://sonomos.ai/blog/ai-hiring-eeoc-nyc-ll144-eu-ai-act-2026
- PHI vs PII vs Personal Data: A Plain-English Compliance Glossary for 2026: https://sonomos.ai/blog/phi-vs-pii-vs-personal-data-glossary
- Personal AI Privacy: A 2026 Guide for Individuals Using ChatGPT, Claude, and Gemini: https://sonomos.ai/blog/personal-ai-privacy-individuals-chatgpt-claude-2026
- Can My Employer See My ChatGPT Prompts? A 2026 Guide: https://sonomos.ai/blog/can-my-employer-see-my-chatgpt-prompts-2026
- Does ChatGPT Save Your Prompts? A 2026 Plan-by-Plan Guide: https://sonomos.ai/blog/does-chatgpt-save-your-prompts-2026
- Best AI Privacy Tools for ChatGPT, Claude, and Gemini in 2026: https://sonomos.ai/blog/best-ai-privacy-tools-chatgpt-claude-gemini-2026
- ChatGPT vs Claude for Confidential Work in 2026: https://sonomos.ai/blog/chatgpt-vs-claude-confidential-work-2026
- Free vs Paid ChatGPT: The Real Privacy Differences in 2026: https://sonomos.ai/blog/free-vs-paid-chatgpt-privacy-differences-2026
- Is ChatGPT GDPR Compliant? A 2026 Guide for European Teams: https://sonomos.ai/blog/is-chatgpt-gdpr-compliant-2026
- FERPA and AI: Can Schools and EdTech Use ChatGPT With Student Data? (2026 Guide): https://sonomos.ai/blog/ferpa-ai-chatgpt-claude-schools-edtech-2026
- AI in Insurance 2026: NAIC Model Bulletin, Colorado Reg 10-1-1, and ChatGPT for Underwriting: https://sonomos.ai/blog/ai-insurance-naic-colorado-bulletin-underwriting-2026
- Is GitHub Copilot HIPAA Compliant? A 2026 Guide for Healthcare Developers: https://sonomos.ai/blog/is-github-copilot-hipaa-compliant-2026
- Is Perplexity AI HIPAA Compliant? A 2026 Guide for Healthcare Teams: https://sonomos.ai/blog/is-perplexity-ai-hipaa-compliant-2026
- Is Cursor AI Safe for Sensitive Code? A 2026 Security Guide: https://sonomos.ai/blog/is-cursor-ai-safe-sensitive-code-2026
- PCI DSS and AI: Can You Use ChatGPT With Cardholder Data? (2026 Guide): https://sonomos.ai/blog/pci-dss-ai-chatgpt-cardholder-data-2026
- SOC 2 and AI: What Auditors Look For When Your Team Uses ChatGPT and Claude: https://sonomos.ai/blog/soc-2-ai-chatgpt-claude-2026
- AI Acceptable Use Policy: A 2026 Template for Organizations: https://sonomos.ai/blog/ai-acceptable-use-policy-template-2026
- Is Microsoft Copilot GDPR Compliant? A 2026 Guide for European Teams: https://sonomos.ai/blog/is-microsoft-copilot-gdpr-compliant-2026
- US State AI Privacy Laws in 2026: The Landscape for AI Users: https://sonomos.ai/blog/us-state-ai-privacy-laws-2026
- Is Windsurf AI Safe for Sensitive Code? A 2026 Security Guide: https://sonomos.ai/blog/is-windsurf-ai-safe-sensitive-code-2026
- AI and the Work Product Doctrine: Privilege Risks When Lawyers Use ChatGPT and Claude: https://sonomos.ai/blog/ai-work-product-doctrine-legal-privilege-2026
- HIPAA-Compliant AI: A Complete Checklist for Healthcare Organizations in 2026: https://sonomos.ai/blog/hipaa-compliant-ai-checklist-2026
- ISO 27001 and AI Tools: Which Controls Apply and What Auditors Look For in 2026: https://sonomos.ai/blog/iso-27001-ai-tools-2026
- NIST AI RMF: How to Use the AI Risk Management Framework for Generative AI Governance in 2026: https://sonomos.ai/blog/nist-ai-rmf-governance-2026
- ChatGPT API vs Consumer Tiers: The Real Privacy Differences in 2026: https://sonomos.ai/blog/chatgpt-api-vs-consumer-privacy-2026
- AI Tools for Legal Research in 2026: Harvey, Westlaw AI, Lexis+ AI, and Why Citation Hallucination Still Matters: https://sonomos.ai/blog/ai-legal-research-harvey-westlaw-casetext-2026
- GDPR Data Subject Rights and AI: Access, Erasure, and Automated Decisions in 2026: https://sonomos.ai/blog/gdpr-data-subject-rights-ai-2026
- Is Claude GDPR Compliant? A 2026 Guide for European Teams: https://sonomos.ai/blog/is-claude-gdpr-compliant-2026
- Is Gemini GDPR Compliant? A 2026 Guide for European Teams: https://sonomos.ai/blog/is-gemini-gdpr-compliant-2026
- Is Perplexity AI GDPR Compliant? A 2026 Guide for European Teams: https://sonomos.ai/blog/is-perplexity-ai-gdpr-compliant-2026
- Is Grok GDPR Compliant? A 2026 Guide for European Teams: https://sonomos.ai/blog/is-grok-gdpr-compliant-2026
- EU AI Act Compliance Checklist for Enterprise Deployers (2026): https://sonomos.ai/blog/eu-ai-act-compliance-checklist-2026
- AI Meeting Notetakers: HIPAA, GDPR, and Privacy Compliance in 2026: https://sonomos.ai/blog/ai-notetakers-hipaa-gdpr-privacy-2026

### Comparisons
- Comparisons index: https://sonomos.ai/compare
- Sonomos vs. cloud DLP: https://sonomos.ai/compare/sonomos-vs-cloud-dlp
- Sonomos vs. enterprise privacy platforms: https://sonomos.ai/compare/sonomos-vs-enterprise-privacy
- Sonomos vs. enterprise AI plans: https://sonomos.ai/compare/sonomos-vs-chatgpt-enterprise
- Sonomos vs. browser content blockers: https://sonomos.ai/compare/sonomos-vs-browser-blockers
- Sonomos vs. staff training alone: https://sonomos.ai/compare/sonomos-vs-staff-training
- Sonomos vs. self-hosted AI: https://sonomos.ai/compare/sonomos-vs-self-hosted-ai
- Sonomos vs. AI gateways: https://sonomos.ai/compare/sonomos-vs-ai-gateway
- Sonomos vs. system prompts: https://sonomos.ai/compare/sonomos-vs-prompt-engineering
- Sonomos vs. VPN and Zero Trust: https://sonomos.ai/compare/sonomos-vs-vpn-zero-trust
- Sonomos vs. internal AI portals: https://sonomos.ai/compare/sonomos-vs-internal-ai-portal
- Sonomos vs. Microsoft Purview: https://sonomos.ai/compare/sonomos-vs-microsoft-purview
- Sonomos vs. CASB and SSE platforms: https://sonomos.ai/compare/sonomos-vs-casb-sse

### Legal & Security
- Privacy Notice: https://sonomos.ai/privacy
- Security: https://sonomos.ai/security
- Terms of Service: https://sonomos.ai/terms
- EULA: https://sonomos.ai/eula
- Acceptable Use: https://sonomos.ai/acceptable-use
- Methodology: https://sonomos.ai/methodology
- No-Tracking Policy: https://sonomos.ai/no-tracking

---

Last updated: 2026-05-14 (6 blog posts added: Claude GDPR, Gemini GDPR, Perplexity GDPR, Grok GDPR, EU AI Act checklist, AI notetakers; 2 comparison pages added: Microsoft Purview, CASB/SSE)