Your Personal Data Doesn't Belong in Someone Else's AI Model
Every time you paste a message, fill out a form, or ask an AI tool for help, you might be handing over your Social Security Number, credit card, home address, or medical details without realizing it. Sonomos catches it before it leaves your browser.
Start Protecting Your Personal DataWhat Sonomos Detects
Sensitive data patterns relevant to individuals that Sonomos identifies in real time.
Social Security Numbers
Nine-digit SSN patterns validated against known structural rules, including area number, group number, and serial number formatting. Invalid ranges (such as 000, 666, and 900-series area numbers) are excluded to reduce false positives.
Structural validationCredit Card Numbers
Primary Account Numbers from Visa, Mastercard, Amex, and Discover validated using the Luhn checksum algorithm.
Structural validation (Luhn)Phone Numbers
Domestic and international phone number formats detected via structural pattern matching with country-code and area-code validation.
Structural + contextual matchingEmail Addresses
Personal and professional email addresses detected via standard format matching.
Structural validationHome Addresses & Location Data
Street addresses, zip codes, and city/state combinations detected via named entity recognition and contextual proximity to residential keywords.
NER + contextual matchingDates of Birth
Date patterns detected in proximity to identity-related keywords (DOB, birthday, born, age).
Contextual pattern matchingGovernment-Issued ID Numbers
Patterns consistent with driver's license numbers, passport numbers, and state ID formats. Detection confidence varies by state and country due to format inconsistency.
Contextual pattern matchingMedical Information
Patterns consistent with prescription names, diagnosis descriptions, and insurance member IDs when detected in proximity to health-related keywords.
Contextual pattern matchingDetection confidence varies by data type. Structurally validated types (SSNs, credit card numbers) have lower false positive rates than contextually matched types (addresses, medical terms). Sonomos uses a traffic-light overlay so you can see the confidence level for each detection at a glance.
When Your Data Is at Risk
Most people don't think of AI tools as a data exposure risk. But every prompt you type is a transmission. Here are common scenarios where personal data ends up in third-party AI systems:
- —Asking an AI chatbot for tax help and pasting in your SSN, W-2 data, or bank account numbers.
- —Using an AI writing assistant to draft a medical appeal letter that includes your diagnosis, insurance ID, and date of birth.
- —Filling out AI-powered forms that process your input server-side before you realize where the data is going.
- —Asking for financial advice and including your credit card number, account balances, or transaction history.
- —Drafting personal legal documents (landlord disputes, insurance claims, divorce filings) that contain your address, SSN, and financial details.
Sonomos detects these patterns in real time, directly on the page, before you hit send.
Regulatory Relevance
Sonomos identifies pattern matches, not compliance status. The following frameworks may be relevant when detected data types are transmitted unprotected.
CCPA (California Consumer Privacy Act)
When personal or government-issued identifiers (SSNs, names, addresses, dates of birth) are transmitted to a third-party AI tool, Sonomos flags a CCPA relevance signal. If you are a California resident, CCPA gives you rights over how your personal information is collected and shared. Sonomos helps you see when that data is about to leave your control.
PCI-DSS
When payment card data is transmitted to a third-party AI tool, Sonomos flags a PCI-DSS relevance signal. While PCI-DSS is a merchant-side standard, your card data is still your exposure. Sonomos catches it before it reaches an unprotected endpoint.
Signal requirements: A relevance signal requires that (1) data in a specific category was flagged, (2) that data was transmitted unprotected, and (3) the destination matches a relevant classification. Blocked or remediated transmissions do not trigger signals.
Sonomos does not determine whether any regulation has been violated or whether any data is subject to a specific legal protection. Sonomos identifies patterns consistent with sensitive personal data. Legal questions require legal counsel.
How It Works
Detect
As you browse and type, Sonomos scans page content locally for SSNs, credit card numbers, phone numbers, addresses, and other personal identifiers. Nothing leaves your browser during detection.
Alert
A lightweight overlay highlights detected data directly on the page. Red means a high-confidence structural match (your SSN passed checksum validation). Yellow means a contextual match worth reviewing.
Block or Mask
When you submit a form, send a chat message, or trigger any outbound request containing flagged data, Sonomos can intercept it. Your data is masked or the request is blocked before it reaches the third-party server.
Review
Your dashboard shows what was detected, what was blocked, and what got through. Everything is stored locally in your browser. Sonomos never sees your data.
Why Local-Only Matters for You
Most privacy tools work by routing your data through their own servers to scan it. That means your SSN, your credit card number, and your medical information pass through yet another third party before you are “protected.” Sonomos does not work that way. Every detection, every alert, and every block happens inside your browser. Your data is never transmitted to Sonomos or anyone else. There is no account data stored in the cloud. There is no server that can be breached. Your personal information stays on your machine, period.
You wouldn't hand your wallet to a stranger. Don't hand your data to an AI tool without knowing what's in it.
Get Sonomos Free