Protection · Zero Data Egress

The privacy layer that never phones home.

Most "privacy-safe" AI tools route your prompts through a classifier before forwarding them. You've solved the problem by creating a different version of it. Ventrin's detection runs entirely inside the browser sandbox — including the model weights.

Install Free How scanning works

Bytes of prompt content sent to Ventrin servers during detection — detection is fully local and requires no Ventrin connectivity

4.8MB

Size of the bundled ONNX detection model — ships with the extension at install time, no runtime download required

100%

Detection decisions made locally — the model never transmits prompt text, partial tokens or user identity during classification

Architecture

Model in the browser. Not in the cloud.

Model ships with the extension.

The ONNX classification model is bundled into the extension package at build time. When a user installs Ventrin, the detection model is already present on their machine. There is no "calling home" for a model download, no warm-up period, and no dependency on Ventrin's infrastructure for detection to function.

Chrome's sandbox isolates the runtime.

Classification runs inside Chrome's extension service worker — an isolated context that cannot make arbitrary network calls. The extension's manifest permissions are scoped to the AI tool domains only. Network traffic analysis will confirm: no prompt content leaves via Ventrin's infrastructure during a scan.

Event metadata only — never content.

When an event is logged to the admin dashboard, Ventrin records the event type, timestamp, user ID, team, destination AI tool, and which sensitivity categories were detected — but never the prompt text itself. You get a full audit trail without creating a second store of sensitive data.

The trust architecture

You should be able to verify the claim.

We know "zero data egress" is a claim every privacy vendor makes. Ventrin's architecture is designed so your IT team can verify it independently — inspect the extension's manifest, review the network traffic during a scan, or audit the ONNX model weights. No trust required beyond what you can confirm yourself.

Extension source is auditable — manifest lists the exact permissions requested and why
Network monitoring during a scan will show zero Ventrin-originated requests
ONNX model format is an open standard — any ML engineer can inspect the architecture
Ventrin is compliant with GDPR Article 25 (data protection by design) by architectural default

Network traffic during scan

ventrin.com requests 0

api.ventrin.com requests 0

Model inference location LOCAL

Prompt text transmitted NONE

Event log payload METADATA

GDPR Art. 25 status COMPLIANT

Where data lives — and where it doesn't

User device

Chrome extension sandbox

NER model, pattern library and policy rules all live here. Prompt text is processed locally — it never leaves this boundary during scanning.

On-device

Ventrin servers

Event metadata only

We receive a structured event: timestamp, user ID, outcome (pass/redact/block), entity types detected. The prompt text and any PII are never included.

Metadata only

AI provider

ChatGPT / Claude / Gemini

Only the sanitised prompt — with PII redacted or replaced — reaches the AI provider. Client names, matter IDs and credentials are stripped before the network call.

Sanitised only

Data inventory — what Ventrin stores

Prompt content stored

0 bytes

PII transmitted to Ventrin

0 fields

Model downloaded at install

4.8 MB

Event metadata per scan

~420 B

Event metadata: event_id, user_id (hashed), timestamp, tool (e.g. "chatgpt"), entity types detected (e.g. ["PERSON","API_KEY"]), outcome. No prompt text. No raw PII. Retained 90 days.

Privacy by architecture, not by promise.

Install in two minutes. Your prompts never leave your browser.

Download for Chrome

Need workspace controls? Join Early Access →

Manifest V3 · Local detection · No prompt storage by default.