Getting Started

Your data never leaves your device. The vault is a folder of human-readable Markdown and JSON files on your computer — you can open it in any text editor and see exactly what’s stored. Your master salt lives in your OS keychain (macOS Keychain, Windows Credential Manager). The extension communicates only with localhost:3000 — a loopback address that physically cannot reach the internet. We don’t operate any servers that receive your data.

Each supported provider (ChatGPT, Claude, Gemini, DeepSeek) has its own dedicated adapter with resilient selectors and fallback strategies. If any provider makes a breaking change, we can push a selector update without a full extension release. MyYaad is fail-closed: if protection can’t run — the desktop app isn’t running, or the extension needs approval — your message is not sent rather than sent unprotected. Open the desktop app to restore protection, or explicitly pause MyYaad to send that message unprotected.

Yes. The audit log records every shadow operation with a hash-chained entry — which fields were matched, which shadows were used, and which provider received them. The log is stored locally at ~/.myyaad/logs/audit.jsonl and can be exported. Before each send, a floating preview panel shows you the exact before/after for every field.

The extension detects the disconnect within seconds and shows a clear "Desktop app not running" message in the popup with a Retry button. Your prompts are sent normally without shadow protection — the extension never blocks your workflow. When the desktop app starts, the extension reconnects automatically.

Yes. Add PDFs, Word documents and Excel spreadsheets on MyYaad’s Documents page. MyYaad reads each file on your device, finds the sensitive data inside — names, emails, national IDs, SSNs, account numbers and more — and swaps it for realistic shadows. You can add several files and use them together as combined context. MyYaad never uploads your files; the shadowing happens before anything reaches the AI.

Two ways to bring a document to the AI — both shadowed on your device first, so your real data never leaves your computer. Use as Context puts the document’s text, with sensitive values already replaced by shadows, straight into your prompt — best when you want to ask the AI about a document’s contents (PDF, Word and Excel). An AI-safe copy is a clean, shadowed copy of the file itself (for example clients.safe.xlsx) saved next to your original — you upload that copy so the AI can work on the file directly, sorting, summing and averaging realistic-but-fake values. That’s best when the AI needs the actual file, like a spreadsheet to calculate on. AI-safe copies are available for Excel spreadsheets today, with more formats to come. Either way, you choose what to send — MyYaad doesn’t upload anything for you.

Yes — that’s why MyYaad uses realistic shadows instead of [REDACTED] blanks. An AI-safe copy keeps the shape of your data: numbers stay numbers you can sum and average, names stay realistic names, emails stay valid-looking. The AI does real work on data that behaves exactly like yours — it just isn’t yours. Columns you mark as not sensitive, such as a score, are kept exactly as they are.

MyYaad currently supports six AI chatbots: ChatGPT by OpenAI (chat.openai.com and chatgpt.com), Claude by Anthropic (claude.ai), Gemini by Google (gemini.google.com), DeepSeek (chat.deepseek.com), Perplexity (perplexity.ai), and Grok (grok.com and grok.x.ai). Each provider gets a different shadow value for the same real data — so even if multiple providers were breached simultaneously, they couldn’t correlate your information across services. More providers will be added in future updates.

Yes. This is a core security feature called provider-specific salting. When you add "John Smith" to your vault, ChatGPT might see "Ethan Anderson", Claude sees "Sofia Rivera", Gemini sees "Marcus Lee", and DeepSeek sees "Aisha Brown". The shadows are generated using HMAC-SHA256 with a unique salt per provider — they are mathematically different and cannot be correlated.

No. MyYaad automatically detects which AI chatbot you’re using and applies the correct adapter. Shadow protection activates automatically on supported sites. You don’t need to select a provider or change any settings when switching between ChatGPT, Claude, Gemini, DeepSeek, Perplexity and Grok.

Grok and Perplexity are now supported, alongside ChatGPT, Claude, Gemini and DeepSeek. Other chatbots such as HuggingChat and Copilot are on our roadmap — the adapter architecture makes new providers straightforward to add. If there’s one you’d like supported, let us know via our support page.

Yes. MyYaad supports both chat.openai.com and chatgpt.com. The extension automatically detects either domain and applies shadow protection.

Nothing to set up. As you type, MyYaad automatically recognises common sensitive data — email addresses, phone numbers (UK, US and international), credit-card numbers, bank IBANs, passport numbers, dates of birth, API keys and postcodes/ZIP codes — plus government ID and tax numbers for 20+ countries. Anything it recognises is swapped for a realistic fake before your prompt ever leaves your device. You can also add your own entries to the vault for anything specific to you.

MyYaad ships with detectors for national-ID and tax numbers across 20+ countries, including: United States (SSN, EIN, ITIN), United Kingdom (National Insurance, UTR), Canada (SIN), India (Aadhaar, PAN), Ireland (PPS), and Spain, Italy, Sweden, Switzerland and Belgium across Europe; Pakistan, Sri Lanka, China, South Korea, Malaysia and Singapore across Asia; the UAE and Ghana; and Brazil, Argentina, Chile and Mexico across Latin America. Don’t see yours? Add it to your vault and MyYaad protects it everywhere.