The Shadow Flow

How MyYaad protects
your data, step by step.

From the moment you type to the moment you read the response — here's everything that happens under the hood.

  1. 01

    You type a prompt in any supported AI chatbot

    Use ChatGPT, Claude, Gemini, or DeepSeek normally. Type your prompt including real personal details — names, dates, salary, employer.

  2. 02

    Extension captures the text

    The content script uses capture-phase event delegation on document.body to intercept the submit action (click or Enter key) before it reaches the chatbot.

  3. 03

    Prompt sent to localhost daemon

    The extension sends the raw prompt to localhost:3000/shadow — the desktop daemon running on your machine. This is a loopback connection that never touches the internet.

  4. 04

    Vault matching

    The daemon matches prompt text against your vault entries using exact match first, then Levenshtein fuzzy matching for typos and variations.

  5. 05

    Shadow generation

    The Shadow Engine generates provider-specific shadow values. Each value is deterministic per salt — the same input always produces the same shadow for a given provider.

  6. 06

    Provider salting

    HMAC-SHA256(master_key, provider_name) produces a unique salt per provider. This means ChatGPT, Claude, Gemini, and DeepSeek each see mathematically different shadows for the same real value.

  7. 07

    Daemon returns shadowed prompt

    The daemon returns the modified prompt plus a shadow map (shadow → real value lookup table) to the extension.

  8. 08

    Preview panel (optional)

    A floating preview panel shows you exactly what will be sent — field by field, with original → shadow comparisons. You see the transformation before it happens.

  9. 09

    Input field replaced

    The extension replaces the chatbot input field DOM text with the shadowed prompt. Each provider uses different UI frameworks — MyYaad’s adapters handle the differences automatically.

  10. 10

    Shadowed prompt sent to AI

    The modified prompt is sent to the AI provider. Your real data never crosses the wire — only realistic shadow values.

  11. 11

    AI responds with shadows

    The AI responds using the shadow values naturally. Because shadows are realistic (not [NAME] placeholders), the AI produces coherent, useful responses.

  12. 12

    Response de-shadowed

    A MutationObserver watches for new assistant messages. When detected, the extension scans the response DOM for shadow values and replaces them with your real values.

  13. 13

    You see the real response

    You see your real data in the response. A subtle indicator shows "3 values restored". The AI never knew your real data existed.

Provider Adapters

Provider Notes

MyYaad includes dedicated adapters for each supported AI chatbot. Each adapter handles the provider's specific UI framework, input method, and response rendering. All adapters share the same shadow engine — the difference is only in how they interact with each provider's DOM.

ChatGPT

chat.openai.com, chatgpt.com

  • Input: ProseMirror-based rich text editor
  • Shadow injection via execCommand for React state compatibility
  • De-shadowing watches for streamed response chunks

Claude

claude.ai

  • Input: ProseMirror-based editor
  • Shadow injection handles Anthropic’s conversation UI
  • De-shadowing supports Claude’s streaming response format

Gemini

gemini.google.com

  • Input: Custom Google rich text component
  • Shadow injection adapted for Google’s Angular-based UI
  • De-shadowing handles Gemini’s response rendering pipeline

DeepSeek

chat.deepseek.com

  • Input: Standard textarea / rich editor
  • Shadow injection via value replacement
  • De-shadowing watches for streamed response updates

If a provider changes their UI, we update the adapter without changing the shadow engine.