The Shadow Flow

How MyYaad protects
your data, step by step.

From the moment you type to the moment you read the response — here's everything that happens under the hood.

  1. 01

    You type a prompt in ChatGPT

    Use any supported AI chatbot normally. Type your prompt including real personal details — names, dates, salary, employer.

  2. 02

    Extension captures the text

    The content script uses capture-phase event delegation on document.body to intercept the submit action (click or Enter key) before it reaches the chatbot.

  3. 03

    Prompt sent to localhost daemon

    The extension sends the raw prompt to localhost:3000/shadow — the desktop daemon running on your machine. This is a loopback connection that never touches the internet.

  4. 04

    Vault matching

    The daemon matches prompt text against your vault entries using exact match first, then Levenshtein fuzzy matching for typos and variations.

  5. 05

    Shadow generation

    The Shadow Engine generates provider-specific shadow values. Each value is deterministic per salt — the same input always produces the same shadow for a given provider.

  6. 06

    Provider salting

    HMAC-SHA256(master_key, provider_name) produces a unique salt per provider. This means ChatGPT, Claude, and Gemini each see mathematically different shadows for the same real value.

  7. 07

    Daemon returns shadowed prompt

    The daemon returns the modified prompt plus a shadow map (shadow → real value lookup table) to the extension.

  8. 08

    Preview panel (optional)

    A floating preview panel shows you exactly what will be sent — field by field, with original → shadow comparisons. You see the transformation before it happens.

  9. 09

    Input field replaced

    The extension replaces the chatbot input field DOM text with the shadowed prompt, using execCommand to trigger the chatbot’s internal state updates (React/ProseMirror/Quill).

  10. 10

    Shadowed prompt sent to AI

    The modified prompt is sent to the AI provider. Your real data never crosses the wire — only realistic shadow values.

  11. 11

    AI responds with shadows

    The LLM responds using the shadow values naturally. Because shadows are realistic (not [NAME] placeholders), the AI produces coherent, useful responses.

  12. 12

    Response de-shadowed

    A MutationObserver watches for new assistant messages. When detected, the extension scans the response DOM for shadow values and replaces them with your real values.

  13. 13

    You see the real response

    You see your real data in the response. A subtle indicator shows "3 values restored". The AI never knew your real data existed.