Use AI.
Keep your
secrets.

Wharx detects and hides the sensitive parts of your text — names, accounts, medical info, keys — before they reach any AI. The browser extension redacts inline as you type into ChatGPT, Claude, or Gemini. The model sees placeholders; you see the real reply.

Add to ChromeTry the web app

Also for Firefox · Edge · Safari · standalone web app

100+patterns detected
220msmedian scan time
0 Bleaves your browser
account required
MITopen source
01Your prompt
Help me debug this. Our Stripe webhook started 502'ing in prod this morning: 2026-05-21 14:32 ERROR webhook.ts:42 — invalid signature STRIPE_SECRET_KEY=sk_live_51Hx8nfABcdEfGhIjKlMnOpQr Request from 73.214.88.42 logged by alex.chen@acme.io
4 sensitive values found
02Protected
Help me debug this. Our Stripe webhook started 502'ing in prod this morning: [DATE_1] 14:32 ERROR webhook.ts:42 — invalid signature STRIPE_SECRET_KEY=[STRIPE_1] Request from [ADDRESS_1] logged by [EMAIL_1]
4 placeholders · safe for ChatGPT, Claude, Gemini
03Restored answer
The "invalid signature" error on 2026-05-21 usually means the sk_live_51Hx8nfABcdEfGhIjKlMnOpQr in your env doesn't match the one Stripe is currently signing with — easy to introduce when alex.chen@acme.io rotated the webhook secret in the dashboard but didn't update the deployed env var. The 73.214.88.42 source is fine; failure is on signature verification, not the request. Confirm the key prefix matches your live-mode webhook and that any recent rotation propagated to ECS.
Real values back, locally on your device

how it works

Three steps. Stays in your browser.

01 · 02 · 03

STEP 01

Type or paste

Type normally into ChatGPT, Claude, or Gemini — the extension scans every keystroke. Or paste any text into the web app. Wharx works wherever you are.

STEP 02

Protect

Real names, accounts, keys, IDs swap to typed placeholders the second they're detected. The protected version is what the AI receives.

STEP 03

Restore

When the AI replies, placeholders swap back to real values — inline in the chat with the extension, or in the web app after you paste the reply. The original details never crossed the wire.

who uses wharx

Not just for engineers.

Any time you paste real work into an AI, you also paste a little bit of someone's private life. Wharx is for everyone who'd rather not.

LawUSE CASE

Lawyers

Summarising a deposition without leaking client names, case numbers, or counterparty details.

[CLIENT_1] · [CASE_NO_3] · [PARTY_2]
HealthUSE CASE

Healthcare

Drafting patient notes and discharge instructions without exposing PHI to the model.

[PATIENT_1] · [MRN_1] · [ICD10_3]
FinanceUSE CASE

Financial advisors

Preparing client summaries with account numbers, balances, tax IDs, and wire details protected.

[ACCOUNT_1] · [SSN_1] · [IBAN_2]
PressUSE CASE

Journalists

Source-protected interview transcripts. Names, locations, and contact details stay private.

[SOURCE_1] · [LOCATION_2] · [PHONE_1]
HRUSE CASE

HR & recruiting

Screening résumés or drafting feedback without sending candidate data to a third-party AI.

[CANDIDATE_1] · [EMAIL_2] · [SALARY_1]
CodeUSE CASE

Engineers

API keys, connection strings, customer data — all swapped before a single prompt is sent.

[API_KEY_1] · [DB_URL_1] · [CUSTOMER_2]

what wharx catches

119+ patterns. Validated, not guessed.

Luhn for cards. MOD-97 for IBAN. Verhoeff for Aadhaar. Issuance rules for SSN. Wharx confirms a match is real before redacting it.

Identity & contact5+ patterns
NamesEmailPhonesAddressesDates of birth
Secrets & keys8+ patterns
OpenAI sk-AnthropicAWSGitHubStripeSlackJWTSSH/PEM
Government IDs5+ patterns
SSNEINITINPassportDriver's licence
Financial7+ patterns
Cards (Luhn)IBANSWIFT/BICABA routingCUSIPISINLEI
Healthcare5+ patterns
NPIDEAICD-10CPTMRN
Crypto5+ patterns
BTCETHSOLSeed phrasesPrivate keys

for developers

Same engine.
npm install.

The redaction engine that powers wharx.com ships as a zero-dependency SDK, a CLI, and an MCP server. Drop it into any agent pipeline. Same patterns, same validation, same privacy guarantee.

@wharx/sdk@wharx/cli@wharx/mcp
example.ts
import { redact, restore } from '@wharx/sdk';

const input = "Schedule a call with Maria at
  maria@acme.io about her IRA";

const { protectedText, secretMap } =
  redact(input);

// "Schedule a call with [PERSON_1] at
//   [EMAIL_1] about her IRA"

const reply = await callAnyAI(protectedText);
return restore(reply, secretMap);

the promise

We can't leak
what we never received.

Wharx is a tool, not a service. The redaction engine runs in your browser tab — there is no “wharx server” that sees your prompts, your detections, or the AI's reply. The privacy guarantee is structural: there's no server in the round-trip.

No account
Open the site and start
No tracking
Zero analytics, no cookies
No exfiltration
Code runs in your tab
MIT licensed
Read every line

ready when you are

Protect a prompt.
Right now.

Open the app in this tab. No signup. The whole product runs in your browser — including this page.

Add to ChromeOpen the web app