Skip to content

DLP for ChatGPT, Copilot & Claude

Stop sensitive data leaking into ChatGPT. On-device, before the prompt is sent.

AIovert is a browser-based DLP for ChatGPT and 20+ AI tools. It detects personal data, source code, and credentials in the prompt and blocks them on-device — before anything reaches the model. No proxy, no SSL inspection, deploys in 15 minutes.

chatgpt.com
Paste blocked
EMAIL · CREDIT_CARD · API_KEY_AWS
your team

This paste contains customer PII, a card number and an AWS key. Sending it to ChatGPT would breach GDPR Art. 28/32. It never left the browser.

The exposure

What your team pastes into AI, and why it's a problem.

  • Personal & customer data: names, emails, SSNs, IBANs and customer lists pasted in to draft replies or summarise records.
  • Source code & secrets: proprietary code, API keys and access tokens dropped in to debug or refactor.
  • Why it's invisible: ChatGPT traffic is TLS-encrypted, so network DLP and CASBs see the connection but never the prompt text.

Regulatory mapping

The rules that apply, and where the risk sits.

GDPR Art. 28

Unapproved processor

Pasting personal data into consumer ChatGPT with no DPA makes it an unvetted processor — an Article 28 breach.

GDPR Art. 32

Security of processing

On-device blocking is an appropriate technical measure; an uncontrolled prompt is a failure of it.

EU AI Act Art. 4

AI literacy & governance

You must show staff use AI tools under control — an audit log of blocked prompts is that evidence.

Informational mapping, not legal advice. See our compliance overview for the full framework.

How AIovert helps

Block the leak. Log the proof.

  • Block at the input field: the paste is cancelled in the browser; nothing sensitive reaches ChatGPT.
  • Work continues, masked: one click pastes a redacted copy so the task still gets done, re-checked before it goes out.
  • Deploy in 15 minutes: force-install via Google Workspace or Intune. No proxy, no certificates, no network changes.
  • Audit-ready evidence: every attempt logged with severity, tool, user and regulation — export to CSV, JSON or SIEM.