AI Transparency & Compliance
Full transparency on how CleanMyPrompt works, what data it processes, and how it aligns with the EU AI Act, GDPR, and enterprise compliance requirements.
Our Privacy Architecture
Client-Side Only
All text processing — PII detection, redaction, token compression — runs entirely in your browser. No text is ever transmitted to our servers.
Zero Data Collection
We do not collect, store, log, or transmit any user-submitted text. Session history is stored in your browser's localStorage only.
No AI Models Used
CleanMyPrompt uses deterministic regex patterns and NLP rules — not AI models — to detect and redact PII. No training on your data.
Audit Trail
The built-in audit log lets you export a verifiable record of every cleaning operation for compliance documentation.
Open Source Engine
Our detection rules are visible in the source code. You can inspect, audit, and self-host the entire application.
GDPR & EU AI Act Ready
Designed for Article 52 transparency requirements. No automated decision-making. No profiling. Full user control.
Data Flow
// How your text is processed:
1. User pastes text into browser → stays in browser memory
2. Regex + NLP engine scans for PII patterns → client-side JavaScript
3. Detected PII replaced with tags [EMAIL], [SSN], etc → in-memory only
4. Cleaned text displayed in output panel → browser DOM
5. User copies result → browser clipboard
// What is NOT happening:
✗ No HTTP requests with your text
✗ No server-side logging
✗ No cookies tracking content
✗ No third-party analytics on text
EU AI Act Compliance
| Article | Status | Detail |
|---|---|---|
| Article 52 — Transparency | Compliant | CleanMyPrompt does not use AI systems that interact with natural persons. All processing is deterministic (regex + NLP rules). This page serves as our transparency notice. |
| Article 5 — Prohibited Practices | Not Applicable | CleanMyPrompt does not perform subliminal manipulation, social scoring, real-time biometric identification, or any prohibited AI practice. |
| Annex III — High-Risk Classification | Not High-Risk | CleanMyPrompt is a text preprocessing utility. It does not fall under any high-risk AI system category (employment, education, law enforcement, etc). |
| Article 13 — Record Keeping | Supported | The audit log feature generates exportable records of all cleaning operations, enabling enterprise compliance documentation. |
Technical Implementation
- Detection Engine: Deterministic pattern matching using regex + Compromise.js NLP. No machine learning models, no neural networks, no cloud inference.
- Patterns Detected: API keys (OpenAI, AWS, GitHub, Google, Stripe), credit card numbers, IBANs, crypto wallets, SSNs, email addresses, phone numbers, IP addresses, person names, street addresses, dates.
- Processing Location: JavaScript Web Worker in your browser. Falls back to main thread if Web Workers are unavailable.
- Storage: localStorage for user preferences and optional session history. No IndexedDB. No server-side persistence.
- Network Requests: Only page assets (HTML, CSS, JS) are fetched. Optional Vercel Analytics collects page-view counts only (no text content).
- API Routes: The optional REST API (/api/v1/) processes text server-side but retains zero logs and zero data after the response is sent.
Audit Log Feature
CleanMyPrompt includes a built-in audit log that records every cleaning operation locally in your browser. Enterprise teams can export these logs for compliance documentation.
What is logged: Timestamp, mode used, PII types found (not the actual PII values), token counts, reduction stats.
What is NOT logged: Original text, cleaned text, actual PII values, user identity.
Export format: JSON file downloadable from the UI.
Storage: Browser localStorage only. Cleared when you clear browser data.
Questions?
If you need a formal Data Processing Agreement or have compliance questions, contact us.
DPA / Privacy requests: privacy@cleanmyprompt.io
Security vulnerabilities: security@cleanmyprompt.io