AI Transparency & Compliance
Full transparency on how CleanMyPrompt works, what data it processes, and how it aligns with GDPR, CCPA, HIPAA, EU AI Act, LGPD, PDPA, and enterprise compliance requirements globally.
Our Privacy Architecture
Client-Side Only
All text processing — PII detection, redaction, token compression — runs entirely in your browser. No text is ever transmitted to our servers.
Zero Data Collection
We do not collect, store, log, or transmit any user-submitted text. Session history is stored in your browser's localStorage only.
No AI Models Used
CleanMyPrompt uses deterministic regex patterns and NLP rules — not AI models — to detect and redact PII. No training on your data.
Audit Trail
The built-in audit log lets you export a verifiable record of every cleaning operation for compliance documentation.
Open Source Engine
Our detection rules are visible in the source code. You can inspect, audit, and self-host the entire application.
Global Compliance Ready
Designed for GDPR, CCPA, HIPAA, EU AI Act, LGPD, and PDPA requirements. No automated decision-making. No profiling. Full user control.
Data Flow
// How your text is processed:
1. User pastes text into browser → stays in browser memory
2. Regex + NLP engine scans for PII patterns → client-side JavaScript
3. Detected PII replaced with tags [EMAIL], [SSN], etc → in-memory only
4. Cleaned text displayed in output panel → browser DOM
5. User copies result → browser clipboard
// What is NOT happening:
✗ No HTTP requests with your text
✗ No server-side logging
✗ No cookies tracking content
✗ No third-party analytics on text
Regulatory Compliance
| Article | Status | Detail |
|---|---|---|
| Article 52 — Transparency | Compliant | CleanMyPrompt does not use AI systems that interact with natural persons. All processing is deterministic (regex + NLP rules). This page serves as our transparency notice. |
| Article 5 — Prohibited Practices | Not Applicable | CleanMyPrompt does not perform subliminal manipulation, social scoring, real-time biometric identification, or any prohibited AI practice. |
| Annex III — High-Risk Classification | Not High-Risk | CleanMyPrompt is a text preprocessing utility. It does not fall under any high-risk AI system category (employment, education, law enforcement, etc). |
| Article 13 — Record Keeping | Supported | The audit log feature generates exportable records of all cleaning operations, enabling enterprise compliance documentation. |
Technical Implementation
- Detection Engine: Deterministic pattern matching using regex + Compromise.js NLP. No machine learning models, no neural networks, no cloud inference.
- Patterns Detected: API keys (OpenAI, AWS, GitHub, Google, Stripe), credit card numbers, IBANs, crypto wallets, SSNs, email addresses, phone numbers, IP addresses, person names, street addresses, dates.
- Processing Location: JavaScript Web Worker in your browser. Falls back to main thread if Web Workers are unavailable.
- Storage: localStorage for user preferences and optional session history. No IndexedDB. No server-side persistence.
- Network Requests: Only page assets (HTML, CSS, JS) are fetched. Optional Vercel Analytics collects page-view counts only (no text content).
- API Routes: The optional REST API (/api/v1/) processes text server-side but retains zero logs and zero data after the response is sent.
Audit Log Feature
CleanMyPrompt includes a built-in audit log that records every cleaning operation locally in your browser. Enterprise teams can export these logs for compliance documentation.
What is logged: Timestamp, mode used, PII types found (not the actual PII values), token counts, reduction stats.
What is NOT logged: Original text, cleaned text, actual PII values, user identity.
Export format: JSON file downloadable from the UI.
Storage: Browser localStorage only. Cleared when you clear browser data.
Questions?
If you need a formal Data Processing Agreement or have compliance questions, contact us.
DPA / Privacy requests: privacy@cleanmyprompt.io
Security vulnerabilities: security@cleanmyprompt.io