Guide7 min read

How to Anonymize Your ChatGPT Prompts (Step by Step)

To anonymize a ChatGPT prompt, swap every real identifier — names, keys, amounts — for a neutral placeholder before you paste, then restore it locally.

By Pierre de ONYRI

To anonymize a ChatGPT prompt, replace every real identifier with a neutral placeholder before you paste. Swap names, emails, phone numbers and addresses. Swap company and client names. Swap financial figures, ID numbers and API keys. Swap any health detail. Use a simple tag like [CLIENT] or [AMOUNT]. Then put the real values back into the answer on your side. By hand this is slow and easy to get wrong. A browser tool can detect and swap them for you, then restore them locally. The model only ever sees the placeholders.

What counts as sensitive inside a prompt

Before you clean a prompt, know what to look for. Sensitive data comes in families. If a line could point back to a real person, a real deal or a real system, treat it as sensitive. Here is the checklist.

  • Names and contact: people, emails, phone numbers, postal addresses.
  • Financial: salaries, revenue, prices, bank details, invoice amounts.
  • Credentials and keys: passwords, API keys, tokens, private keys.
  • Health: diagnoses, conditions, medical records, sick-leave details.
  • Client and company: customer names, employer, partner or supplier names.
  • Internal and strategic: unreleased plans, deal terms, internal URLs, meeting notes.

The manual placeholder method

You can do this by hand. The idea is simple. Pick one tag per value and use it everywhere.

  1. 1Read your draft and mark every real identifier.
  2. 2Choose a clear placeholder for each one, like [CLIENT] or [AMOUNT].
  3. 3Replace every copy of a value with the same placeholder.
  4. 4Keep a small private mapping of tag to real value on your side.
  5. 5Paste the cleaned prompt into ChatGPT.
  6. 6When the answer comes back, put the real values in yourself.

This works, but it is fragile. You will miss things — a name mid-sentence, a number in a table. Your tags drift when [CLIENT] becomes [CUSTOMER] halfway through. Context can still leak even with names removed. And it does not scale past a few short prompts.

The automated method, in the browser

A client-side tool does the same job, faster and more consistently. It runs in your browser. It scans the text and finds the sensitive spans. It swaps each one for a reversible token before the text leaves your device. ChatGPT only ever sees the tokens. When the answer returns, the tool puts the real values back locally. The mapping never leaves your browser.

This matters for a reason security teams stress. The OWASP Top 10 for LLM Applications lists Sensitive Information Disclosure among the top risks (LLM02 in the 2025 edition, up from sixth place). One route is simple: the sensitive data was in the prompt itself. Data you never place in the box cannot surface later through it.

A before-and-after example

Here is a short prompt with clearly fake data. On the left, the raw version. On the right, the same prompt after tokenisation.

Raw prompt (do not send)Cleaned prompt (safe to send)
Hi, I'm Jean Martin from ACME Corp.Hi, I'm [NAME] from [COMPANY].
Call our client on +33 6 12 34 56 78.Call our client on [PHONE].
Our Q3 loss came to 480,000 euros.Our Q3 loss came to [AMOUNT].
The deploy key is sk-fake-9f2a7c00.The deploy key is [API_KEY].
Fake data for illustration. After ICO pseudonymisation guidance, GDPR Article 5(1)(c) and OWASP LLM02.

When to anonymise

The rule is short. Always clean work, customer and client data. When in doubt, clean it. This is data minimisation in practice.

GDPR Article 5(1)(c) sets out that principle. Personal data must be 'adequate, relevant and limited to what is necessary' for the task. Applied to a prompt, send the model only what the job needs. Strip the identifiers it does not need to help you.

  • Anything with a customer or client name — always.
  • Work documents: contracts, invoices, HR files, code with secrets.
  • Anything you would not post publicly.
  • When you are unsure — treat it as sensitive and clean it.
Abstract diagram: a chat prompt box on the left holds three identifier rows in amber (a name, a number, a key); an arrow passes through a small anonymiser gate in the centre; on the right, the output shows only cobalt token chips and a checkmark; a subtle restore arrow curves back toward the user.
After the ICO's guidance on pseudonymisation, GDPR Article 5(1)(c) and OWASP LLM02 (sensitive information disclosure).

That is the job ONYRI Sanitize does. Detection runs in your browser, across every sensitive family — names, keys, amounts, health, client and company data. It swaps each match for a reversible token before the prompt is sent. The mapping stays on your device and never transits. ChatGPT sees only tokens, never your real values. You get the answer, and the tool restores your data locally. For the wider method beyond ChatGPT, see our pillar guide on how to anonymise data before using AI.

Frequently asked questions

How do I anonymize a ChatGPT prompt?
Replace every real identifier with a neutral placeholder before you paste. Swap names, contact details, financial figures, client and company names, ID numbers, API keys and health details for tags like [CLIENT] or [AMOUNT]. Keep a small private mapping. Then restore the real values in the answer. A client-side tool can detect and swap them for you, and put them back locally, so the model only ever sees tokens.
Is a placeholder the same as anonymised data?
Not exactly. The UK ICO calls removing all links to a person anonymisation. Swapping a name for [CLIENT] while you keep the mapping is pseudonymisation. The mapping can still re-link to the person, so keep it private. It still lowers the risk your text carries if it is exposed. But do not treat the output as legally anonymous data.
What counts as sensitive in a prompt?
Six families in plain words. Names and contact details. Financial figures. Credentials and keys. Health details. Client and company names. Internal or strategic information. If a line could point back to a real person, deal or system, treat it as sensitive and replace it before you send.

Sources & references

Keep your sensitive data in your browser

ONYRI Sanitize detects and masks your sensitive data before it reaches the AI, then restores the answer — from names to API keys.

Anonymize my prompt

Read next