Privacy

Your sensitive datanever leaves your browser.

ONYRI Sanitize identifies 38 types of sensitive data across 6 families — from names to emails, from API keys to strategic decisions. Detection, masking and restoration run in your browser, in local, verifiable JavaScript. No text, no file, no token ↔ value mapping is ever transmitted to us.

Pillar 01

100% client-side processing

Detection, tokenization and restoration run in your browser, in local JavaScript. The engine currently identifies dozens of types across 6 families — personal identifiers, technical secrets (AWS, Stripe, OpenAI…), financial data, inline passwords, company identifiers, strategic markers. No text, no file, no token ever passes through a remote server.

Pillar 02

No telemetry in the engine

On the pages where you handle your data — text, tables, chat — no analytics, no tracking pixel, no Google Fonts, no third-party scripts. The DevTools Network tab stays silent during processing. (Public pages and your account's navigation/billing pages use audience measurement: see the note below.)

Pillar 03

Volatile memory, never persisted

The mapping lives in JS memory in the current tab. Nothing is written to localStorage, sessionStorage or IndexedDB. Refreshing the page wipes everything.

What the promise covers — and what it doesn't

coverage

A regex detector can't recognize everything. Here's the truth about what ONYRI catches today, by category — so you know where we stop.

Complete
  • Personal identifiers (GDPR)
  • Financial data (IBAN, RIB, salary…)
  • Access and credentials (API keys, passwords)
Partial
  • Intellectual property (source code: not detected by regex)
  • HR and internal (no dedicated disciplinary record)
  • Strategy and governance (limited heuristic detection)
Out of scope
  • Critical operations (ERP, SCADA — dedicated DLP domain)

For what regex can't cover (source code, ERP, critical infrastructure), turn to a dedicated DLP solution. You can also add your own rules for the business identifiers specific to your activity.

Verify it yourself

procedure
  1. 01

    Open the browser developer tools

    F12 or ⌘⌥I
  2. 02

    Switch to the « Network » tab and enable « Fetch/XHR »

  3. 03

    Run a full cycle — analysis, tokenization, restoration

  4. 04

    Confirm that no outgoing request is made

Resume a session later

Since the mapping is volatile, export it from the Session menu if you want to restore the LLM's response later or continue on another machine. The file onyri-session-*.json only leaves your disk at your initiative.

Custom rules and profiles — stored locally

ONYRI Sanitize stores your custom rules and profiles locally in your browser (localStorage), so you don't have to recreate them every session. This data contains no client data — only your configurations: rule names, regex patterns, examples you've chosen. No data you process (text, files, mappings) is ever stored.

Check in DevTools → Application → Local Storage: the keys onyri-sanitize.rules.v1 and onyri-sanitize.profiles.v1 exist; no other is written.

Audience measurement — public site and your account journey

On our public marketing pages (home, pricing, about, sign-in, sign-up…) and on your account's navigation and billing pages (onboarding, rules & profiles, billing, checkout, my space), we use Google Analytics, through Google Consent Mode, to understand the journey and improve the product. In the European Economic Area, measurement is disabled by default and no cookie is set until you accept via the banner — you can decline. It never runs on the pages where you work (text, tables, chat) and never receives any data you process (text, files, tokens): only the names of the screens visited and conversion steps (subscription, payment) are measured. When measurement is allowed, a pseudonymous, non-reversible account identifier may be used to link your visits, without revealing your identity. The anonymization engine stays fully separate and telemetry-free.

← back to the app