Browser extension
The browser extension adds CloakAPI’s privacy layer directly to the AI chat sites you already use. With it installed, you keep using ChatGPT, Claude, Gemini or Grok exactly as before — but personal data in your prompts is tokenised locally in your browser before the request reaches the provider, and the reply is turned back into the real values for you. It is a standalone client-side tokeniser: no desktop app required.
The extension is one of the three ways to use CloakAPI (API / SDK / proxy · Chat · browser extension). Prefer a private chat window instead of your provider’s own site? Use the portal Chat. Writing code? Start with the Quickstart.
What’s live today
- Typed-text tokenisation is live on all four sites —
chatgpt.com,claude.ai,gemini.google.comandgrok.com. Structured identifiers (emails, phones, cards, national IDs) and common personal names are tokenised on-device as you send. - File / image tokenisation is live on
claude.ai(typed prompts and uploads). On the other three sites the image path is fail-closed — it blocks rather than send an unprotected upload — pending per-site endpoint verification. - 25 interface locales.
- Coverage honesty. The browser build uses fast on-device pattern + name-list matching, not a full NER model, so names outside the on-device dictionary, non-Latin scripts and free-form addresses or organisations can still slip. For the fullest coverage, pair it with the desktop app.
Install it
Official store listings (Chrome Web Store and Mozilla Add-ons) are in review. Until they are approved, install the signed-off build directly from the downloads page using developer-mode sideload:
Chrome / Edge
- Download
cloakapi-extension-chrome.zipfrom app.cloakapi.io/downloads and verify the published SHA-256. - Extract to a plain local folder that is NOT synced by OneDrive, Google Drive
or Dropbox — e.g.
C:\cloakapi-extensionor~/cloakapi-extension. (Sync tools drop hiddendesktop.inifiles into extracted folders, which Chrome then warns about — that file is not part of our package and is harmless if you see it.) - Open
chrome://extensions, turn on Developer mode (top right), click Load unpacked, and select the extracted folder (the one containingmanifest.json). Keep the folder in place — Chrome runs the extension from it.
Firefox
- Download
cloakapi-extension-firefox.xpifrom app.cloakapi.io/downloads and verify the SHA-256. - Release Firefox installs only signed add-ons, so use a temporary load: open
about:debugging#/runtime/this-firefox, click Load Temporary Add-on… and pick the.xpi. It runs like a normal install but is removed when Firefox closes — load it again after a restart (or wait for the signed listing). - Developer Edition / Nightly / ESR allow a permanent install: set
xpinstall.signatures.requiredtofalseinabout:config, then install the.xpifrom the Add-ons Manager.
The store listings will replace these steps with one-click install and automatic updates the moment they are approved — join the waitlist to be emailed on launch.
Good to know
- Paid, key-backed, fail-closed. Tokenisation requires a CloakAPI account with balance. If the extension cannot tokenise a message it blocks the send rather than let raw text egress — your original text never leaves the browser in that case.
- Pricing is usage-based, USD only — a flat markup on top of the underlying model cost. See pricing.
- How it works end-to-end: How privacy works.