PII Protection Levels by LLM
This guide explains the level of PII protection you can achieve when combining PII Firewall with different AI services and LLMs.
Key Insight: Protection Level Depends on the Route, Not the LLM
The protection level is determined by how you route text to the LLM, not which LLM you use.
| Route | Protection Level | Does the LLM see raw PII? |
|---|---|---|
| Chrome Extension | ✅ Full protection | ❌ Never |
| API / SDK (developer integration) | ✅ Full protection | ❌ Never |
| SEva pipeline | ✅ Full protection | ❌ Never |
| Claude Desktop + MCP (CLAUDE.md rule) | 🟡 High protection | ⚠️ Briefly (Claude judges, then masks) |
| Claude Desktop + session instruction | 🟡 High protection | ⚠️ Briefly on every message |
| No protection (direct AI input) | ❌ No protection | ✅ Sees everything |
PII Protection by LLM — Comparison Table
| LLM / Service | Chrome Ext | API/SDK | MCP | Full PII FW | Notes |
|---|---|---|---|---|---|
| Claude.ai (Anthropic) | ✅ | ✅ | ⚠️ | ✅ via Ext/API | Claude Desktop MCP: sees briefly |
| ChatGPT (OpenAI) | ✅ | ✅ | ❌ | ✅ via Ext/API | — |
| Gemini (Google) | ✅ | ✅ | ❌ | ✅ via Ext/API | — |
| Microsoft Copilot | 🟡 | ✅ | ❌ | ✅ via API | Web extension support unconfirmed. Full support via Azure OpenAI API |
| Perplexity AI | 🟡 | ✅ | ❌ | ✅ via API | Web extension support unconfirmed |
| Local LLM (Ollama / LM Studio) | ❌ | ✅ | ❌ | ✅ | Data stays local by design. API integration adds an extra safety layer |
| Mistral AI | 🟡 | ✅ | ❌ | ✅ via API | — |
| Llama (Meta, self-hosted) | ❌ | ✅ | ❌ | ✅ | Low risk by default (local execution) |
Legend: ✅ Supported / Full protection / 🟡 Conditional / Unconfirmed / ❌ Not supported
How Each Route Works
✅ Chrome Extension (Full Protection)
User types message
↓
Extension captures text before sending
↓
PII Firewall core engine masks locally
↓
Only masked text is sent to the AI service
↓
Extension captures AI response
↓
PII Firewall restores tokens to original valuesThe LLM never receives raw PII. Works identically for Claude.ai, ChatGPT, and Gemini.
✅ API / SDK Integration (Full Protection)
Your application
↓ call mask_pii()
Masked text
↓
Call LLM API (Claude / OpenAI / Gemini / etc.)
↓
Response (with tokens)
↓ call restoreAll()
Restored response displayed to userWorks with any LLM API — just mask before calling and restore after.
⚠️ Claude Desktop + MCP (High Protection, but Sees Briefly)
User message
↓
Claude receives it ← ⚠️ Sees raw PII for a moment
↓
Calls mask_pii tool (via CLAUDE.md rule or session instruction)
↓
Generates response using only masked textBecause Claude decides when to call mask_pii, it reads the original message first. This is high protection in practice, but not strictly "complete" protection.
Chrome Extension — Supported Services
| Service | Mask before send | Restore after receive | Injection detection |
|---|---|---|---|
| ChatGPT (chat.openai.com) | ✅ | ✅ | ✅ |
| Claude.ai | ✅ | ✅ | ✅ |
| Gemini (gemini.google.com) | ✅ | ✅ | ✅ |
| Gmail (AI reply assistance) | ✅ | ✅ | ✅ |
| Outlook Web (AI assistance) | ✅ | ✅ | ✅ |
Other services
For AI services not listed above (Microsoft Copilot, Perplexity, etc.), equivalent protection is available via the API/SDK route. Contact us about adding Chrome extension support for additional services.
Summary: 3 Ways to Achieve Full Protection
1. Install the Chrome Extension (easiest — for individual users)
→ Best for daily use of ChatGPT / Claude.ai / Gemini
2. Integrate via API / SDK (for developers)
→ Works with any LLM. Pattern: mask → call LLM → restore
3. Build a pipeline like SEva (for enterprise)
→ System-side automatic masking before any LLM — including Claude — sees the message