Built for the AI-native enterprise

Obfusca is a product of ThreatVisor, Inc. We build browser-native security tools that give organizations control over how sensitive data flows to AI services without slowing teams down.

Development team working together

AI is powerful, and an easy way to exfiltrate data

Developers paste source code into ChatGPT. Sales teams upload customer CSVs to Claude. Support staff share internal docs with Gemini. Every day, sensitive data leaves the browser through AI tools with no visibility or control.

Obfusca exists to solve this problem. We built a browser-native LLM firewall that scans prompts and file uploads in real time, detects secrets and PII, and enforces simple policies. All before data ever leaves the endpoint.

Security & privacy by design

Obfusca is designed so that we never have access to your sensitive data. Here is how.

No raw data storage

We never store raw prompts or files. The events table only contains content hashes (SHA-256 for deduplication), detection summaries with types and counts, and the action taken. Matched sensitive values are never logged.

Row-level security

Multi-tenant architecture with Supabase row-level security (RLS). Each organization can only access its own data. RLS policies are enforced at the database level using JWT tenant claims.

Immutable event log

Detection events cannot be updated or deleted by users. Only the service role can delete events for data retention purposes. This ensures a tamper-resistant audit trail.

Private deployment option

Enterprise customers can opt for single-tenant or fully private deployment. Run Obfusca on your own infrastructure with full control over data residency.

Compliance

Obfusca helps organizations meet regulatory requirements by preventing sensitive data from reaching third-party AI services.

GDPR

GDPR

CCPA

CCPA

Data never leaves the browser

Sensitive content is detected and redacted before it reaches any AI service. Raw prompts and files are never transmitted to or stored by Obfusca.

Privacy by architecture

Only anonymized metadata and detection pattern hits are logged. Content hashes are used for deduplication, not reconstruction. Your data stays yours.

Granular access control

Row-level security, role-based permissions, and domain-based auto-join give administrators full control over who can access what.

Ready to protect your AI usage?

Scan prompts and file uploads across 11 AI platforms. Detect secrets and PII in real time, then mask, redact, or replace sensitive data before it leaves the browser.

Security Overview

Learn how Obfusca protects your organization's data.

Getting Started Guide

Set up your first policy in under 5 minutes.