Browser extension · Free · Source available

You typed a secret
into ChatGPT.

blckit sits between your keyboard and the AI. It seals API keys, passwords, PHI, and credentials before they leave your browser. You keep typing normally.

Free. No account. Takes 30 seconds to install.

✓ You're on the list. Install it now:

Download the zip, unzip it, then load it in your browser below.

Install on C Chrome F Firefox E Edge

Live demo — try it

Try pasting something sensitive, or pick an example:

API key Patient record SSN Credit card Clean text

blckit watching

〈API_KEY_1〉 token replaces the real value

〈NAME_1〉 patient name sealed

How it works

Install and forget

Add blckit to Chrome, Firefox, or Edge. It runs silently in every tab — no setup, no accounts, no configuration required.

Type normally

Write prompts, messages, and notes in ChatGPT, Claude, Gemini, Copilot, Perplexity, Slack, Gmail, Teams, WhatsApp, Doximity, Zoom, TigerConnect, and Notion exactly as you do today. blckit watches the compose field passively.

Send — it seals before transmit

When you hit send, blckit intercepts in under 50ms. Detected secrets are replaced with sealed tokens like 〈API_KEY_1〉. The real value never reaches the server.

Every action is logged locally

A tamper-evident Ed25519-signed ledger on your device records every seal. No data leaves your machine. You own the audit trail.

What blckit catches

API Keys

sk-proj-abc123...

→ 〈API_KEY_1〉

AWS Keys

AKIAIOSFODNN7...

→ 〈AWS_KEY_1〉

Passwords

password=hunter2...

→ 〈PASSWORD_1〉

Private Keys

-----BEGIN RSA...

→ 〈PRIVATE_KEY_1〉

JWTs

eyJhbGciOiJIUzI...

→ 〈JWT_1〉

SSN

123-45-6789

→ 〈SSN_1〉

Credit Cards

4111 1111 1111 1111

→ 〈CREDIT_CARD_1〉

Patient Records

MRN 12345 dob 1/1/70

→ 〈MRN_1〉〈DOB_1〉

Crypto Wallets

0x71C7656EC7ab...

→ 〈CRYPTO_1〉

Connection Strings

postgres://user:pass@...

→ 〈PASSWORD_1〉

IBAN / Routing

routing 021000021

→ 〈ROUTING_1〉

Passport / DL

passport: A12345678

→ 〈PASSPORT_1〉

How we built it

Zero cloud

Detection runs locally in the extension. Nothing is sent to our servers — because we don't have any in your data path.

Source available

The entire extension is readable on GitHub. Inspect what it does before you install it. Security tools that hide their code are the threat.

AES-256-GCM sealing

Tokens are encrypted with a key that never leaves your device. Your browser is the only place that can unseal them.

Signed audit ledger

Every seal is recorded in an Ed25519-signed, hash-chained local ledger. Tamper-evident proof that protection happened.

50ms intercept

Detection runs before your send completes. Under 50ms round-trip. You won't notice it.

One undo

After auto-seal, a 10-second toast lets you undo if blckit caught something that wasn't actually sensitive.

Going further

Pro

Shield mode — arm every send in a session with one keystroke
Visual PHI redaction on screenshots and images before sharing
Echo and ultrasound clip scrubbing — PHI banner removed frame-zero
Extended audit export for personal compliance records

Clinical HIPAA

Zero-knowledge NanoTDF envelopes — sealed letters only the recipient can open
2FA key delivery with signed authorization records: "Dr. Jones read this at 9:47am"
Clinical NER — catches bare patient names, shorthand, and informal identifiers regex misses
DICOM de-identification for radiology files
MDM deployment package, org compliance dashboard, SIEM export
HIPAA BAA included

Talk to us → hello@blckit.co

Stop leaking.
Start sealing.