Security Overview
Operational boundaries, extension permissions, and product-level controls that reduce prompt exposure risk.
Blur is built to minimize exposure by processing prompt content locally and limiting browser permissions to supported AI surfaces. This page details the security architecture, permission model, and team-level controls available to enterprise customers.
Local-first processing boundary
Sensitive text detection happens before a prompt is sent to the destination AI product. The entire detection and masking pipeline runs in the browser, which means the protection boundary sits between the user and the AI platform rather than depending on a server-side redaction step.
This architecture provides several key security properties:
- Zero network exposure. Prompt content is never transmitted over the network to Blur infrastructure. Detection happens in-process within the browser tab.
- No server-side dependencies. The detection engine does not require an API call, a cloud function, or any external service to perform masking. If the internet connection drops, detection still works.
- Reduced attack surface. Because prompt content never leaves the browser, there is no server-side storage, logging, or caching layer that could be compromised to expose sensitive data.
This design reduces exposure risk for organizations that need to keep names, contact details, and regulated identifiers out of external model requests.
Extension permissions
Blur requests the minimum set of Chrome permissions required to operate. Each permission is scoped to a specific function:
| Permission | Purpose |
|---|---|
activeTab | Inspect the current supported chatbot session to detect and mask sensitive content in the input field |
storage | Persist user preferences (detection toggles, theme, session state) across browser sessions |
Host: chatgpt.com | Run content scripts on ChatGPT to provide real-time detection and masking |
Host: chat.openai.com | Run content scripts on ChatGPT (legacy domain) to provide real-time detection and masking |
Host: claude.ai | Run content scripts on Claude to provide real-time detection and masking |
Host: gemini.google.com | Run content scripts on Gemini to provide real-time detection and masking |
Blur does not request broad host permissions, access to browsing history, or the ability to read content on arbitrary websites. The extension only activates on the supported AI platform domains listed above.
Content script isolation
Content scripts injected by Blur run in an isolated execution context provided by Chrome's extension architecture. This means:
- The content script can read and modify the DOM of the supported AI chatbot page to detect and mask sensitive content
- The content script cannot access cookies, localStorage, or JavaScript variables belonging to the host page
- The host page cannot access or interfere with the content script's execution context
Team controls
Enterprise teams have centralized management capabilities through the Blur dashboard:
- Seat management. Owners can add or remove team members and track how many seats are in use versus available.
- Role-based access. Three roles (owner, admin, member) provide appropriate levels of control without over-privileging end users.
- Centralized billing. Subscription management, invoicing, and payment methods are controlled by owners and admins, keeping financial access separate from day-to-day member usage.
These controls allow security and IT teams to maintain visibility into who has access without widening the data collection surface.
Security review requests
Product questions, security questionnaire assistance, or formal security review requests can be sent to maya@blurprivacy.app. We are happy to support your procurement and compliance evaluation process.