Every day, millions of people paste things into ChatGPT they probably shouldn't. Tax returns. Medical records. Work emails with client names. That weird rash. The API key they swore they'd rotate next week.
OpenAI just released a free tool that cleans all of it up before the chatbot ever sees it.
Think of it as spellcheck, but for privacy. You feed it a block of text, and it hands back the same text with all the sensitive bits swapped for generic placeholders like [PRIVATE_PERSON] or [ACCOUNT_NUMBER].
What OpenAI's Privacy Filter actually doesPrivacy Filter scans for eight categories of personal information: names, addresses, emails, phone numbers, URLs, dates, account numbers, and secrets like passwords and API keys. It reads the whole text in one pass, then tags the sensitive parts so they can be masked or redacted.
Here's a real example from OpenAI's announcement. You paste in an email that says:
Privacy Filter spits back:
"Thanks again for meeting earlier today (...) For reference, the project file is listed under [ACCOUNT_NUMBER]. If anything changes on your side, feel free to reply here at [PRIVATE_EMAIL] or call me at [PRIVATE_PHONE]."
Instead of dealing with black boxes and markers, it changes the actual text.
Plenty of tools already try to catch phone numbers and email addresses. They work by looking for patterns, like "three digits, dash, three digits." That's fine for obvious stuff but falls apart the second things get context-dependent.
Is "Annie" a private name or a brand? Is "123 Main Street" a person's home or a business address on a storefront? Pattern matching can't tell. Privacy Filter can, because it actually reads the sentence around it.
In other words, it successfully detects private information 96% of the time. Your job, as a privacy-conscious person is to take care of the other 4%
The "runs locally" part is the whole pointPrivacy nerds may see this as a good thing: OpenAI made a model small and powerful enough to run on your machine, meaning your text never leaves your computer to get cleaned.
That matters because the alternative, the one most companies currently use, is sending your raw data to some cloud service that claims to be secure and then trusting them. That arrangement does not always age well.
It’s also free and open source, so researchers can investigate it, improve it, and use it without worrying about legal consequences.
The data gets sanitized on your laptop, and only the scrubbed version travels anywhere else. If you run a small business, it means you can use AI to summarize customer emails without handing the customer's name to a third party. Freelance lawyers can feed case notes into a chatbot without leaking the client. Doctors can draft patient referrals without the patient's identity. Developers can debug code with an AI without pasting their own API keys straight into the prompt, which is apparently a rite of passage nobody talks about.
For regular people, the use case is more mundane and more common. You want to ask ChatGPT to rewrite that angry email to your landlord, but you don't love the idea of handing OpenAI your home address. Privacy Filter solves that in one step.
What it is notOpenAI was blunt about the limits. The company warned that Privacy Filter "is not an anonymization tool, a compliance certification, or a substitute for policy review."
Translation: don't use it as your only line of defense in a hospital, law firm, or bank. It can miss unusual identifiers, over-redact short sentences, and performs unevenly across languages. It is one tool in a stack, not a compliance checkbox. After all, 96% accuracy is not 100% accuracy.
