Our trajectory

From V1.0 to a sovereign European detection engine — every phase is gated by user feedback.

  1. V1.0

    Launch

  2. V1.0.1You are here

    GDPR robustness

  3. V1.0.2

    Extended crypto

  4. V1.0.3

    Performance polish

  5. V1.5

    Discovery validation

  6. V2

    File attachments

  7. V3+

    Multi-jurisdiction

Public roadmap

SafePrompt already covers 22 secret types and 8 strict categories of personal data. Here is what is currently being built and what comes next. You see exactly what is not yet covered — transparency is our compass.

V1.0 — Launch

May 2026 · shipped

✓ Live

First public release. Chrome + Firefox extension, 100% local processing, team dashboard, Solo / Starter / Business plans.

  • WebExtensions Manifest V3 (Chrome, Firefox)
  • 7 supported LLM platforms: ChatGPT, Claude, Gemini, Qwen, DeepSeek, OpenRouter, Mistral Le Chat
  • 100% local detection engine: regex pipeline + deterministic validators
  • 22 secret types blocked (AWS, GitHub, OpenAI, Anthropic, Stripe, GCP, Azure, JWT, etc.)
  • 8 strict PII tokenised: EMAIL, PHONE, IBAN (mod97), credit card (Luhn), IPv4/v6, FR NIR, SIREN, SIRET
  • Silent 14-day Audit mode + Automatic masking mode
  • Bilingual team dashboard FR+EN with Tenant Anonymization Mode
  • Plans Solo Free / Solo €5 / Starter €12/seat / Business €8/seat — strictly EU hosting

V1.0.1 — GDPR robustness

May 2026 · shipped

✓ Live

First major hotfix after launch. New French entity class (banking + person + addresses) covering disassembled bank account info and partial banking details.

  • French disassembled bank account (RIB): bank code + branch code + account number + key detected together
  • BIC/SWIFT (ISO 9362): worldwide standard interbank code
  • Contextual banking entities: FR account number, FR bank code, FR postal code (with city context)
  • French name detection: regex + INSEE first-name dictionary
  • French address detection: number + street + postal code + city
  • "Partial detection — see limits" badge in the extension popup (transparency on what is not yet covered)

V1.0.2 — Verbalisation

June 2026

⌛ In progress

Covers cases where the user describes sensitive data without pasting it directly ("my key starts with AKIA...").

  • Verbalised secret detection (partial or contextual descriptions)
  • "Force re-authentication" button in the popup for accounts after subscription changes
  • Hardened heuristics for fragmentation patterns (invisible characters, intentional line breaks)
  • Extended detection-rating telemetry (quality signal for false-positive triage)

V1.0.3 — Extended coverage

Q3 2026

Planned

Extends detection beyond the French/European context and covers common obfuscation techniques.

  • International postal addresses: UK (post code), US (ZIP + state), DE (PLZ), etc.
  • Encoded content: base64, hex, ROT13, URL-encoded — detection before tokenisation
  • Unicode lookalike characters (anti-substitution Cyrillic / Greek / mathematical to bypass regex)
  • Entities split across multiple lines (IBAN cut in two lines, card number in four separated blocks)

V1.5 — Multilingual PERSON detection

Q1 2027 — pending V1.0.x market validation

Planned

Quality jump: proper-name detection via local AI (Chrome Built-in AI + Transformers.js), multilingual, no server calls.

  • Three-tier hybrid cascade: Chrome Built-in AI (Gemini Nano) → Transformers.js (DistilBERT NER) → heuristic dictionary
  • Multilingual: FR, EN + 8 additional European languages
  • Zero server: everything runs in the browser, consistent with our 100% local guarantee
  • Auditor RBAC role: read-only for DPO / CISO without admin rights
  • Member self-view toggle: each member can see their own protection stats

V2 — Enterprise plan

Late 2027

Planned

Unlocks 50+ seat deployments and large-enterprise IT/security requirements.

  • SSO / SAML: Okta, Azure AD, Google Workspace SAML — unlocks the Business 50-500 tier
  • Automatic SCIM provisioning (create / remove / update accounts via directory)
  • Attachment parsing before upload: PDF, Excel, Word — covers the remaining ~20% of Shadow AI
  • Extended PII detection: Spain, Germany, Portugal (locale-aware regex + validators)
  • Custom rules per tenant: tenant-specific regex and entities via dashboard UI
  • Event webhooks: real-time Slack/Teams alert when a secret is intercepted
  • Downloadable SOC2-ready audit log: compliance-audit ready

V3+ — Long-term vision

2028+

Vision

Our vision for SafePrompt beyond the browser — covering AI usage across the whole organisation, wherever sensitive data flows toward an LLM.

  • CLI / Python + Node SDK: redact secrets in CI/CD pipelines, scripts, logs
  • OCR on uploaded images: screenshot of an email containing personal data
  • Non-EU expansion: USD/GBP, CCPA (California), UK GDPR, LGPD (Brazil) compliance
  • Self-hosted on-premise: Enterprise tier for IT departments refusing any external SaaS
  • Network gateway proxy mode: alternative to the extension for tightly-managed OSes
  • Autonomous AI agent integrations: LangChain, AutoGPT, CrewAI via SDK
  • Research: partial homomorphic encryption, WebLLM/WebGPU for advanced NER detection