Local-first architecture
fAIrewall is built around processing on the user's device. Its role is to inspect and minimize sensitive content before submission, instead of routing prompts through a hosted third-party gateway.
Pre-send minimization
The product focuses on reducing exposure before a prompt is sent. That makes minimization the first line of defense, rather than relying only on downstream provider settings or post-submission controls.
Policy-driven protection
Different workflows require different protection levels. fAIrewall is designed to support policy-based behavior so users and teams can align protection with operational needs and risk tolerance.
Local audit visibility
Where audit features are enabled, visibility is designed to stay local and support internal review, accountability, and evidence workflows without turning the product into another cloud logging system.
Stricter behavior when needed
Some environments prioritize convenience. Others require stronger guarantees. fAIrewall is designed to support stricter operational modes when silent fallback is not acceptable.
Consistency across AI tools
Many teams do not use just one AI tool. fAIrewall is designed to bring a more consistent control layer across major AI web apps, reducing fragmentation in everyday usage.
Current provider coverage
Current web support includes ChatGPT, Claude, Gemini, DeepSeek, and Copilot.
What fAIrewall is not
fAIrewall is not a model provider and not a hosted AI platform. It is a local control layer designed to help reduce sensitive data exposure before prompts are submitted.
Security boundaries
No security product works in isolation. Effective protection still depends on supported environments, correct configuration, and sound user practices. fAIrewall is designed to strengthen control before prompts are sent and to reduce avoidable exposure in real workflows.
Vulnerability Disclosure
If you discover a security vulnerability in fAIrewall, we encourage responsible disclosure. Please report it to security@fairewall.ai.
What to include: A description of the vulnerability, steps to reproduce, affected component (desktop app, extension, website), and any supporting evidence.
Our commitment: We aim to acknowledge reports within 48 hours and provide an initial assessment within 5 business days. We will keep you informed of progress and notify you when the issue is resolved.
Scope: This policy covers the fAIrewall desktop application, browser extension, and website (fairewall.ai). Third-party services and infrastructure are out of scope.
Safe harbor: We will not pursue legal action against researchers who report vulnerabilities in good faith, follow responsible disclosure practices, and do not access or modify other users' data.
Our security.txt is available at /.well-known/security.txt.