Security & Privacy

Names never leave your school. Only tokens cross the wire.

That's the entire product, distilled. Everything below is the proof.

The shape of the problem

Faculty, staff, and administrators are already using ChatGPT. Whether your district has an AI policy or not, every day someone is pasting a student's name into a chatbot to ask for an IEP draft, a parent email, a behavior plan, a lesson tweak, a board memo, a vendor reply.

The data went to OpenAI. There is no policy you can write that will undo that. The question is no longer "how do we stop it?" — the question is "how do we make it safe by default?"

What ShroudFox does

ShroudFox is a privacy gateway between your school's users and the AI. Three things happen, in this order, every time someone hits send:

Detect. A privacy model in the user's browser identifies every piece of PII in the prompt: names, emails, phone numbers, addresses, student IDs, dates of birth — anything that points to a person.
Tokenize. Each piece of PII is swapped for a token like [[PERSON_1]]. The token-to-real-value mapping is saved in an encrypted vault that lives only in the user's browser, isolated from other websites by the browser's origin policy.
Send. The tokenized text — and only the tokenized text — goes to the AI provider the user chose (OpenAI, Anthropic, or Google). When the reply comes back, the user's browser swaps the tokens for the real values locally, before anything is displayed.

The AI sees "Please draft an IEP update for [[PERSON_1]] focused on [[SUBJECT_1]] support". It never sees the student's name. ShroudFox's own servers never see the student's name. The mapping never leaves the device.

Verify it in under a minute

Don't take our word for any of the above. Here are three ways to confirm it yourself.

🔍

Browser DevTools — 30s

While a user is signed in: Right-click → Inspect → Network tab → send a message → click the /api/chat request → view payload. The bytes that left the browser are right there. The student's name is not in them.

✈️

Airplane-mode test — 60s

Sign in, wait for the privacy model to load, then turn off Wi-Fi. Type a message containing a real name. The names still become tokens. The detection has nothing to phone home to — it runs entirely on the device.

📄

Read the code

The browser-side detection pipeline, tokenizer, and vault are in cloud/static/lib/ of our public repository. A few hundred lines of well-commented JavaScript.

What ShroudFox's servers do see

Now that we've said everything ShroudFox does not see, here's what it does:

Tokenized text — the conversation with all PII replaced. Stored so users can pick up a conversation on a different device, but only when the local vault is loaded; without the vault, the stored history is uninterpretable.
Account records — email, hashed password (PBKDF2, 600,000 rounds, per-user salt), active flag.
Request metadata — timestamps, status codes, account identifier. No conversation content.

Compliance posture

SOC 2 Type II

In audit. Type I readiness work began in 2026; Type II audit targeted Q4 2026.

FERPA

School official exception, 34 CFR § 99.31(a)(1). Full one-pager attachable to RFPs.

COPPA

Covered for incidental data; under-13 direct-user configurations on request.

CCPA / CPRA

Honored. California users have access and deletion rights through the admin panel.

State student-data laws

DPA incorporates SDPC/NDPA standard clauses. Will sign NY Ed Law 2-d, IL SOPPA, CT, CO, and 15+ state addenda without redlines on FERPA clauses.

1EdTech TrustEd Apps

Application planned for 2026.

What ShroudFox does not claim

A privacy tool that overstates itself is more dangerous than no tool at all.

The model is not perfect. No PII detector is. The browser-side model achieves >99% recall on K-12-relevant entities in our internal testing, but rare names or unusual formats can slip through. The Side-by-side view inside the product lets the user see exactly what is about to be sent before they click send.
A user can still leak data outside ShroudFox. If staff paste student data into ChatGPT directly in another tab, ShroudFox is not in that flow.
The vault is on the device, and its encryption protects only certain threats. AES-256-GCM at-rest protects against raw disk-level access and cross-origin scripts. It does not protect against same-origin code — a malicious browser extension granted storage access, or an attacker who has compromised the user's browser session. Sign-out destroys the vault entirely.

Want a deeper conversation?

For IT directors and CISOs, we offer a 20-minute architecture walkthrough. For privacy officers and general counsel, the full FERPA one-pager is attached to your trial confirmation email — or write to compliance@shroudfox.io.

Start a 14-day trial Book a walkthrough