Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.promptguard.co/llms.txt

Use this file to discover all available pages before exploring further.

There are two ways in. Pick the one that matches you:

Protect my own device

For an individual trying it out. Open the app, sign in, turn it on — about two minutes, no technical setup.

Roll it out to my company

For IT and security leaders. Push it to every employee’s device and watch all AI activity in one dashboard.

Protect your device

1

Install the app

Download PromptGuard and open the installer.
In private preview we send you the app directly — request access. Signed, one-click installers for macOS and Windows arrive at general availability.
2

Sign in

Click the PromptGuard shield in your menu bar, then Connect this device. Your browser opens, you sign in with your work account, and you’re returned automatically — no keys or codes to copy.
3

Turn on protection

Click Turn on protection. You’ll be asked once to approve the secure inspection certificate. After that it runs quietly in the background.
4

You're protected

The shield reads “You’re protected.” That’s it — keep working in ChatGPT, Claude, and the rest, exactly as you do today.

See it work

In ChatGPT (or Claude), try these and watch what happens:
Type thisWhat happens
“What is the capital of France?”Allowed — answers normally
“Add this contact: Bob Smith, phone 415-555-0142.”Redacted — the phone number is masked before it’s sent
“Here is my AWS key AKIAIOSFODNN7EXAMPLE”Blocked — it never leaves your machine
Click the shield → Activity to see every decision, why it was made, and a one-click way to copy a safe version of anything that was blocked.

Deploy to your company

You don’t install Shadow AI machine-by-machine. An admin rolls it out once and manages the whole fleet from the dashboard:
1

Create an enrollment token

In the dashboard, go to Fleet → Enrollment Tokens. This one token enrolls as many devices as you allow.
2

Push it to your devices

Deploy the app through your existing MDM (Jamf, Intune, Kandji, …) with the token. Employees get protection with zero action on their part — no sign-in prompt, no certificate click.
3

Watch everything in one place

Every block, redaction, and allowed prompt — across browser and desktop — rolls up to your dashboard, attributable per employee, revocable per device.

Full fleet rollout guide

Tokens, per-device credentials, attribution, and instant revocation.

Turn it off

Click the shield → Turn off protection (or, while paused, it resumes automatically). Uninstalling the app removes the certificate and all local data.
For automated or headless rollouts, the agent ships a CLI. From the unpacked bundle:
./install.sh
pgshadow init --api-key pg_live_xxxxx --cloud   # guided: login, start, trust cert, verify
pgshadow doctor                                 # confirm engine + cert + proxy are healthy
Managed fleets enroll with a token instead of a key:
pgshadow enroll <token> && pgshadow init
See the Desktop Agent reference for every command, coverage details, and deployment tiers.