> ## Documentation Index
> Fetch the complete documentation index at: https://docs.promptguard.co/llms.txt
> Use this file to discover all available pages before exploring further.

# Get Started

> Protect your team’s AI usage in a few clicks. No security expertise, no command line — open the app, sign in, done.

There are two ways in. Pick the one that matches you:

<CardGroup cols={2}>
  <Card title="Protect my own device" icon="laptop" href="#protect-your-device">
    For an individual trying it out. Open the app, sign in, turn it on — about
    two minutes, no technical setup.
  </Card>

  <Card title="Roll it out to my company" icon="building" href="#deploy-to-your-company">
    For IT and security leaders. Push it to every employee's device and watch
    all AI activity in one dashboard.
  </Card>
</CardGroup>

## Protect your device

<Steps>
  <Step title="Install the app">
    Download PromptGuard and open the installer.

    <Note>
      **macOS is generally available:** download the signed, notarized `.dmg`
      and run it — no special access needed.

      **Windows and Linux are in private preview** and still under active
      development. [Request access](mailto:support@promptguard.co) and we'll send
      you a build directly.
    </Note>
  </Step>

  <Step title="Sign in">
    Click the **PromptGuard shield** in your menu bar, then **Connect this
    device**. Your browser opens, you sign in with your work account, and you're
    returned automatically — no keys or codes to copy.
  </Step>

  <Step title="Turn on protection">
    Click **Turn on protection**. You'll be asked **once** to approve the secure
    inspection certificate. After that it runs quietly in the background.
  </Step>

  <Step title="You're protected">
    The shield reads **“You're protected.”** That's it — keep working in ChatGPT,
    Claude, and the rest, exactly as you do today.
  </Step>
</Steps>

### See it work

In ChatGPT (or Claude), try these and watch what happens:

| Type this                                          | What happens                                               |
| -------------------------------------------------- | ---------------------------------------------------------- |
| “What is the capital of France?”                   | **Allowed** — answers normally                             |
| “Add this contact: Bob Smith, phone 415-555-0142.” | **Redacted** — the phone number is masked before it's sent |
| “Here is my AWS key AKIAIOSFODNN7EXAMPLE”          | **Blocked** — it never leaves your machine                 |

Click the shield → **Activity** to see every decision, *why* it was made, and a
one-click way to copy a safe version of anything that was blocked.

## Deploy to your company

You don't install Shadow AI machine-by-machine. An admin rolls it out once and
manages the whole fleet from the dashboard:

<Steps>
  <Step title="Create an enrollment token">
    In the dashboard, go to **Fleet → Enrollment Tokens**. This one token enrolls
    as many devices as you allow.
  </Step>

  <Step title="Push it to your devices">
    Deploy the app through your existing MDM (Jamf, Intune, Kandji, …) with the
    token. Employees get protection **with zero action on their part** — no
    sign-in prompt, no certificate click.
  </Step>

  <Step title="Watch everything in one place">
    Every block, redaction, and allowed prompt — across browser and desktop —
    rolls up to your dashboard, attributable per employee, revocable per device.
  </Step>
</Steps>

<Card title="Full fleet rollout guide" icon="users" href="/shadow-ai/fleet-enrollment">
  Tokens, per-device credentials, attribution, and instant revocation.
</Card>

## Turn it off

Click the shield → **Turn off protection** (or, while paused, it resumes
automatically). Uninstalling the app removes the certificate and all local data.

***

<Accordion title="Advanced: install from the command line" icon="terminal">
  For automated or headless rollouts, the agent ships a CLI. From the unpacked
  bundle:

  ```bash theme={"system"}
  ./install.sh
  pgshadow init --api-key pg_live_xxxxx --cloud   # guided: login, start, trust cert, verify
  pgshadow doctor                                 # confirm engine + cert + proxy are healthy
  ```

  Managed fleets enroll with a token instead of a key:

  ```bash theme={"system"}
  pgshadow enroll <token> && pgshadow init
  ```

  See the [Desktop Agent reference](/shadow-ai/desktop-agent) for every command,
  coverage details, and deployment tiers.
</Accordion>
