Privacy Comparison · January 2026

What Really Happens When You Upload Files to AI Tools?

We opened the Network Inspector and recorded exactly what ChatGPT, Claude, and PromptSafe send to servers. Here's what we found.

ChatGPT Requests
32+
Claude Requests
30+
PromptSafe Uploads
0

When you upload a document to an AI assistant, where does it actually go? We used the browser's Network Inspector to record exactly what three popular tools do with your files—and the difference is striking.

Full Transparency We're the makers of PromptSafe, so we have an obvious interest in this comparison. That's exactly why we're showing you the raw evidence: real screenshots from browser DevTools that you can replicate yourself. We believe in "trust, but verify"—and we've made verification as easy as pressing F12. (New to DevTools? Here's our beginner-friendly guide on using the Network Inspector.)

The Test

We uploaded the same receipt image to three different tools with the prompt "Help me analyse this receipt" and recorded the network activity using Chrome DevTools with the Fetch/XHR filter enabled. This filter shows only data requests, excluding scripts and stylesheets.

How We Tested

1 Opened DevTools (F12) and navigated to the Network tab before loading each tool
2 Enabled the "Fetch/XHR" filter to isolate data requests
3 Cleared the network log, then uploaded the same receipt image to each service
4 Recorded the requests that appeared after the upload action

The Results

ChatGPT CLOUD PROCESSING
ChatGPT analyzing a receipt with Network Inspector showing 32 Fetch/XHR requests
! 32 Fetch/XHR requests recorded after uploading and analyzing a receipt image (112 total)
! process_upload_stream and finalize endpoints visible—your file transmitted to OpenAI servers
! files and conversation requests show server-side storage and AI processing
! 54.5 kB transferred—your receipt data processed entirely on OpenAI's infrastructure
Claude CLOUD PROCESSING
Claude analyzing a receipt with Network Inspector showing 30 Fetch/XHR requests
! 30 Fetch/XHR requests recorded after uploading and analyzing the same receipt image
! upload-file endpoint clearly visible—your file transmitted to Anthropic servers
! chat_conversations and completion requests show server-side AI processing
! 37.3 kB transferred—your receipt data processed entirely on Anthropic's infrastructure
PromptSafe LOCAL PROCESSING
PromptSafe Network Inspector showing 1 request - the AI model being downloaded, zero data uploads
Zero upload requests—the one request you see is the AI model being downloaded to your browser
The eng.traineddata.gz file (2.9 MB) is Tesseract's OCR model—it runs locally in your browser
Document text already extracted and visible in the interface—processed entirely on your device
Direction of data flow: AI comes to you, your data stays with you. The opposite of cloud AI.

Summary Comparison

Metric ChatGPT Claude PromptSafe
Fetch/XHR requests on upload 32+ 30+ 0 uploads
File sent to servers Yes Yes No
Works offline No No Yes
Data flow direction Your data → their servers Your data → their servers AI model → your browser
Processing location OpenAI servers Anthropic servers Your browser

Why This Matters

ChatGPT and Claude are incredibly powerful AI assistants—we use them ourselves. But when you upload a document to these services, that document travels to their servers, where it's processed and potentially stored according to their data policies.

For many use cases, that's perfectly fine. But for sensitive documents—client contracts, internal reports, confidential HR files, medical records—you might prefer a tool that never sends your data anywhere.

PromptSafe processes documents entirely in your browser using JavaScript and a local AI model that downloads once (~40MB) and runs on your device. Your files never leave your computer—a claim you can verify yourself in under 30 seconds.

A Note on Cloud AI Security

We want to be clear: this isn't an attack on ChatGPT or Claude's security practices. Both OpenAI and Anthropic have enterprise-grade security and clear data policies. The question isn't whether they handle your data responsibly—it's whether you want your data handled by anyone other than you.

Different tools serve different needs. Cloud AI offers capabilities that local processing simply can't match (yet). PromptSafe offers something they can't: verifiable, offline, zero-trust data handling for the sanitization step before you share with AI.

Frequently Asked Questions

The PromptSafe screenshot shows one network request. Isn't that data being sent?
Great catch—and this illustrates an important point about direction of data flow. That request (eng.traineddata.gz) is the AI model being downloaded to your browser, not your data being uploaded. Think of it like downloading an app vs. uploading a photo. The AI comes to you; your documents never leave. Once cached, PromptSafe works completely offline.
How can I replicate this test myself?
Press F12 to open DevTools, click the Network tab, enable the "Fetch/XHR" filter, clear the log, then upload a document. Watch what appears. Our complete guide walks through the process step by step.
What does PromptSafe actually do?
PromptSafe detects and anonymizes sensitive information (names, emails, phone numbers, addresses, etc.) in documents before you share them with AI tools. It replaces real data with realistic placeholders, and can restore the original data after you get your AI response—all without your content ever leaving your browser.
If PromptSafe is local, how does its AI work?
PromptSafe uses a small (~40MB) AI model that runs directly in your browser via WebAssembly. It downloads once on first use and is cached for future visits. This model handles smart detection of entities like names and organizations—no cloud required.

See For Yourself

Don't take our word for it. Open DevTools, try PromptSafe, and watch the Network tab stay empty.

Try PromptSafe Free Learn to Verify Privacy