How it works Features Compliance Pricing FAQ Blog Sign in Try Zelkir for FREE
Built for SMEs  ·  No IT team needed  ·  From $0/month

The AI Governance Platform
that keeps your team safe.

The AI governance tool built for teams of 5 to 100. Any compliance officer, HR lead, or operations manager can be up and running in under 15 minutes — no IT department required.

Try Zelkir for FREE See how it works
Free plan available No IT department needed No credit card required
GDPR Ready HIPAA Ready CCPA Ready Privacy-first — 0 bytes stored
Download Zelkir Chrome Web Store
Download Zelkir Edge Add-ons
EHR System
Patient Records
Billing Data
ChatGPT
Gemini
Copilot
🛡️
Zelkir
ACTIVE PROTECTION
patient_records.csv
SSN detected
billing_Q4.xlsx
PHI matched
medical_notes.pdf
Blocked ✕
0
BLOCKED
0
WARNED
0
LOGGED
Event Stream
LIVE
9+
AI tools monitored out of the box
<15min
Setup time — no IT team required
3hrs
Saved per compliance audit on average
0
Bytes of raw prompt text ever stored

Monitors all major AI tools out of the box

ChatGPTChatGPT ClaudeClaude GeminiGemini CopilotMicrosoft Copilot GitHub CopilotGitHub Copilot PerplexityPerplexity NotionNotion AI GrammarlyGrammarly HuggingFaceHuggingChat Heidi AIHeidi AI

Trusted by compliance-conscious teams across Europe & North America

MHMedTech Healthcare
LELegalEdge Partners
ACAccuCount Group
FSFinServ Advisors
OPOpsFlow Consulting
TGTechGuard Solutions
HRHR Innovations
CXComplianceXpert

Built for compliance-conscious teams in

The problem

Shadow AI is your next compliance crisis

Employees are already using AI tools — with or without your approval. The question is whether you know about it.

83%

of employees use unsanctioned AI tools

The average knowledge worker now uses 3–4 AI tools their IT team has never approved. Customer data, financials, and source code go in. No one knows what comes out.

€20M

maximum GDPR fine for data breaches

Regulators treat AI tool exposure the same as any other data breach. "We didn't know" is not a defence — documented controls are. Zelkir gives you the evidence trail.

4 hrs

average time to prepare a compliance audit

With Zelkir, your compliance report is one click. Without it, your team spends days manually reconstructing what happened — if they can reconstruct it at all.

How it works

Governance in three steps

Deploy in under five minutes. No IT team, no VPN, no proxy.

01

Install the browser extension

Employees install the Zelkir extension in one click from the Chrome Web Store or Microsoft Edge Add-ons — or you can push it to your whole organisation via Google Workspace or Microsoft Intune. No device management, no VPN, no proxy. All classification runs locally in the browser.

02

Configure your policies

Choose which data categories to monitor per AI tool — log silently, show employees a warning, or block the submission entirely. Changes take effect in under 30 seconds.

03

Monitor, audit, report

View real-time risk scores, event logs, and top contributors on your dashboard. Generate one-click PDF compliance reports for GDPR, HIPAA, and CCPA audits.

See it in action

What Zelkir catches in real time

Three of the most common ways sensitive data leaks to AI tools — and exactly how Zelkir stops it.

1

Employee drafts a prompt

A healthcare admin pastes a patient record into ChatGPT to help draft a letter — names, DOB, and diagnosis included.

2

Zelkir classifies locally

Before the prompt submits, the extension detects Protected Health Information (PHI). The classification runs entirely in the browser — no data leaves the device.

3

Submission blocked + admin alerted

The employee sees a "Blocked — PHI detected" overlay. You receive an instant Slack alert. The event is logged with category, risk level, and timestamp for your HIPAA audit trail.

1

Developer pastes proprietary code

An engineer copies a critical authentication module into Claude to ask for a refactor — including internal API endpoints and environment variable names.

2

Zelkir detects source code category

The extension flags the submission as SOURCE_CODE (Medium risk) and checks your policy: "Warn on source code in external AI tools."

3

Developer warned before submitting

A warning overlay appears asking the employee to confirm before proceeding. The event is logged whether they continue or cancel — giving you full visibility either way.

1

Employee pastes a config file

A product manager copies a config snippet into Gemini to ask for help debugging — the snippet contains a live AWS access key and secret.

2

Zelkir flags CREDENTIALS (Critical)

The classifier detects the credential pattern instantly. Your policy is set to "Block on Critical risk events across all AI tools."

3

Submission blocked — you're notified immediately

The prompt never reaches Gemini. You get an email and Slack alert within seconds. The CISO can act before any data exposure occurs.

Features

Enterprise-grade protection at SME pricing

Everything your compliance team needs to govern AI tool usage — without a six-figure implementation project.

🔍

Client-side classification

Raw prompt text never leaves the browser. Only metadata — category, risk level, AI tool domain, timestamp — is transmitted. Your employees' words stay private.

Real-time enforcement

Configurable warn and block overlays fire at submission time. Policies update across all browsers within 30 seconds of a change in the admin dashboard.

📈

Risk dashboard

Organisation-wide risk score, 14-day event timelines, top risk contributors, and AI tool usage breakdown — all updated in real time, no BI tool required.

📄

One-click compliance reports

Generate audit-ready PDF reports mapped to GDPR, HIPAA, and CCPA controls. Each report includes an evidence log, compliance score, and remediation guidance.

🔔

Instant alerts

Receive Slack and email alerts the moment a high-risk event fires. Stop learning about data exposure incidents during an audit — catch them in real time.

👥

Team management

Invite colleagues, assign admin or viewer roles, and view AI usage broken down by employee. One shared API key is all the extension needs.

Why Zelkir

The smarter alternative

Blocking AI tools kills productivity. Legacy DLP tools weren't built for this. Zelkir was.

← Swipe to compare →

Legacy DLP Blocking AI tools Zelkir ✓
Setup time Weeks to months Minutes (but…) Under 15 minutes
Reads employee prompts Yes — full content N/A Never — local only
Employee productivity impact High friction Kills AI productivity Minimal — smart warnings
GDPR / HIPAA audit reports Manual, expensive Not available One-click PDF
IT involvement required Yes — full project Some None
Price for 25 users $$$$ / year $0 — but lost value $79 / month

Compliance frameworks

Stay audit-ready across every major regulation

Zelkir maps your AI usage events to the specific articles and controls that matter to your auditors.

GDPR

EU General Data Protection Regulation

Monitor for personal data categories — names, emails, health data — being entered into AI tools and demonstrate Article 32 technical controls to your DPO.

Article 5 Article 32 Article 35 DPIA

HIPAA

Health Insurance Portability & Accountability Act

Detect Protected Health Information (PHI) before it reaches consumer AI tools. Zelkir generates audit evidence your compliance officer can present to assessors.

§164.312 Technical §164.308 Admin

CCPA

California Consumer Privacy Act

Identify consumer personal information flowing into third-party AI tools and demonstrate data minimisation and access controls to California regulators.

§1798.100 §1798.150

Customer stories

Real results from real teams

What compliance officers, IT leads, and ops managers say after their first month.

20 min
to first audit-ready GDPR report

"We had our first GDPR compliance report ready for the DPO in 20 minutes. I'd spent three weeks trying to piece together the same evidence manually before that."

Head of IT Compliance — European Professional Services Firm
0 leaks
source code reached an AI provider

"Zelkir flagged a developer pasting our auth module into Claude within seconds. Without it, that code would have gone straight to Anthropic's servers. Now I sleep better."

CTO — 40-person SaaS company, UK
90%
reduction in compliance reporting time

"I run AI governance for three healthcare clients. Zelkir cut my reporting from a full day's work to under 30 minutes. The HIPAA PDF alone is worth the subscription."

Compliance Consultant — Healthcare Sector, Netherlands

Pricing

Simple, transparent pricing

14-day free trial on every plan. No credit card required. Cancel anytime.

Free

$0 /mo

Up to 3 users  ·  500 events/month

  • Chrome & Edge extension monitoring
  • Real-time dashboard
  • Basic event log
  • Email alerts
Try Zelkir for FREE
Most popular

Starter

$79 /mo

Up to 25 users  ·  10,000 events/month

  • Everything in Free
  • GDPR, HIPAA & CCPA reports
  • Policy builder (warn & block)
  • Slack & email alerts
  • Team management
Try Zelkir for FREE

Pro

$199 /mo

Up to 100 users  ·  100,000 events/month

  • Everything in Starter
  • S3 report archive (90 days)
  • API access
  • Priority support
  • Custom data categories
Try Zelkir for FREE

FAQ

Frequently asked questions

Everything you need to know before you start your trial.

Which AI tools does Zelkir monitor?
Zelkir monitors all major AI tools out of the box: ChatGPT, Claude, Google Gemini, Microsoft Copilot, GitHub Copilot, Perplexity, Notion AI, Grammarly, HuggingChat, and Heidi AI. The Chrome and Edge extension activates automatically on each platform — no per-tool configuration required.
What types of sensitive data can Zelkir detect?
Zelkir's client-side classifier detects 11 data categories across four risk levels:

Critical — Social Security Numbers, payment card numbers, passwords & API keys
High — Protected Health Information (PHI), email addresses, financial data (IBANs, account numbers, payroll), legal & NDA content
Medium — Phone numbers, source code, strategic business data (revenue, M&A, roadmaps), physical addresses

All classification runs locally in the browser — no prompt text is ever sent to Zelkir's servers.
How do policies work? Can I customise them per tool?
Yes. In the Policies section of your admin dashboard you can create rules scoped to a specific AI tool (e.g. "only on ChatGPT") or applied globally. For each policy you choose:

Sensitivity threshold — trigger on Any, Low+, Medium+, or High-only events
Action — Log silently, show the employee a Warning, Block the submission entirely, email you immediately, or post a Slack alert
Active/Inactive toggle — pause a policy without deleting it

Policies sync to all browser extensions within 30 seconds of saving.
Will my employees feel like they're being spied on?
No. Zelkir never reads or stores what employees type — not a single character of prompt text leaves the browser. The extension only detects the category of sensitive data (e.g. "this looks like a credit card number") and logs that a risk event occurred. Each employee also has a personal monitoring level they can set — Standard (follows org policy), Strict (more cautious), or Off (log only, no overlays). Think of it less like surveillance and more like a seatbelt: it protects everyone without getting in the way.
Can I get real-time alerts when something goes wrong?
Yes — on any policy you can enable Email Admin (instant email to the org admin) and/or Slack Alert (posts to your Slack channel immediately). Zelkir also sends automatic consolidated alerts for all HIGH and CRITICAL risk events. Connect your Slack workspace in Settings → Slack Alerts in under two minutes.
Is there a free plan? What's the catch?
Yes — genuinely free, forever. Up to 3 users, 500 events per month, and a full real-time risk dashboard. No credit card required, no time limit. The catch? Once you see how much AI activity your team generates, you'll want the one-click GDPR/HIPAA/CCPA compliance reports, CSV export, and Slack alerts that come with the paid plans.
Do I need to be a compliance or IT expert to set this up?
Not at all. The onboarding takes five steps: name your organisation, copy your API key, install the Chrome or Edge extension, pick a starter policy template (Log Only, Warn on PII, or Block Credentials), and optionally connect Slack. The whole thing takes under 15 minutes with no IT department, no VPN, and no network changes. Plain-English risk scores and one-click audit reports mean your compliance officer or operations manager can run the tool independently.
Is Zelkir itself GDPR-compliant? Where is our data stored?
Yes. Zelkir acts as a data processor under GDPR and processes only event metadata — never prompt content. All data is stored on servers within the EU. We sign a standard Data Processing Agreement (DPA) on request. Our infrastructure is hosted on Railway with encrypted storage and transit (TLS 1.2+). No raw prompt text, no employee conversation content, no browsing history is ever collected.
What happens if an employee tries to disable or remove the extension?
If an employee removes the extension, monitoring simply stops for their browser — Zelkir will flag the gap as a period of "no activity" on their profile in the dashboard. You can set an alert to notify you if a user's extension goes dark for more than a configurable period. For managed devices, IT admins can force-install the extension via Chrome policy so it cannot be removed by end users.
How are employees told that monitoring is in place?
Zelkir is designed for transparent governance, not covert surveillance. We recommend informing employees during onboarding — we provide a sample employee communication template you can send on day one. The extension icon is visible in the browser toolbar, and employees can always see their own monitoring level (Standard, Strict, or Log Only) in the extension popup. Transparency builds trust and actually reduces risky behaviour.
Can I trial Zelkir with just a few people before rolling it out company-wide?
Absolutely — that's how most teams start. The Free plan supports up to 3 users indefinitely, so you can run a pilot with yourself and two colleagues at zero cost. When you're ready to expand, upgrading takes one click and your existing data, policies, and settings carry over. No re-configuration, no data migration, no downtime.
Does Zelkir work on Windows, Mac, and Linux?
Yes — Zelkir is a Chrome browser extension, so it works on any operating system that runs Chrome or Chromium-based browsers (Chrome, Brave, Edge). It does not require any software installed at the OS level, which means no IT department involvement and no endpoint management changes. Support for Firefox is on the roadmap.

Start protecting your team today

No credit card, no IT project, no contract. Up and running in 15 minutes.

Try Zelkir for FREE

14-day free trial  ·  No credit card required  ·  Cancel anytime