XTOKENISER · 123chat.ai · last reviewed 2026-05-19
XTOKENISER redacts personal information from text inside your browser before it is sent to an AI service. The redaction logic runs as JavaScript on your device.
When you have set your own API key in Settings (or connected your own OpenRouter account), your redacted text is sent directly from your browser to your chosen AI provider — we operate no server-side content path. We never see your prompts or replies.
Free starter mode (the zero-setup default, used until you connect your own key) routes the already-redacted text through a server-side relay we operate, which then calls Anthropic Claude Haiku 4.5 on a pooled key we pay for. The relay only ever sees the redacted text — real names, real numbers, real client information are never sent through it. The relay does not retain the content of starter requests; only an IP-keyed daily counter (used for rate-limiting against abuse) and an aggregate token-cost meter (used for budget caps) are kept, and both reset at UTC midnight. Connect your own key and the relay is bypassed entirely; you never go through it again.
Our server delivers the static HTML and JavaScript of the application. It logs only blocked or probe requests (not normal usage), and only a timestamp, the path, the HTTP status, the user-agent, and an IP address truncated to its network prefix (e.g. 203.0.113.x). No prompts, responses, files, or API keys are logged.
For free starter mode only, the server additionally maintains in-memory counters (per-IP daily usage count, global daily aggregate token cost) used solely for rate-limiting and budget caps. These counters reset at UTC midnight and are not associated with any user identity beyond the IP itself. Starter request bodies (the redacted text) are forwarded to Anthropic in real time and not retained.
The application stores exactly three items in your browser's localStorage, and nothing else: (1) your settings — provider, model, system prompt, output mode, and, in cleartext, your API key and your Secure Document Share passphrase; (2) your custom redaction library; (3) a single preflight on/off toggle. Your conversation history is held in memory only and is not persisted. This data never leaves your browser unless you copy or export it. Clearing your browser data erases all of it.
Text, PDF, Word and Excel files are parsed entirely in your browser and are not transmitted to anyone. Images, audio and video are different: to extract their text, the original file is sent from your browser directly to OpenAI (Vision for images, Whisper for audio and video) using your own OpenAI API key, before redaction is applied. Only the returned text is then redacted. Do not drop an image, audio or video file you are not willing to send to OpenAI in its original, un-redacted form. This happens regardless of which provider you selected for chat.
The redacted version of your text prompts is sent directly from your browser to whichever AI provider you select in Settings (Anthropic, OpenAI, or Google) when you have set your own key, using your own API key for that provider. We are not party to that transmission; the relevant provider's own privacy policy governs it.
In free starter mode (until you connect your own key), the redacted text is relayed by our server to Anthropic on our pooled key as described in "What we do" above. Anthropic's privacy policy governs Anthropic's handling of the redacted text; the relay itself sees only the same redacted text, no real names or numbers, and retains no content.
Fonts are loaded from fonts.googleapis.com and fonts.gstatic.com; Google's privacy policy applies to those requests. We load no analytics, tracking, or advertising; our Content-Security-Policy actively blocks the analytics beacon Cloudflare would otherwise inject at the edge.
Files you explicitly export as an encrypted vault, and documents you share via the encrypted /decrypt link feature, are protected with PBKDF2-HMAC-SHA256 (600,000 iterations) deriving an AES-256-GCM key plus an HMAC-SHA256 integrity key. Your everyday in-browser data — settings (including your API key and Secure Document Share passphrase) and your redaction library — is stored unencrypted in localStorage, as is standard for a bring-your-own-key browser tool. Protect it with device security and clear it on shared machines.
We set no cookies. Cloudflare may set the __cf_bm cookie for bot-management purposes; you can read about that on Cloudflare's privacy page.
GDPR, CCPA, and the Australian Privacy Act 1988 all grant rights to inspect, correct, port, or delete personal data held about you. Because we do not collect personal data on our server (your prompts never reach us), there is nothing for us to provide, correct, or delete on your behalf. For data held by your chosen AI provider, contact that provider directly.
Responsible disclosure: security@xfactorai.com. See also /.well-known/security.txt.
123chat.ai is operated by XFactorAI Inc, a company incorporated in the Republic of Vanuatu ("XFactorAI", "we", "us"). Contact: info@xfactorai.com · security disclosures: security@xfactorai.com.
These terms and this privacy policy, and any non-contractual obligations arising out of or in connection with them, are governed by the laws of the Republic of Vanuatu, and the courts of Vanuatu have non-exclusive jurisdiction. Nothing in this clause limits any rights you have under the mandatory consumer-protection or data-privacy laws of your own country of residence that cannot be excluded by agreement — for example, for Australian users, the Australian Consumer Law and the Privacy Act 1988 (Cth); for users in the EU/UK, applicable data-protection law.