Skip to main content

PII Tracking in Swif’s Browser Extension

Updated today

This article explains how Swif tracks Personally Identifiable Information (PII) using:

  • Admin‑configurable PII tracking rules

  • Swif’s browser extension on managed devices

  • PII reporting dashboards for security and compliance teams

It’s based on the PII tracking feature set implemented across:

  • Team PII tracking rules (admin settings)

  • Browser extension PII detection and event reporting

  • PII tracking reporting dashboard

No internal engineering ticket links are required to use this feature.

1. What PII Tracking Does

PII tracking helps you answer:

  • Which employees are entering PII into AI tools or web apps?

  • Which apps are involved (e.g., ChatGPT, Gemini, internal AI tools)?

  • What kinds of PII were detected (email, phone, names, etc.)—without exposing full raw text?

At a high level:

  1. Admins configure which apps and users are in scope for PII tracking.

  2. On MDM‑enrolled devices, Swif’s browser extension silently monitors configured apps for:

    • Prompt text submissions

    • File uploads (e.g., PDFs, docs)

  3. When PII is detected, the extension reports an event to Swif’s backend.

  4. Admins review PII events and trends in the PII reporting dashboard.

For background on how the extension and MDM agent work together, see:
How Swif’s Browser Extension Works With the MDM Agent | Help Center | Swif.ai

For privacy architecture details, see:
Browser Extension Security and Privacy in Swif | Help Center | Swif.ai

2. Requirements and Scope

PII tracking is designed for MDM‑enrolled devices:

  • On MDM‑enrolled devices, PII monitoring can run without employees logging into the extension.

  • On non‑MDM devices, PII monitoring is inactive even if the extension is installed.

From the perspective of end users:

  • PII monitoring is silent—no prompts, banners, or pop‑ups.

  • Events are only visible to admins in Insights and PII dashboards.

From the perspective of admins:

  • You define which apps to monitor and for which user groups.

  • You can see PII events at the org, team, and employee level.

  • You can drill into redacted details to understand the risk without exposing raw content.

3. Admin Settings: Configure PII Tracking Rules

PII tracking is controlled from team settings in the web app.

3.1 Where to Configure

  1. Go to your Swif admin console.

  2. Navigate to: Settings → Teams → Shadow IT → PII Tracking (wording may vary slightly).

  3. Open the PII tracking rules section.

This screen allows you to:

  • Turn PII tracking on/off for a team.

  • Create and manage PII rules that control which apps and interactions are monitored.

3.2 Global “Enable PII Tracking” Toggle

At the top of the PII tracking settings, there is a global toggle:

  • Enabled – PII tracking rules for the team are active. The browser extension will evaluate events for apps covered by these rules.

  • Disabled – No PII monitoring will run for that team, even if rules are configured. Rules are preserved but inactive.

Toggling this does not delete your rules; it simply enables or disables enforcement.

3.3 PII Tracking Rules

Each rule defines where and what is tracked. A typical configuration includes:

  • User groups – Which employees or groups the rule applies to (e.g., “Engineering”, “Sales”, “All employees”).

  • Shadow IT / target apps – Which web apps or domains are in scope (e.g., ChatGPT, Gemini, Claude, internal AI tools).

  • Inspection scope – Whether to monitor:

    • Prompts (text entered into inputs, chat boxes, etc.)

    • File uploads (e.g., PDFs, docs, spreadsheets)

  • Rule state – Whether the rule is currently enabled or disabled.

Under the hood, these rules tell the backend whether a given app and device combination should be treated as “PII‑tracked” for the browser extension.

3.4 Common Configuration Patterns

Some common patterns:

  • AI tools only

    • User groups: “All employees”

    • Apps: Known AI tools (e.g., chatbots, copilots)

    • Inspection scope: Prompts and PDF uploads

  • High‑risk teams only

    • User groups: “R&D”, “Finance”, “Legal”

    • Apps: Selected AI / document tools

    • Inspection scope: Typically prompts + uploads

  • Pilot rollout

    • User groups: A test group

    • Apps: 1–2 AI apps

    • Inspection scope: Prompts only

You can add, edit, disable, and delete rules as your policy evolves.

4. How the Browser Extension Tracks PII

Once PII tracking rules are in place, Swif’s browser extension runs PII monitoring on MDM‑enrolled devices.

For the extension/MDM relationship, see:
How Swif’s Browser Extension Works With the MDM Agent | Help Center | Swif.ai

4.1 When Monitoring Is Active

PII monitoring runs when all of the following are true:

  1. The device is enrolled and managed by Swif MDM.

  2. The extension is installed and active in the browser.

  3. The user is on a web app/domain that matches a configured PII rule.

  4. The rule is enabled, and global PII tracking for the team is enabled.

In this state, the extension silently monitors:

  • Prompt submissions: text entered into chat boxes, forms, or inputs.

  • File uploads: uploading documents where upload tracking is enabled.

4.2 What the Extension Detects

On qualifying pages, the extension:

  1. Detects app context

    • Identifies which web app / domain the user is interacting with.

    • Uses this to determine whether the app is covered by a PII rule for that device.

  2. Monitors user interactions

    • Text typed into:

      • Textareas

      • Text inputs

      • Contenteditable fields

      • Elements with role=textbox

    • Submission events such as:

      • Form submit

      • Button clicks

      • Enter‑key submission

    • File uploads via:

      • Standard file input fields

      • Drag‑and‑drop upload targets

  3. Pre‑filters events locally

    • Ignores very short or trivial strings.

    • Debounces rapid repeat submissions.

    • Deduplicates similar events to avoid noise.

  4. Reports PII events

    • When an interaction on a tracked app qualifies, the extension sends an event to Swif’s backend for PII evaluation and storage.

    • For file uploads, the extension may upload the file to a secure storage location using a presigned URL, then report a PII event linked to that file.

4.3 Silent Monitoring

From the end‑user perspective:

  • There is no real‑time banner, modal, or “are you sure?” confirmation for PII.

  • Browsing and prompts behave normally.

  • Uploads may be blocked if you also enable upload restrictions, but that is a separate policy surfaced via a full‑screen overlay (see the MDM article).

Admins can see events in Insights/PII dashboards; employees do not see PII‑specific UI in their day‑to‑day browsing.

4.4 Privacy and Data Handling

PII tracking is built on Swif’s privacy‑first architecture, described in:
Browser Extension Security and Privacy in Swif | Help Center | Swif.ai

Key points:

  • Local‑first: Detection logic runs primarily in the browser.

  • Minimal data exposure: Only what is needed to identify and classify events is sent.

  • PII protection:

    • Sensitive data is processed via local or self‑hosted systems.

    • Stored data is redacted wherever possible (e.g., showing <EMAIL_ADDRESS> rather than the full address).

    • Monitoring is limited to apps you explicitly configure.

Admins can further control:

  • Which features are enabled (including any LLM‑enhanced detection).

  • Which applications are monitored.

  • Which roles can see detailed PII reports.

5. Viewing PII Events in Insights

Once events are being reported, you can review them in the PII reporting dashboard.

5.1 PII Tracking Dashboard Entry Point

In your admin console:

  1. Go to your Insights or Shadow IT / PII area.

  2. Open the PII Tracking Reporting Dashboard.

Depending on configuration:

  • If no PII tracking rules are configured, you’ll see a “Not Configured” state explaining PII tracking and a Set up PII tracking button that links directly to the PII rules screen.

  • If rules exist and events have been generated, you’ll see an overview of PII activity across your organization and teams.

5.2 Org‑Level vs Team‑Level Counts

The dashboard generally distinguishes between:

  • Organization‑wide count of PII events detected (all teams and rules).

  • Team‑level counts represented on employee or team cards.

It’s expected that the top‑level number (org) and per‑team/employee numbers do not match exactly, because they reflect different scopes.

5.3 Employee Cards and Drill‑Down

On a configured and active deployment, the dashboard shows employee cards, each summarizing:

  • Employee name (and often email or identifier)

  • Total PII events detected

  • Breakdown between:

    • PII prompt events

    • PII file upload events (where supported)

Clicking an employee card opens the Employee PII Event Detail Report for that person.

6. Employee PII Event Detail Report

The Employee PII Event Detail page answers:

  • How many PII events were associated with this employee?

  • What types of PII activity occurred (prompts vs file uploads)?

  • Which rules and apps were involved?

6.1 Overview Section

At the top of the detail page you’ll typically see:

  • PII Prompt Events – Count of prompt‑based events where PII was detected.

  • PII PDF Upload Events – Count of upload‑based events where PII was detected in uploaded files.

  • Rule – The PII tracking rule that applied (e.g., “AI tools – Engineering”).

Hovering over the rule can show a tooltip listing which apps are covered by that rule. If there are many apps, you may see a subset plus a “View Rule” action that takes you back to the PII tracking configuration for that rule.

A “View employee profile” button allows you to jump directly to that employee’s main profile page in Swif.

6.2 Event List

Below the overview, a table or list of PII events includes columns such as:

  • Timestamp

  • Event type – Prompt vs PDF upload

  • App / domain – Where the event occurred

  • Rule – Which PII rule triggered tracking

  • Actions – Typically a “View details” link or button

Counts in the overview should line up with what you see in the event list for the selected time range.

7. Event Detail Modals (Redacted vs Revealed)

For each event, you can open a detail modal.

7.1 PII Prompt Event Details

For prompt‑based events, the details modal shows:

  • A redacted snippet of the prompt where PII tokens are replaced with placeholders (e.g., <EMAIL_ADDRESS>, <PERSON>).

  • A clear label indicating whether you are seeing a redacted or revealed view.

  • Information about what PII types were detected (e.g., email, phone, name).

Where supported by your configuration and role:

  • You can toggle between:

    • Redacted view – Default, safer view that hides literal values.

    • Revealed view – Shows the full snippet including PII, typically with warnings and restricted to appropriate admin roles.

The redacted view is designed so you can still understand context (“user pasted a customer list including emails and phone numbers”) without exposing full raw data.

7.2 PII PDF Upload Event Details

For file‑based events (e.g., PDF uploads):

  • The modal shows an extracted text snippet around the detected PII, not the full document.

  • PII tokens in that snippet are redacted by default.

  • Where supported, admins can toggle to a revealed view for deeper investigation.

This provides enough context to understand why an upload was risky (for example, containing full personal records) without indiscriminately exposing the entire file contents.

8. Roles and Access Control

PII data is highly sensitive, so access is limited:

  • Security / Shadow IT admins

    • Can access the PII dashboard and Employee PII Event Detail reports.

    • Typically can see redacted views by default.

    • May be allowed to reveal snippets depending on your organization’s policy.

  • Standard users / non‑admins

    • Do not see the PII tracking dashboard.

    • Cannot access PII event details, even via direct URL.

    • Do not see PII‑specific UI in the browser.

This aligns with Swif’s privacy‑first model described here:
Browser Extension Security and Privacy in Swif | Help Center | Swif.ai

9. Putting It All Together

End‑to‑end, the PII tracking flow is:

  1. Configure rules – In Settings → Teams → Shadow IT → PII Tracking, define:

    • Which user groups are covered

    • Which apps are monitored

    • Whether to monitor prompts, file uploads, or both

  2. Deploy extension on MDM devices – Ensure:

    • Devices are enrolled in Swif MDM

    • Swif’s browser extension is installed and active

  3. Monitor silently – On tracked apps:

    • The extension detects prompt submissions and file uploads

    • PII events are silently reported to the backend for evaluation and storage

  4. Review events – In the PII Tracking Reporting Dashboard:

    • See org‑level and team‑level PII event counts

    • Drill into Employee PII Event Detail reports

    • Open event detail modals with redacted (and, if allowed, revealed) snippets

  5. Iterate your policy – Use insights from the dashboard to:

    • Adjust which apps and teams are in scope

    • Strengthen training and acceptable‑use policies

    • Tune your PII tracking strategy over time

Related Articles
How Swif’s Browser Extension Works With the MDM Agent
How Swif’s Browser Extension Uses LLM for Intelligent Features
Browser Extension Security and Privacy in Swif
Sensitive App Prolonged Activity Tracking in Swif’s Browser Extension
File Upload Restriction in Swif’s Browser Extension
Did this answer your question?