Why file-type support matters before AI upload
AI upload privacy is not only about whether a site accepts a file. The important question is what the file can reveal once it leaves your device.
A copied prompt can expose customer names, emails, phone numbers, addresses, account numbers, API keys, authentication tokens, internal URLs, or private business context. A screenshot can expose the same details inside pixels. A photo can look harmless while carrying GPS coordinates, capture time, camera model, software history, copyright data, or AI image-generation workflow metadata. A PDF or DOCX file can include visible text plus hidden document properties, author fields, comments, tracked-change signals, custom properties, and package relationships.
Freshmii’s supported file types and privacy fields table gives each workflow a clearer job. It tells you whether to scan text, inspect metadata, remove metadata, redact visible content, verify a PDF, or convert a file into a smaller excerpt before an AI assistant sees it.
Supported inputs and privacy fields
Use this table as the main Freshmii file-type reference. “Supported inputs” means the practical formats Freshmii is designed around today, not a promise that every browser, damaged file, encrypted file, or unusual export will behave the same way.
| Freshmii workflow | Supported inputs | Privacy fields to review | What Freshmii can do | Verify before AI upload |
|---|---|---|---|---|
| Prompt and text scanning | Plain text, copied prompts, emails, support replies, logs, stack traces, document excerpts, and pasted markdown. | Emails, phone numbers, addresses, names, account numbers, credit card numbers, Social Security numbers, API keys, tokens, internal URLs, IP addresses, and organization-specific identifiers. | AI Prompt Privacy Checker automatically detects common sensitive data, then lets you review, restore, or manually label anything missed. | Search the cleaned prompt for known names, domains, ticket numbers, keys, and customer-specific words before pasting it into ChatGPT, Claude, Gemini, Copilot, or another AI tool. |
| Image metadata inspection and removal | JPEG, PNG, WebP, HEIC, HEIF, GIF, AVIF, and common image exports. TIFF and BMP should be treated as browser-dependent inspection or conversion cases. | GPS coordinates, GPS timestamps, camera make and model, lens data, software history, capture dates, author fields, copyright fields, XMP, IPTC, comments, AI prompt text, model names, seeds, samplers, and workflow chunks. | Metadata Inspector lists hidden fields. Metadata Remover strips selected categories such as location, identity, timestamps, camera fields, and AI metadata where the format allows it. | Reopen the cleaned file in Metadata Inspector. Confirm GPS, author, timestamp, and AI workflow fields are gone or reduced to fields you intentionally kept. |
| Screenshot redaction | PNG, JPG, JPEG, WebP, and clipboard screenshots. | Visible pixels: names, emails, balances, addresses, account IDs, internal URLs, browser tabs, API keys, tokens, private dashboards, admin controls, chat history, and customer records. | Screenshot Redactor lets you draw blackout regions and export a cleaned image. This is for visible content, not hidden metadata alone. | Zoom in on the exported screenshot. Check edges, headers, browser bars, sidebars, tabs, and any small text. Run Metadata Inspector if the screenshot export came from another tool. |
| PDF visible redaction | Standard, non-encrypted PDF files. | Visible page text, signatures, account numbers, names, clauses, exhibits, tables, embedded screenshots, comments printed into the page, and anything selectable or visible in the PDF viewer. | PDF Redactor draws permanent redaction boxes and exports a new PDF where the covered page content is destroyed on export. | Open the exported PDF, search for the redacted terms, try selecting text around redaction boxes, and inspect the result with Metadata Inspector if document properties also matter. |
| PDF and DOCX metadata cleanup | PDF and DOCX files. Legacy .doc files should be converted locally or excerpted before AI upload. | PDF title, author, subject, keywords, creator, producer, creation date, and modification date. DOCX core properties, app properties, custom properties, comments, tracked-change signals, hidden text markers, external relationships, and sensitive media filenames. | Metadata Inspector shows document fields. Metadata Remover can clear selected document metadata and produce a cleaned copy for supported PDF and DOCX cases. | Inspect the cleaned PDF or DOCX again. For DOCX, reopen a copy locally and confirm comments, revisions, hidden text, and document properties no longer expose private context. |
| AI output cleanup | Copied AI output, markdown, generated emails, reports, summaries, and text you plan to reuse in another system. | Private details echoed back by the AI, hidden Unicode, directional marks, over-formatting, markdown artifacts, unsupported citations, filler phrases, and sensitive examples that should not be reused. | AI Text Cleaner removes markdown clutter, hidden characters, and common filler patterns so reused text is easier to review. | Search the cleaned output for original names, numbers, domains, ticket IDs, or quoted private text. Cleanup formatting does not replace a privacy review. |
Privacy fields by category
Different formats expose different privacy fields, but the categories repeat. Use the category table when you are not sure which cleanup path fits the file.
| Privacy category | Examples | Why it matters for AI search and prompts | Common formats | Freshmii verification step |
|---|---|---|---|---|
| Location and GPS | Latitude, longitude, altitude, GPS timestamp, camera direction, speed, city, state, country, and sublocation fields. | A single photo can reveal a home, work site, school, client office, or travel pattern even when the visible image looks ordinary. | Photos and mobile image exports, especially JPEG and HEIC or HEIF. | Inspect the original, remove location fields, then inspect the cleaned copy and confirm the GPS category is gone. |
| Identity and authorship | Author, creator, last modified by, camera owner name, company, manager, copyright, credit, source, and custom document owner fields. | Author fields can reveal who created a file, which company produced it, or which client account it belongs to. | PDF, DOCX, image metadata, and generated exports from design or office tools. | Use Metadata Inspector before and after removal. For documents, also check the file properties in your local editor. |
| Timestamps | Created, modified, digitized, captured, exported, edited, and GPS date-time fields. | Dates can reveal project timelines, incident windows, employment activity, location history, or when a customer interaction happened. | Photos, screenshots from some tools, PDFs, DOCX files, and generated image workflows. | Remove timestamp categories when the AI task does not need them, then verify no original date fields remain. |
| Camera, software, and technical fields | Camera make and model, lens, orientation, color profile, dimensions, compression, software, creator tool, EXIF version, and rendering fields. | Some fields are harmless rendering details, while device and software fields can reveal equipment, app history, or a production workflow. | Image files and exported PDFs. | Remove private camera and software fields where useful, but expect some safe technical fields to remain so the file renders correctly. |
| AI workflow metadata | Prompts, negative prompts, model names, seeds, step counts, CFG scale, sampler, scheduler, workflow JSON, ComfyUI nodes, and Stable Diffusion parameters. | Generated-image metadata can reveal proprietary prompt strategy, client concepts, unpublished creative direction, or restricted model details. | PNG, WebP, JPEG, and other AI image exports depending on the generator. | Inspect for AI metadata, strip AI fields with Metadata Remover, then inspect the cleaned export again. |
| Document package content | Comments, tracked-change markers, hidden text, custom XML, external relationships, embedded media names, revision counts, templates, and application fields. | Document packages can carry review history and internal names even after the visible page looks clean. | DOCX and other office-style package files. | Use DOCX metadata inspection and removal, then open the cleaned copy locally to check comments, revisions, and hidden text display options. |
| Visible pixels and visible text | Names, faces, emails, IDs, balances, addresses, screenshots of dashboards, browser tabs, API keys, pasted logs, tables, and signatures. | AI assistants can read visible content directly through uploaded images, screenshots, PDFs, and copied text. | Prompts, screenshots, PDFs, images, and document excerpts. | Redact or reduce visible content first, then zoom in, search exported PDFs, and scan copied text before upload. |
How to choose the right cleanup workflow
Start with the smallest useful input. If the AI task only needs three paragraphs, do not upload a full contract. If it only needs one error message, do not paste a full production log. Smaller inputs reduce both visible exposure and hidden metadata exposure.
For text, start with the AI Prompt Privacy Checker. Let it automatically detect common sensitive data, then review the highlights instead of blindly accepting every replacement. Restore false positives when the AI task needs the term, and manually label names, customer-specific values, internal project codes, or secrets the automatic scan did not catch.
For photos and generated images, start with Metadata Inspector. If the image has GPS, identity, timestamp, camera, software, copyright, or AI workflow fields the AI task does not need, run Metadata Remover. Reopen the cleaned file and confirm the sensitive fields were removed.
For screenshots, focus on the pixels. Screenshots often carry less useful metadata than camera photos, but they can reveal far more through the interface itself: account names, browser tabs, private URLs, balances, support tickets, customer records, admin buttons, internal dashboards, and API keys. Use Screenshot Redactor, then inspect the exported screenshot at full size.
For PDFs, split the problem into visible content and metadata. Use PDF Redactor for visible text, tables, signatures, account numbers, and page images. Use Metadata Inspector and Metadata Remover for author, creator, producer, title, keyword, date, and other document properties. A black box on the page does not automatically clean hidden metadata, and metadata removal does not redact visible text.
For DOCX files, treat document history as a privacy surface. A file can show clean final text while comments, tracked-change signals, custom properties, hidden text markers, or relationship targets still reveal review context. Freshmii targets DOCX, not legacy .doc. If you have a legacy document, convert it locally, export a needed excerpt, or avoid uploading the whole file.
Unsupported and limited cases to flag
Freshmii is browser-local by design, so the browser matters. The W3C File API provides the browser file-handling model Freshmii uses, but individual image decoders, file encoders, and unusual exports still vary. If a file fails to load, appears corrupted, or exports differently than expected, treat that as a signal to convert the file locally or use a smaller excerpt.
Encrypted or password-protected PDFs should not be treated as standard PDF redaction inputs. Unlock or export only the needed pages in a trusted local app first, then inspect the result before using AI.
Legacy .doc files are not the same as DOCX files. DOCX uses the Open XML package format, which makes many document properties and package parts inspectable in a browser-local workflow. Legacy .doc files should be converted locally or reduced to copied text before AI upload.
OCR is a separate concern. A screenshot or scanned PDF may contain visible text, but Freshmii’s redaction tools do not guarantee that every visible word has been automatically recognized. For screenshots, manually black out the visible pixels. For PDFs, search and inspect the exported file after redaction.
Names and organization-specific secrets are context-sensitive. Automatic detection can catch common patterns such as emails, phone numbers, account numbers, credit cards, API keys, tokens, IP addresses, and common identifiers. It cannot know every internal codename, customer nickname, private domain, or one-off secret. That is why Freshmii’s prompt workflow includes manual labeling and review.
A practical before-AI upload sequence
Use this sequence when a file or prompt contains real people, customers, code, support history, financial records, HR information, legal text, screenshots, or unpublished work.
- Decide whether the AI task needs the whole file or only an excerpt.
- If it is text, scan it with AI Prompt Privacy Checker and manually label anything missed.
- If it is an image, inspect metadata before relying on the preview.
- If it is a screenshot, redact visible private pixels and review the export at full size.
- If it is a PDF, redact visible content and inspect metadata as separate steps.
- If it is a DOCX file, check author fields, comments, tracked-change signals, hidden text, custom properties, and relationships.
- Reopen or re-inspect the cleaned copy, not only the original.
- For a high-risk file, use the Network tab verification guide to confirm the local cleanup action did not create an upload request.
This table does not replace judgment. It gives you a repeatable map: identify the file type, identify the privacy field, choose the smallest cleanup workflow that preserves the AI task, and verify the cleaned copy before it reaches the AI provider.