How It Works
How It Works

How PrivaiShield Works

Two detection engines work together in a hybrid approach — a real-time entity recognition engine plus deep learning–powered NER — to ensure sensitive data never reaches any AI model unprotected.

The Redaction Pipeline

A four-step process that scrubs sensitive data before it ever reaches an AI model, giving you full answers with zero exposure.

STEP 01

You send a prompt or file

Paste text, upload a document, or connect via API. Your data enters the PrivaiShield detection engine.

Supports plain text, PDFs, DOCX, spreadsheets, and structured data formats.

STEP 02

PII detection and redaction

Our multi-layered engine scans for 19+ entity types including SSNs, addresses, emails, phone numbers, credit cards, medical record numbers, and more. All detected entities are replaced with reversible tokens.

The first detection layer runs instantly in-browser. Enhanced mode adds a second layer — deep learning–powered NER via AWS Comprehend and Presidio — to catch names and context-dependent data.

STEP 03

Sanitized data goes to AI

Only the redacted version reaches the AI model. The AI processes your request using anonymized placeholders instead of real data.

Compatible with OpenAI, Anthropic, Google, Azure, and self-hosted models.

STEP 04

Response is re-identified locally

The AI response comes back with placeholders. PrivaiShield maps them back to the original values on your device, giving you a complete, accurate answer.

The mapping table never leaves your device and is encrypted at rest.

Reviewing Redacted Output

After PrivaiShield redacts your content, you should always review the output before sending. The review experience differs by platform:

Web Chat

Original text on the left, redacted version on the right. Compare side-by-side to verify all sensitive data has been replaced.

Browser Extension

A modal overlay shows each detected entity with its type, original value, and replacement token before you confirm sending.

What to check:
NamesVerify personal names are replaced with [PERSON_1], [PERSON_2], etc.
Contact infoEmails, phones, and addresses should appear as [EMAIL_1], [PHONE_1], [ADDRESS_1].
IDs & numbersSSNs, account numbers, and MRNs should be tokenized (e.g., [SSN_1], [MRN_1]).
Context cluesLook for indirect identifiers (e.g., “the doctor on floor 3” might still identify someone).
Edge casesUnusual formats, nicknames, and abbreviations may not be caught automatically.
Always review before sending

No automated system is perfect. Always review the redacted output before sending, especially when working with highly sensitive data like PHI or legal documents.

See the browser extension overlay docs and the web chat demo for interactive examples.

Standard vs Enhanced (Hybrid) Detection

PrivaiShield offers two detection modes. Standard mode runs a real-time entity recognition engine in-browser. Enhanced mode adds a second layer of deep learning–powered NER for the most comprehensive coverage.

Standard Mode

All plans

Runs a real-time entity recognition engine entirely in your browser. Your raw data never leaves your machine — zero network requests for PII detection.

  • 19+ entity types detected in real time
  • Zero-knowledge: no data sent to any server
  • Sub-second processing, works offline
  • Catches SSNs, emails, phones, addresses, and more

Enhanced Mode (Hybrid)

All plans

Combines the in-browser detection engine with deep learning–powered NER (AWS Comprehend + Presidio) for comprehensive coverage. The first layer runs instantly while the cloud NER layer catches names and context-dependent entities.

  • In-browser engine for instant results
  • AI-powered name and entity recognition
  • Both layers combined for best accuracy
  • HIPAA-eligible environment, data never stored
  • Encrypted in transit, audit-logged for compliance

Architecture

In standard mode, nothing sensitive ever leaves your device. In enhanced (hybrid) mode, the in-browser engine runs first for instant protection, then your data passes through a KMS-encrypted, isolated AWS pipeline for comprehensive NER-based detection before reaching the AI model.

YOUR DEVICE (TRUST BOUNDARY)
User Input
Raw prompts & files
Detection Engine
Real-time entity recognition
Token Vault
Encrypted mapping
TLS 1.3 ENCRYPTED
ENHANCED CLOUD DETECTION (ALL PLANS)
AWS Comprehend
Deep learning NER
Presidio
Hybrid PII pipeline
KMS Encryption
Isolated VPC, no egress
SANITIZED DATA
EXTERNAL (UNTRUSTED)
AI Model
Receives only sanitized data
AI Provider
Cannot reconstruct PII

Compliance Coverage

PrivaiShield is designed to help you meet the strictest regulatory requirements for AI use.

HIPAA
Health Insurance Portability and Accountability Act

PHI is redacted before reaching any AI model. Satisfies the Safe Harbor de-identification standard under HIPAA §164.514(b).

  • 18 HIPAA identifiers removed
  • BAA available for enterprise plans
  • Audit logging for all redaction events
  • PHI never stored on external servers
GDPR
General Data Protection Regulation

Personal data is anonymized before reaching any AI model, meeting GDPR’s data minimization principle. No personal data is transferred to third-party processors.

  • Data minimization by design
  • Right to erasure supported
  • No cross-border data transfer of PII
  • DPA available for all plans
Legal Confidentiality
Attorney-Client Privilege & Work Product

Client names, case details, and privileged information are scrubbed before AI processing, preserving legal confidentiality obligations.

  • Client identity protection
  • Case detail anonymization
  • Work product doctrine compliance
  • Ethics rule alignment