ai-compliance
AIIA Privacy Proxy — your data stays local
Most AI services require users to send prompts and sensitive data directly to external providers. AIIA Privacy Proxy takes a different approach: requests are anonymized, filtered, and routed through a secure local proxy before reaching any AI model. The result is greater control, improved privacy, and reduced compliance risks for businesses that want to use AI without exposing confidential information.
The problem
Your team already uses ChatGPT, Claude and Gemini every day — and along the way they paste in customer names, salaries, contracts, e-mail addresses and IBANs. Every one of those prompts leaves the company and is processed on a cloud provider's servers, where you no longer control it. Under the GDPR and the Swiss FADP, and in any regulated industry, that is a real and growing risk — and it usually happens quietly, prompt by prompt.
The idea: a privacy proxy that never leaves your infrastructure
A small local server sits between your people and the cloud model. Before a prompt is sent, it automatically detects sensitive data and replaces it with realistic stand-ins (for example Jan Hoffmann → Sönke Stiffel). Only this obfuscated version travels to the cloud. When the answer comes back, the same server restores the real values locally. The cloud model answers correctly — it simply never learns who or what the request is really about.
The values that are actually needed for a correct answer (an income for a tax question, say) are kept, while the identity is removed — so you get useful answers and privacy.
Why every employee needs it
Data protection is only as strong as the most careless prompt. A single person pasting a client list into a chatbot is enough. That is why obfuscation has to be automatic and apply to everyone — wired in as a skill or system-prompt that runs before every request, for the whole team and not just the cautious few. It turns “please be careful with AI” into a guarantee you can actually give.
It runs on your own infrastructure
Everything that touches real data — detection, the secure mapping vault and restoration — runs on a server you control. Real values are never transmitted in clear text and never stored by a third party. Detection runs fully locally (Microsoft Presidio on spaCy), on plain CPU, multilingual, with nothing leaving your network. And it is provider-agnostic: the same proxy protects requests to ChatGPT, Claude, Gemini or any other LLM.
Try it on your own system
We can install a live showcase on your own infrastructure, so you can test it with your own data and watch, step by step, exactly what would — and would not — leave your network. From there it is a short path to a company-wide rollout.