Real-time pseudonymization with automatic restoration. Zero backend infrastructure, zero telemetry, 100% browser-resident protection. Deploy via GPO/MDM in minutes. Enterprise dashboard included.
See how Red Vault transforms sensitive data into synthetic twins that preserve context for AI understanding.
Deterministic pattern matching for every structured identifier in your enterprise workflows.
Instantly identify and sanitize AWS access keys, OpenAI tokens, GitHub PATs, Stripe keys, and dozens more secret formats before they reach any AI platform.
Protect SWIFT/BIC codes, bank routing numbers, credit card PANs, IBANs, and tax identifiers with format-preserving substitution.
SSNs, SINs, phone numbers, email addresses, and postal codes detected and replaced with contextually valid synthetic equivalents.
Instant protection for FQDNs, internal IPs, MAC addresses, device IDs, and infrastructure hostnames that reveal your network topology.
Scans PDFs, Word documents, Excel spreadsheets, and images in real-time. Detects structured identifiers in uploaded documents before they reach AI platforms, covering all identifier categories above.
Traditional DLP breaks workflows. Red Vault sanitizes structured identifiers while preserving context for AI understanding.
"Deploy to server [REDACTED] using API key [REDACTED]. Contact [REDACTED] at [REDACTED]. Credit card [REDACTED], CVV [REDACTED]. Tax ID: [REDACTED]."
AI can't help because all context is lost. Users get frustrated and work around security.
"Deploy to server prod-db.company.com server-01.example.net using API key sk_live_51H2xK9... sk_test_XXXXXXXXXXXX . Contact john.snow@abc.com user@example.com at 416-555-0199 555-000-0000 . Credit card 4532-1234-5678-9010 4XXX-XXXX-XXXX-0000 , CVV 123 XXX . Tax ID: 12-3456789 XX-XXXXXXX ."
Hover over the text to reveal originals. AI understands the context and provides relevant help—without seeing your real data.
Replaces sensitive identifiers with realistic tokens inside browser RAM. Creates an ephemeral mapping table that auto-expires after 30 minutes or on tab close. Never written to disk.
AI responses are de-pseudonymized locally using the ephemeral map. The user sees real data — the AI platform never did. Your actual values are restored seamlessly without any user action.
Pre-upload interception for PDF, DOCX, XLSX, TXT, CSV, JSON, LOG, XML, YAML files. Local text extraction via pdf.js. Policy-based: redact content or block upload entirely.
100% browser-resident processing. No proxy servers, no cloud relay, no vendor infrastructure to deploy or maintain. Raw prompts never leave your browser — ever.
AI Risk Level (0-100 composite score), Sensitive Data Points Prevented counter, High-Risk Events Blocked, Severity Tier Breakdown, and Compliance Coverage mapping across HIPAA, PCI DSS, GDPR, and PIPEDA.
Deploy managed policies via Windows Registry (Chrome + Edge). Force-install via ExtensionInstallForcelist. Read-only enterprise rules pushed via GPO — no user configuration required.
The user types a prompt into ChatGPT, Gemini, or any AI platform. Red Vault detects the input event before it is transmitted — entirely within the browser.
The engine scans for structured sensitive identifiers: Email, Phone, Credit Card, SSN/SIN, API Keys, Passwords, IP addresses, and Enterprise Managed Keywords (Regex/Substring). Pattern matching is deterministic — no AI guesswork.
Detected values are replaced with realistic tokens inside browser RAM. An ephemeral lookup table is created: john.doe@company.com ↔ user_a7f2@placeholder.com. This map auto-expires after 30 minutes or on tab close. It is never written to disk.
The sanitized prompt is sent to the AI platform. The AI sees only safe tokens — never your real credentials, financial data, or sensitive identifiers. If the AI platform is breached, attackers see Project_Alpha_Token, not your real project name.
The AI generates a response using the pseudonymized tokens. Red Vault intercepts the incoming response and maps tokens back to original values using the ephemeral lookup table — locally, in your browser. The user sees real data. The AI platform never did.
All sanitization events are logged as metadata only — no raw PII stored. The enterprise dashboard tracks AI Risk Level (0-100), Sensitive Data Points Prevented, High-Risk Events Blocked, and Compliance Coverage across HIPAA, PCI DSS, GDPR, and PIPEDA.
If session mapping is lost (browser crash, 30-min timeout, tab closure): data remains pseudonymized — the system does NOT attempt to guess restoration. This prevents incorrect data injection. It is a security feature, not a bug.
Red Vault Privacy detects and pseudonymizes structured sensitive identifiers including API keys, credentials, credit card numbers, SSNs, Tax IDs, phone numbers, email addresses, IP addresses, and other pattern-based data types. Contextual or free-text identifiers (such as personal names in natural language) are not automatically detected unless explicitly configured through client-defined custom dictionaries. Organizations are responsible for configuring detection rules appropriate to their specific data protection requirements.
Red Vault Privacy provides specific technical controls that support your compliance obligations. Our client-configurable approach lets security teams define detection rules aligned with PIPEDA, Quebec's Law 25, HIPAA, PCI DSS, and GDPR requirements.
| Framework | Risk Vector Protected | Technical Control |
|---|---|---|
| HIPAA | PHI Leakage to 3rd Party | Detects and pseudonymizes medical identifiers (SSN, Email) before transmission to AI platforms |
| PCI DSS | Cardholder Data Exposure | Masks credit card numbers (Luhn check validated) and financial identifiers before AI transmission |
| GDPR | Cross-border Data Transfer | Minimizes personal data shared with US-based AI services, supporting Data Minimization Principle |
| PIPEDA / Law 25 | Unauthorized Disclosure | Enforces monitoring and masking of Canadian personal data (SIN, Phone) in AI prompts |
Join Canadian enterprises using deterministic data protection to enable safe AI adoption.