The Veil
The AI sees the data. Never the person. Enforced by infrastructure, not policy.
Deploys to your infrastructure. We never see your data. Not a SaaS — not now, not ever.
GDPR Art. 25 · EU AI Act Art. 10 · Infrastructure-level enforcement
EU AI Act enforcement in --- days
Is your AI infrastructure ready?
The problem
Redaction is a promise. The Veil is proof.
Every enterprise is sending sensitive data to cloud AI providers — and trusting their terms of service to keep it safe. Providers change policies, get breached, get subpoenaed. Your compliance posture shouldn't depend on someone else's security team. GDPR fines hit €2.3B in 2025 alone. EU AI Act enforcement begins August 2026 with penalties up to 3% of global revenue.
The standard approach — strip names before sending data to the AI — is a software promise. A bug in the redaction code leaks customer names. A developer changes the rules. A compromised service skips redaction entirely. You only find out when the regulator does.
The Veil makes it architecturally impossible. The AI and the identity data are in separate network zones that cannot communicate — enforced at the infrastructure level, not application code. We can prove it with one command, in any deployment, at any time.
How it works
Two worlds. One bridge. Zero exposure.
The AI and the identity data are in separate network zones that cannot communicate. Enforced via Docker network segmentation and Kubernetes NetworkPolicies — not application code.
Identity Vault
Knows who. Names, emails, account numbers. Encrypted at the column level with row-level access control. OIDC authentication.
ID Bridge
The only link. Generates opaque pseudonymous tokens with time-based rotation. Re-linkage requires legal basis, dual approval, and audit trail.
AI Processing
Knows what. Patterns, risks, insights. Sees tokens only, never identities. Works with Anthropic, OpenAI, Mistral, or local models.
PII Detection
Three layers of PII detection. Zero guesswork.
Every piece of user-submitted data passes through a multi-layer sanitization pipeline before reaching the AI. Each layer catches what the previous one missed. Operator-controlled prompt templates are static instructions and are rejected at the gateway if they contain hard identifiers.
Presidio NER
ActiveNamed entity recognition with spaCy models for German, English, and French. 11+ custom recognizers including Sozialversicherungsnummer (SVNR), Steuer-ID, Personalausweisnummer, Fallnummer, IBAN, US SSN, Medical Record Numbers, and ServiceNow ticket patterns. Cologne phonetics and Levenshtein distance scoring detect PII even with misspellings and abbreviations.
QI Risk Engine
ActiveQuasi-identifier scoring detects re-identification risk from field combinations — even when no single field is PII. Uses k-anonymity estimation, l-diversity checks, and differential privacy budget tracking to score every record. Example: 'Female, age 67, ZIP 60314' scores at 0.72 risk and is auto-generalized to 'age band 65-69, ZIP prefix 603.' No other AI privacy platform offers automated quasi-identifier scoring.
LLM PII Shield
Deep scanFine-tuned Qwen 2.5 7B model running on a dedicated GPU instance inside the identity sandbox. Catches context-dependent PII that pattern matching misses. Raises detection from ~75% to >90%.
Detection rules are config-driven. PII detection supports German, English, and French text with language-specific context models and lemma-based boosting. A default config ships with every engagement; the sanitizer config is scoped and tuned per workflow during the Assessment.
The Veil Protocol
Signed attestation that isolation held.
Every request generates a Veil Certificate — a signed, timestamped, independently verifiable attestation that identity data and AI processing were isolated throughout the entire pipeline.
Signed claims across the pipeline
The Gateway emits an Ed25519-signed, request-level Veil claim and fails closed if that evidence cannot be recorded. Bridge, Sanitizer, Sandbox B, and Audit emit additional signed claims on a best-effort basis; the Witness runs all five consistency checks on whatever arrives and marks each certificate FULL or PARTIAL.
External timestamping
Certificates are timestamped via RFC 3161 TSA and logged to Sigstore Rekor transparency log. Tamper-evident, externally verifiable, court-admissible.
Three views for three audiences
DPO summary for compliance officers. Technical proof for security engineers. Regulatory mapping (GDPR Art. 25/32, EU AI Act Art. 10/15) for auditors.
The Gateway fails closed on its own Veil evidence: if it cannot record a signed, request-level claim, the inference is refused at the edge. Downstream pipeline services emit signed claims on a best-effort basis, so the Witness marks each certificate FULL or PARTIAL depending on which claims arrived. The protocol proves isolation happened; infrastructure (Kubernetes NetworkPolicies, network segmentation) is what enforces it.
Use cases
One launch vertical. The architecture applies beyond it.
ITSM / ServiceNow (current launch vertical)
Privacy-first Now Assist and internal ticket workflows. The AI classifies tickets and suggests resolutions without ever seeing the employee's name, email, or device identifier. This is the current launch focus.
Finance (architecturally applicable)
Fraud detection, credit risk, AML on pseudonymised token streams. Architecturally applicable follow-on vertical — not a currently marketed launch offering.
Healthcare (architecturally applicable)
Clinical AI, drug interactions, diagnostics on pseudonymised records. Architecturally applicable follow-on vertical — not a currently marketed launch offering.
Trust
Built to be audited.
Use-Case Analyzer
Can The Veil help your team?
Describe your scenario — our AI evaluates honestly whether The Veil fits.
Ready to deploy AI on sensitive data?
The Veil deploys on your infrastructure in hours. Not a SaaS — we never see your data. No vendor lock-in. No foreign jurisdiction. Runs on standard Kubernetes — no special hardware required. In split deployment, only sanitized text, opaque pseudonymous tokens, and content hashes cross infrastructure boundaries. Fully local / air-gapped is the recommended default for healthcare and government.