Privian security model

Privian focuses on one specific problem: reducing the amount of sensitive data that ever reaches an LLM provider. It is a privacy-reduction control on the egress path — not a full LLM security suite, not a compliance program, and not a substitute for content moderation or downstream model governance.

Privian helps reduce exposure of supported sensitive values in prompts before they leave your trust boundary:

• Personal identifiers

  Names, emails, phone numbers, IP addresses.

• Financial & national IDs

  Credit cards (Luhn-validated), IBANs, US SSN, Canadian SIN.

• Developer secrets

  JWTs, OpenAI keys, GitHub tokens, AWS keys, generic API keys, env-style secrets.

• Prompt egress

  The provider receives the masked prompt only. Original values are restored after the response.

We are explicit about what Privian is not. The current beta does not claim to:

• Block prompt injection
• Prevent jailbreak attempts
• Provide content moderation
• Guarantee downstream model behavior
• Replace an enterprise security program
• Provide HIPAA, SOC 2 or PCI compliance
• Secure tool / function calling
• Support native provider token streaming

The gateway is designed around zero raw retention:

• • Raw prompts are not stored.
• • Rehydrated responses are not stored.
• • The per-request placeholder → value map lives only in memory and is discarded after the response.
• • Sanitized observability events (model, status, latency, entity counts) and rollup metrics are stored — no payload content.

• Gateway API keys are stored as a SHA-256 hash. The plaintext is shown once at creation and is never recoverable from Privian.
• BYOK provider credentials (OpenAI, Anthropic, Google, DeepSeek) are encrypted with AES-256-GCM at rest. The plaintext is discarded immediately after encryption.
• Client-visible credential metadata is limited to the last four characters and a non-reversible HMAC fingerprint. Ciphertext, IV and master keys never leave the server.

Supported sensitive values are detected and replaced with deterministic placeholders before any outbound provider call. The provider receives the masked prompt only. Rehydration happens in-memory inside the gateway before the response is returned to your application. The token map is request-scoped and is discarded after response.

Privian addresses sensitive data exposure on the prompt egress path. It does not defend against malicious prompts crafted by end users, model misuse downstream of the response, abuse of your own application's authorization, or attacks against the provider itself. Use it alongside — not instead of — your existing application security and governance controls.

• No OpenAI messages[] API
• No OpenAI SDK drop-in
• No tool / function calling
• Artificial streaming only
• No custom user-defined entities yet
• No Norwegian fødselsnummer yet
• No prompt-injection blocking claim
• No HIPAA / SOC 2 / PCI certification

Does Privian store prompts?

No. Raw prompts and rehydrated responses are not persisted. Only sanitized observability events (counters, latencies, model, entity counts) and rollup metrics are stored.

Does the LLM provider see original sensitive values?

No. The provider only sees the masked prompt, where sensitive values have been replaced with deterministic placeholders such as PERSON_1 and EMAIL_1.

Does Privian stop prompt injection?

No. Privian does not currently claim to block prompt injection, jailbreak attempts or unsafe model output. Its focus is reducing sensitive data exposure in prompts before they reach the provider.

How are provider keys handled?

Provider keys are encrypted with AES-256-GCM at rest. The plaintext is discarded immediately after encryption. Only safe metadata (last4 + a non-reversible HMAC fingerprint) is returned to the client. The gateway hot path resolves credentials server-side and never exposes plaintext.

Is Privian compliant with HIPAA, SOC 2 or PCI?

No. Privian does not claim HIPAA, SOC 2 or PCI compliance today. It is a privacy-reduction control, not a substitute for a compliance program.

What data types are currently masked?

Personal identifiers (PERSON, EMAIL, PHONE, IP_ADDRESS), financial and national identifiers (CREDIT_CARD, IBAN, SSN_US, SIN_CA), and developer secrets (JWT, OPENAI_API_KEY, GITHUB_TOKEN, AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, GENERIC_API_KEY, ENV_SECRET, SECRET_TOKEN). Norwegian fødselsnummer is not yet supported.

• Category: LLM Security
• Category: AI Security Layer
• Product: Prompt Security
• Product: PII Masking
• Architecture
• Docs: Compliance
• Concepts: Zero retention
• API reference
• Updates

• Data path

  What reaches the model, what stays, what is logged.

• GDPR and LLMs

  How prompt-level controls fit EU privacy expectations.

• Sub-processors

  Providers Privian uses and what each one sees.

• Privacy

  Privacy notice for the Privian application and gateway.