Privian
Get Started

Solution

Add AI features without exposing sensitive user data

One masking layer for every AI feature you ship.

Route user prompts through Privian so personal and sensitive values are replaced with placeholders before any LLM provider call. New AI features inherit the same protections automatically.

Get StartedView Docs

Problem

Every AI feature is a new data path

Shipping AI features in a SaaS product means sending user data to a third-party model. End users paste customer names, emails, account identifiers and sometimes credentials into your search bars, chat boxes and smart forms. Each new feature is another path for that data to reach an LLM provider that doesn't need to see it.

Why this matters

What's at risk

  • User data egress

    Personal identifiers leave your perimeter on every AI call.

  • Repeated review work

    Each new AI feature triggers a fresh data-handling review.

  • Provider coupling

    Without a privacy layer, switching models means re-auditing data flow.

  • Accidental secrets

    API keys and tokens pasted by users end up in provider context.

How Privian fits

One masking layer for every feature

  • Provider-routed gateway

    Pick the model per request: OpenAI, Anthropic, Google, DeepSeek.

  • BYOK

    Your provider keys, encrypted at rest. Usage shows up on your account.

  • Simple JSON contract

    model + prompt + stream. No SDK rewrites once you're wired up.

  • Stable error model

    Predictable error categories instead of raw provider errors.

Architecture

Where Privian sits

User input  →  Your backend  →  Privian gateway  →  LLM provider
                                  │  mask
                                  │
                              (placeholders)
                                  │
                                  ▼
                              rehydrate  ←  provider response
                                  │
                                  ▼
                              Your app UI

Frontends do not need to change. Your backend already composes the prompt — Privian just changes where it goes.

Example flow

Example request

curl https://api.privian.io/v1/gateway \
  -H "Authorization: Bearer $PRIVIAN_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "model": "openai/gpt-5.5",
    "prompt": "Summarize this doc for user jane@acme.com (account #4821).",
    "stream": false
  }'

Use cases

AI features that benefit

  • Search assistants

    Natural-language search over user content without sending raw PII.

  • Smart forms

    AI-completed fields where the model never sees the underlying record.

  • Content generation

    Generate copy referencing user context with identifiers masked.

  • In-product chat

    Embed an assistant in your product without changing its data posture.

  • Summarization

    Summarize user-generated content without forwarding it verbatim.

  • Embedded copilots

    Ship vertical copilots in days, not weeks of review.

Implementation

Developer integration path

  1. Step 1

    Sign up

    Create a Privian account and add a provider key (OpenAI / Anthropic / Google / DeepSeek).

  2. Step 2

    Generate a gateway key

    Use a test key in staging and a live key in production.

  3. Step 3

    Send your first request

    POST /v1/gateway with model, prompt and optional stream.

  4. Step 4

    Migrate features

    Repoint each AI feature at the gateway. No SDK changes required.

  5. Step 5

    Observe

    Track request and entity counts in the dashboard. Content is never logged.

  6. Step 6

    Ship the next feature

    New AI surfaces inherit the same privacy layer by default.

Transparency

Beta limitations

  • No OpenAI SDK drop-in — small proprietary JSON contract
  • No native provider streaming (artificial chunking in beta)
  • No tool / function calling support yet
  • No custom user-defined entities yet
  • No HIPAA / SOC 2 / PCI compliance claims today
  • Prompt size capped at 32 KiB

FAQ

Frequently asked questions

How do I secure AI features in SaaS?
Route every model call through Privian's gateway. User prompts are scanned for the supported entity set; matched values are replaced with deterministic placeholders before egress and restored in the response. The provider only ever sees the masked text.
Does Privian work with GPT and Claude?
Yes. Privian is provider-agnostic. You add your own OpenAI, Anthropic, Google or DeepSeek key and select the model per request using a provider/id format such as openai/gpt-5.5 or anthropic/claude-sonnet-4.5.
Does Privian support custom entity masking?
Not yet. The current beta ships a fixed catalog of personal identifiers, financial and national IDs, and developer secrets. Custom user-defined entities are tracked as future work.
What does the request look like?
A small JSON body: model (provider/id), prompt (string up to 32 KiB) and an optional stream flag. There is no messages[] array and no OpenAI SDK drop-in today.
Will adding Privian slow my AI feature down?
Masking is an in-memory step. The dominant cost in any AI feature is still the provider's own latency.
Do my users' prompts get stored?
No. Raw prompts and responses are never persisted. Only structural counters used for billing and observability are kept.

Learn more

Learn more about LLM security

Understand how prompt security, PII masking and privacy-first LLM gateways reduce sensitive data exposure in AI workflows.

Read the LLM security overview →

Related

Keep reading

Start building

Ship your next AI feature safely

Get StartedRead the docs