How it works
- Local identification: A small models running entirely on your device identifies private information in your query
- Smart replacement: Each piece of private data is replaced with a semantically equivalent alternative that preserves the context needed for a good response
- Secure routing: Your anonymized query is sent through privacy-preserving proxy to reach the model
- Automatic restoration: When the response comes back, we automatically restore your original information
Example in action
Three connected queries:- “I discovered my manager at Google is systematically inflating sales numbers for the cloud infrastructure division”
- “I’m considering becoming a whistleblower to the SEC about financial fraud at my tech company - could this affect my H1-B visa status?”
- “My skip-level is Jennifer who reports directly to Marc - should I talk to her first or go straight to the authorities?”
- “I discovered my manager at TechCorp is systematically inflating sales numbers for the enterprise software division”
- “I’m considering becoming a whistleblower to the SEC about financial fraud at my tech company - could this affect my H1-B visa status?”
- “My skip-level is Michelle who reports directly to Robert - should I talk to her first or go straight to the authorities?”
The privacy guarantees
Content-level protection
The anonymization follows these principles:- Personal names are replaced with culturally and contextually similar alternatives
- Company names become fictional entities from the same industry and size
- Locations under 100k population are mapped to equivalent synthetic locations
- Dates and times are shifted consistently to preserve relative timing
- Financial amounts are adjusted within a small range to maintain context
- Identifiers (emails, phone numbers, URLs) are replaced with randomized yet format-valid substitutes
Network-level protection
Even with perfect content anonymization, your query patterns could reveal information. We add network-level privacy through:- TEE proxy: Your queries are encrypted and routed through intermediate nodes, similar to Tor, we host these in Trusted Execution Environments (TEEs) that cryptographically guarantee they don’t log or store your queries
- Traffic mixing: Your queries blend with thousands of others, making individual tracking statistically infeasible with enough traffic