Use Claude, ChatGPT, and Gemini on real work.
Without real data leaving.

The NodeShift Anonymisation Engine detects sensitive data in every prompt, replaces it with tokens before the prompt leaves your environment, then restores the real values in the response — so external frontier models work on placeholders, not your secrets.

Without anonymization, “use external models” is a non-starter.

Most regulated organizations face the same wall. The frontier models that everyone wants to use — Claude, ChatGPT, Gemini — are hosted by external providers. Sending a prompt to them means sending data across your perimeter. For real work — drafting customer correspondence, analyzing financial data, reviewing internal documents, working with source code — that data is sensitive by definition. So the AI gets blocked. So the productivity gap widens. So shadow IT begins.

Anonymization breaks the deadlock. Sensitive entities are detected and replaced with placeholder tokens before the prompt leaves your environment. The external model works on the structure of the request, not its contents. The response comes back tokenized. NodeShift restores the real values inside your perimeter, and your user receives a contextually accurate answer.

The model never saw the data. Your regulator can verify it. Your DPO can sign off. Your developers can ship.

Without Anonymization

Raw data leaves. Audit nightmare.

→ Outbound to external model

"Draft email to John Smith, confirming AED 2.5M wire from AE07 0331 2345 6789 …"

With NodeShift

Only tokens cross. Audit-ready.

→ Outbound to external model

"Draft email to [NAME_1], confirming [AMOUNT_1] wire from [IBAN_1] …"

Five stages. One round trip. Zero exposure.

Every prompt sent to an external model passes through the same five-stage round trip. The engine runs entirely inside your perimeter — including the local detection LLM that does the work.

Detection

A purpose-built detection LLM running locally in your environment scans every outbound prompt. Sub-100ms latency.

Inputs
Prompt
Files
Context
Target Model

Tokenization

Every detected entity is replaced with a deterministic placeholder. The original-to-token mapping is sealed inside your perimeter.

Output
Anonymized Prompt
+ Sealed Mapping

External Invocation

The anonymized prompt is sent to Claude, ChatGPT, Gemini, or any of 140+ supported models. Structure and intent — never raw values.

Sent
Tokenized Prompt

De-Anonymization

The model's response returns to your perimeter. The sealed mapping restores the original values — reassembled inside your environment.

Output
Contextually Accurate Response

Audit & Deliver

Both the anonymization and de-anonymization events are recorded as immutable audit entries. Then — and only then — is the response delivered.

Captured
Entities
Model
User
Timestamp

Critical guarantee. Raw sensitive data never crosses your perimeter boundary. Even when the prompt requires an external model, only tokens are transmitted. Even when the response needs full context, restoration happens inside your environment.

What the engine catches.

The detection LLM combines named-entity recognition with regex pattern matching, region-aware identifier validation, and customer-defined classification rules. Detection scope is configurable — these are the defaults.

Personal Data (PII)

Identity attributes that map to GCC privacy regimes — UAE PDPL, KSA PDPL, Qatar PDPL.

Detected

Names, email addresses, phone numbers
Emirates ID, Saudi National ID, QID, Iqama
Passport, driver's license numbers
Physical addresses, dates of birth
Biometric and health identifiers

Financial Data

Banking and payment identifiers, validated by check-digit and format rules where applicable.

Detected

IBAN (Emirati, Saudi, Qatari, Bahraini, Omani)
Account numbers, cards (Luhn-validated)
SWIFT codes, transaction IDs
Transaction amounts in context
Loan and policy reference numbers

Credentials & Secrets

Technical secrets that should never appear in any external prompt — critical for Compliant Vibe Coding.

Detected

API keys (AWS, GCP, Azure, OpenAI, Anthropic)
OAuth, JWT, refresh tokens
Private keys, certificates, SSH keys
DB connection strings, internal hostnames

Confidential Business Content

Proprietary content classified by your information security policy.

Detected

Customer-defined document patterns
M&A and deal-related content
Litigation, discovery, privileged material
Strategy memos and board papers
Source code referencing internal systems
Anything in your Information Classification Policy

What the user types. What the model sees.
What the user gets back.

What the user types

"Draft a customer reply explaining why we declined the loan application from Aisha Al Mansoori (Emirates ID 784-1985-1234567-8). Reference application AL-2026-09142 dated April 14, and our internal credit memo CM-09442. Use a polite, regulation-compliant tone."

[Inside perimeter]

→ Anonymizing…

What the external model sees

"Draft a customer reply explaining why we declined the loan application from [NAME_1] ( [NATIONAL_ID_1] ). Reference application [REFERENCE_1] dated [DATE_1], and our internal credit memo [REFERENCE_2]. Use a polite, regulation-compliant tone."

[outside perimeter]

Sent to Claude / ChatGPT / Gemini — without a single sensitive value.

What the user gets back

"Dear Ms. Aisha Al Mansoori, Thank you for your application AL-2026-09142 dated 14 April. After careful review, including the analysis in credit memo CM-09442, we regret to inform you…"

[restored inside perimeter]

✓ Delivered

Your sensitivity rules. Your token formats. Your control.

NodeShift ships with a default entity catalog — PII, financial identifiers, credentials, and content classifiers — covering the categories required by UAE PDPL, KSA PDPL, Qatar PDPL, Bahrain PDPL, Oman PDPL, ISO 27001, and SOC 2 Type II. Every default can be customized.

Your security team controls which entity types are detected, which models they apply to, what token format the placeholders use ([NAME_1] vs <<NAME>> vs XXX-NAME-001), and which entities are reversible (de-anonymized on return) versus irreversible (permanently masked, never restored). The platform enforces what you configure — not what someone else thinks you should care about.

Every anonymization event. Logged. Searchable. Auditable.

Anonymization without an audit trail is a black box. NodeShift records every detection, every masking action, and every restoration as an immutable event — so your compliance team can prove to a regulator exactly what was protected, when, and how.

Per-event detail

Click any row to see exactly which spans were detected, which token replaced them, and which rule fired.

Compliance reports

Export anonymization activity by user, by department, by date range, by regulation.

Tamper-evident

Logs are append-only and cryptographically chained. Configurable retention per regulatory requirement.

Anonymization is the control your privacy regime requires.

Every GCC data protection regime treats anonymization and pseudonymization as a recognized safeguard for cross-border processing. NodeShift implements the controls your regulators expect — and gives you the evidence to prove it.

Real work. With real models.
Without real exposure.

Customer Correspondence

Draft replies, summaries, and explanations that reference real customer data — without that data ever reaching the external model. Names, account numbers, and identifiers are tokenized before transmission and restored on return.

Compliant Vibe Coding

Developers use Claude, ChatGPT, and frontier coding models on real codebases. API keys, internal hostnames, and credentials are detected and permanently masked — never restored, never transmitted, never logged in plaintext.

Document Intelligence

Process supervisory reports, contracts, and regulated submissions through external models without their sensitive contents leaving your environment. Entities are tokenized; structure is analyzed; the output comes back fully restored.

Cross-Jurisdiction Operations

Run AI workflows across multiple GCC jurisdictions — each with different residency rules — using one anonymization layer that enforces the strictest applicable regime per request.

The institutions that back NodeShift.

Ready to try?

The ideal way for organisations young and old to ease their way into the decentralized cloud at their own pace.

NodeShift - your private AI and governance platform.

English (EN)
Arabic (AR)

JavaScript is disabled in your browser. For a better experience, please enable JavaScript.Learn how to enable JavaScript.

Anonymisation Engine | NodeShift