Your employees use AI daily. Salus ensures personal data is automatically stripped before anything reaches US-based AI providers — keeping your organization GDPR-compliant.
When an employee asks ChatGPT to "draft an email to John Smith at john@acme.com about the contract at 123 Main Street" — they just sent personal data to servers in the United States. Under GDPR, that's a cross-border transfer of personal data requiring legal basis, data processing agreements, and transfer impact assessments.
Most organizations either ban AI tools entirely — losing productivity — or ignore the risk and hope for the best.
[PERSON_1] and [EMAIL_1] instead of real names, GDPR transfer restrictions may not apply at all.
Personal data never leaves your infrastructure. Only anonymized text reaches external AI providers.
No training needed. Write prompts with real names, addresses, IDs — as normal.
→Self-hosted AI identifies personal data and substitutes with irreversible placeholders.
→Claude, GPT, or Gemini processes anonymized text. No personal data crosses borders.
→Placeholders are mapped back to real values on your infrastructure. User sees the full response.
Summarize the NDA between [COMPANY_1] and [PERSON_1] (ID: [ID_1]). Her email is [EMAIL_1]
Choose the deployment model that fits your compliance requirements. Both options keep the anonymization engine within your legal jurisdiction.
We deploy and manage the anonymization engine on a dedicated server in your country. You get a private endpoint — nothing shared.
Deploy the full Salus stack on your own servers, VPC, or air-gapped environment. No data ever leaves your network.
Legal, finance, healthcare, government — any organization handling sensitive personal data.
Anonymized data may fall outside the scope of data processing agreements entirely, per the SRB ruling. Your DPA obligations are drastically simplified.
Since AI providers cannot re-identify data subjects from placeholders, Schrems II transfer concerns are mitigated at the technical level.
The anonymization AI runs entirely on your infrastructure. No personal data is sent to any third party for the purpose of anonymization.
Every anonymization operation is logged — what was detected, what was replaced, who triggered it. Ready for DPO review and compliance audits.
Users can see exactly what AI saw (anonymized view) vs. what they see (restored view). Full transparency for both employees and compliance officers.
Upload contracts, invoices, court filings, medical records — PDFs, DOCX, images. All PII is anonymized before any AI model processes the content.
Start with the free web app, or talk to us about a dedicated deployment in your jurisdiction.