v1.4 · Open source · Apache 2.0

The trust layer
between your application
and AI.

Every prompt, response, and tool call passes through CloakPipe. Sensitive data is pseudonymized before it reaches any third-party model, then restored in the response. Deterministic. Reversible. Fully audited. Under 50 ms.

Try for free See it live
< 50 msp95 overhead
AES-256customer-managed keys
Apache 2.0open-source core
Entities masked · last 24h LIVE
00:0006:0012:0018:00NOW
Masked
418,392
High-sensitivity
2,184
Leaked
0
Sensitive entities
418K/day
masked before leaving the customer perimeter
P95 latency
38ms
including full ONNX-based detection pipeline
Detection F1
0.96
on PII-Masking-300k with ensemble mode
Deployment options
5
from managed cloud to fully air-gapped
01 · Why pseudonymization

Redaction
destroys data.

Explore the trust layer

Every other tool replaces sensitive entities with dead tokens like [PERSON] — the original information is gone forever. CloakPipe replaces them with deterministic fake entities the LLM can still reason about, then restores the real values on the way back.

Input
Original sensitive data
Other tools
Redacted — data lost
CloakPipe
Pseudonymized — utility kept
Dr. Sarah Chen
[PERSON]
Dr. PERSON_3
Amlodipine 10mg
[MEDICATION]
MEDICATION_7
s.chen@northshore.org
[EMAIL]
EMAIL_3@DOMAIN_1.org
4532 1234 5678 9012
[CREDIT_CARD]
4532 8847 2231 5104
MRN-2024-88291
[MRN]
MRN-XXXX-TOKEN_12

Format-preserving. Replacement credit cards pass the Luhn checksum. Replacement IBANs pass mod-97. Replacement emails are still emails. The model — and any downstream system that consumes its output — keeps working exactly as before.

02 · Platform

Four surfaces.
One open core.

See the full platform

The Rust proxy is the foundation — open source under Apache 2.0. The Vault, Policy, and Audit layers are the commercial platform: the part that closes enterprise deals in regulated industries.

SURFACE 01 · PROXY
CloakPipe Proxy
Rust-native reverse proxy. Intercept, detect, mask, forward, rehydrate — under 50 ms.
  • OpenAI-compatible API — change one base URL, your app keeps working
  • Streaming SSE rehydration without buffering or breaking the contract
  • Routes to OpenAI, Anthropic, Google, Bedrock, Azure, self-hosted
  • Native MCP server for agent integrations
Detection pipeline · tiered cumulative · < 50 ms p95
T1
Regex + checksum
Cards · IBAN · SSN · ABA. Luhn-validated.
< 1 ms
T2
Privacy Filter
OpenAI 1.5B on ONNX. Names, addresses, dates.
30–50 ms
T3
GLiNER2-PII
Custom entities. Multilingual. Zero-shot.
40–80 ms
T4
Ensemble
Merge across backends for maximum recall.
opt-in
SURFACE 02 · VAULT
Vault
Reversible by design. Authorized by policy.
  • AES-256-GCM at rest
  • Customer-managed keys via KMS
  • Format-preserving — cards pass Luhn
  • Per-tenant isolation
  • Automatic key rotation
Sarah Chen PERSON_3
4532·1234·… 4532·8847·…
MRN-2024-… MRN-XXXX-…
AES-256 · BYOK
SURFACE 03 · POLICY
Policy
Code, not config. Versioned in Git, enforced on every request.
  • OPA / Cedar — sub-millisecond decisions
  • Per-entity · per-provider · per-team · per-context
  • RBAC + SAML / OIDC · IdP role mapping
# mask patient data for external models - when: provider: [openai, anthropic, google] entity: [PERSON, DIAGNOSIS, MRN] action: pseudonymize
SURFACE 04 · AUDIT
Audit
Every decision logged. Compliance evidence on demand.
  • Request-level trail — masked, unmasked, by whom
  • HIPAA · GDPR · SOC 2 · PCI-DSS · EU AI Act exports
  • OpenTelemetry-native — Datadog · Grafana · Splunk
14:32:08 mask 7 entities · req_8af9c2 → gpt-5 healthcare-v3
14:32:11 rehydrate 11 chunks · 3.8 ms vault·prod
14:32:14 unmask deny role: sales · mrn cbac-v1
03 · Integrations

Drop in.
Keep everything else.

Browse all integrations

CloakPipe speaks the OpenAI API dialect and ships native middleware for the frameworks you're already using. One line of config. Zero rewrites.

★ 102K PYTHON
langchain-ai/langchain
CloakPipeRunnable middleware. Drop-in for any chain or agent. Streaming-safe.
Native middleware SHIPPED
★ 38K PYTHON
run-llama/llama_index
Query-time masking for RAG. Pseudonymize retrieved chunks before they hit the LLM.
Retrieval wrapper SHIPPED
★ 28K PYTHON
crewAIInc/crewAI
Per-agent masking context and access level. Policy enforced across the orchestration.
Agent wrapper SHIPPED
★ 18K TYPESCRIPT
langchain-ai/langgraph
Policy-aware tool wrapper. CBAC on every node transition.
Tool wrapper SHIPPED
★ 12K GO
BerriAI/litellm
Middleware in the proxy chain. Protects every downstream model with one config.
Proxy plugin BETA
★ 4.2K RUST
rohansx/cloakpipe-mcp
Native Model Context Protocol server. mask, unmask, scan tools for any MCP client.
MCP server SHIPPED
View all 14 integrations
04 · Deployment

Laptop to air-gapped.

Deployment topologies

Same Rust binary. Same detection pipeline. Same vault encryption. Pick the topology that matches your security posture.

01
Managed cloud
Hosted at cloakpipe.co. Dashboard, vault, audit logs. SOC 2 infrastructure.
SAAS
02
Docker
Single container or compose. Any Linux host. Customer-managed everything.
SINGLE BINARY
03
Kubernetes
Production Helm chart. HPA, rolling deploys, health checks.
HELM · HPA
04
VPC / private
Inside your AWS, GCP, Azure. No internet egress. Engineering-assisted.
CUSTOMER CLOUD
05
Air-gapped
Fully offline. ONNX detection locally. No network calls. No telemetry.
OFFLINE · ONNX
05 · Pricing

Open core.
Pay for the platform.

Full pricing & FAQ

The Rust proxy is free forever, Apache 2.0. You pay when you want managed hosting, policy enforcement, RBAC, and compliance evidence — the things that make CloakPipe production-ready for regulated industries.

Community
Free forever
Individual developers, OSS contributors, self-hosters.
  • Rust proxy & CLI
  • Full detection pipeline
  • Pseudonymization vault
  • MCP server
  • Streaming rehydration
Clone repo
Pro
$199/mo
Startups and small teams shipping AI features.
  • Everything in Community
  • Managed cloud hosting
  • Web dashboard & metrics
  • 250K API calls
  • Audit logs · 30 day
Start trial
Growth
$999/mo
Mid-market AI companies in regulated industries.
  • Policy engine & RBAC
  • SSO · SAML / OIDC
  • HIPAA BAA available
  • 2M API calls
  • 99.9% SLA · priority
Talk to sales
Enterprise
Custom
Healthcare, legal, finance, insurance, government.
  • Everything in Growth
  • VPC / on-prem / air-gapped
  • Customer-managed KMS
  • CBAC + custom policies
  • 99.99% SLA · TAM
Contact us
Platform
Custom embedded
AI gateways and model routers.
  • Embedded integration
  • White-label option
  • Per-request licensing
  • Co-marketing
  • Dedicated engineering
Partner

The trust layer
between your application
and AI.

Try for free Open dashboard