Governed model boundary

Demo in development

Industrial AI privacy layer

AI data privacy and PII masking for industrial teams.

sanitai is an AI gateway for industrial workflows. It masks personal data and sensitive business identifiers before model calls, enforces governance policy, supports secure RAG, and restores context locally when policy allows it. The public playground demo is live, supports French and English only, and is still in development.

Try the live demo Read the policy model

Mini map

Mermaid-style playground flow

Live but not perfect

graph LR

Raw text--> sanitizeSanitAI demo--> streamSafe output

`-->`Entity summary

Public demo in development. It currently supports French and English only, and some parts are still being refined.

4 tiers

clear dispositions before any model call

0 raw

protected identifiers in provider payloads

<20ms

local policy and masking budget

Live demo in development

Paste your text. Watch the safe version appear live.

This is no longer a developer console. Visitors can test SanitAI with their own text, run a real sanitization request, and watch the protected output stream in before copying or reviewing it. This public demo is still being refined and currently supports French and English only.

Checking APIRoute: /v1/sanitizeMode: Free textLanguages: French + English onlyStatus: Demo in development

Your text

Source text

222 chars

Cmd/Ctrl + Enter to run.

Paste

Detect

Stream

Review

Safe output

Sanitized output

Waiting

Ready to transform your text

The protected version appears here, token by token, as soon as you start the sanitization flow.

Detection summary

What SanitAI found

mentions: 0entities: 0risk: pending

No entity inventory yet. Run sanitization to inspect the detected placeholders.

This experience focuses on the transformation itself. The output represents what can cross the trust boundary without exposing raw values.

Policy matrix

Four clear dispositions for every request.

sanitai does not treat every model call the same. Each prompt or document is classified into one of four operating modes before it can cross the boundary.

Green

Direct provider use

ALLOW

Direct provider use

Content with no protected personal, business, or industrial identifiers. It can be sent to an approved provider without placeholder substitution.

Public product documentation
Generic support instructions
Non-identifying business reporting

Orange

Mask before dispatch

MASK

Mask before dispatch

Content whose sensitivity is carried by identifiers rather than by the procedure itself. Protected values are replaced locally with deterministic placeholders before dispatch.

Supplier contact records and account ownership
Purchase approvals with order references
Part, lot, and supplier mapping documents

Local Only

Keep inside the boundary

LOCAL

Keep inside the boundary

Content that may still benefit from AI assistance but should remain inside the company boundary. Use local models or reviewer workflows only.

Engineering notes with partial process detail
Assembly review material
Quality investigations that should remain internal

Red

Stop and review locally

BLOCK

Block and review locally

Content where the secret is the method, formula, tolerance logic, or operational know-how itself. It must not be sent to an external model.

Manufacturing procedures with exact steps
Formulas, recipes, and blend ratios
Calibration settings and critical tolerance tables

Policy is not a slide. It is an execution path.

The same four-tier model drives masking, dispatch, validation, and rehydration decisions across the product.

Discuss your policy model

Core capabilities

Useful outputs without uncontrolled exposure.

sanitai stays practical because governance and product utility are designed together. The system protects identifiers without turning AI adoption into a manual process.

Policy decisioning

Every prompt, document, and provider response is evaluated against an explicit policy model before a model call is allowed. sanitai decides whether content can be sent as-is, masked first, kept local, or blocked entirely.

Deterministic detection for industrial and business identifiers
Fail-closed handling for ambiguous or high-risk content
Auditable outbound checks before every provider call

Sanitized retrieval

Documents are sanitized before ingestion so the retrieval layer never indexes raw protected identifiers. Query linking and local rehydration keep answers usable without widening the trust boundary.

Placeholder registry created before indexing and retrieval
Queries can still resolve supplier, part, and lot references
Responses are validated before local rehydration

Operator review lab

Operators can replay traces, inspect provider behavior, and test policies in a controlled environment without turning internal experiments into a production-facing surface.

Trace replay for provider behavior and policy review
Operator-owned workflows for experiments and demonstrations
Separated from production traffic and enterprise request handling

Private alpha

Request early access

We are working with a small set of industrial teams that need AI assistance without letting supplier, quality, or engineering identifiers leak outside their control plane.

Gateway runtimePolicy engineAudit trailSDK surfaceAdmin consoleDeployment profiles

Or write directly to hello@sanitai.io

Direct response

You will talk to the team building the product, not a generic form pipeline.

Small cohort

We onboard a limited number of teams so feedback can influence the roadmap.

Practical feedback

Conversations focus on real documents, real policy constraints, and deployment conditions.