Cypherz.
Start free

AI privacy infrastructure · Now in early access

Send AI everything.Just not your customers.

Cypherz sits between your application and any AI API — OpenAI, Anthropic, Google, or your own model. Sensitive fields are tokenized on the way out and restored on the way back. The model sees structure, never substance.

Start freeSee it in motion
cypherz.proxy
livePOST /v1/proxy/openai

Your application

Plain request, real data

messages[0].content
01

Detected sensitive fields

Waiting for input…

What the AI sees

Tokenized — no real data leaves

forwarded to gpt-4o
— awaiting input —

Round-trip status

  1. Detecting PII
  2. Forwarding to AI
  3. Receiving response
  4. Restoring real values
tokenizedetokenize

Built for teams handling regulated, sensitive data

Northbound CRM
Aurora Health
Lumen Finance
Helix Legal
Mosaic AI
Beacon Labs
Stratagem
Forge & Co
Saltworks
Vermillion
Northbound CRM
Aurora Health
Lumen Finance
Helix Legal
Mosaic AI
Beacon Labs
Stratagem
Forge & Co
Saltworks
Vermillion

The problem

Every AI call is a data exfil event waiting to happen.

Models retain. Logs leak. Vendors get breached. Your customers don't care which AI you chose — they care that their email ended up in training data. Cypherz makes that physically impossible.

76%

of enterprises have blocked or restricted an AI tool over data leakage concerns

Gartner, 2025

11.2x

average exposure factor of PII in vendor logs vs first-party stores

Verizon DBIR

$4.88M

average cost of a data breach involving third-party AI processors

IBM Cost of a Data Breach

How it works

A four-stage pipeline.
Three of the stages aren't your problem.

01

Intercept

Your app calls Cypherz with the same payload you'd send to the AI provider.

POST /v1/proxy/openai
authorization: Bearer cyph_…
02

Tokenize

Detectors swap PII for deterministic surrogates. Mapping persists encrypted, scoped to your project.

"Email <EMAIL_a1b2c3>
 call <PHONE_d4e5f6>"
03

Forward

We sign and forward to the upstream provider with your key. Cypherz never logs plaintext.

→ api.openai.com
  /v1/chat/completions
04

Restore

Tokens in the response are replaced with the real values, inside your trust boundary.

"Sent to john@acme.com,
 called +1 415 555 0142"

Drop-in

Two lines of code.
Any AI. Any stack.

Swap your AI client's import line for our drop-in. The rest of your code is unchanged — we keep the same method signatures so nothing else has to move.

  • Proxy mode — no client changes, swap baseURL
  • SDK mode — drop-in for OpenAI, Anthropic, Google clients
  • Local mode — tokenize without ever hitting our servers
import { OpenAI } from "@cypherz/sdk/openai";

const client = new OpenAI({ cypherzKey: process.env.CYPHERZ_KEY });

const resp = await client.chat.completions.create({
  model: "gpt-4o",
  messages: [
    { role: "user", content: "Email john@acme.com a quote." },
  ],
});
//  ↳ The model sees:  "Email <EMAIL_a1b2c3d4e5f6> a quote."
//  ↳ You receive:     "Email john@acme.com a quote."
OpenAI
Anthropic
Google
Mistral
Cohere
Custom

Built for production

The stuff that turns a demo into
infrastructure.

Envelope encryption

AES-256-GCM with per-project data-encryption keys, wrapped under a single master key. Plaintext never persists on disk.

Deterministic tokens

Same input maps to the same token within a project — joins, dedupe, and analytics all keep working on tokenized data.

Custom detectors

Built-in detectors for email, phone, IP, SSN, credit card. Add your own regex or schema-aware rules per project.

First-class audit trail

Every tokenize, detokenize, and proxy call is logged with structured metadata. Export to your SIEM in one query.

Bring-your-own keys

Store provider keys with us encrypted at rest, or let Cypherz provision them so your developers never touch a key.

Self-host or hosted

Run the entire stack in your VPC with one docker-compose, or use our managed cloud. Same binaries, same guarantees.

Honest comparison

We're not magic.
We're just the right shape.

ApproachSetupCoverageRestorableAudit trail
No protection0%
Regex string-replaceHours~40%ManualRoll your own
DIY redaction serviceWeeksVariableOften lossyDIY
CypherzMinutesBuilt-in + customDeterministicFirst-class

Pricing

Pay for traffic, not for seats.

Developer

Free

Self-hosted or up to 25k requests on us.

  • Unlimited projects
  • All built-in detectors
  • TypeScript SDK
  • Community support
Start free
Most popular

Team

$249/mo

For startups shipping AI features into prod.

  • 1M requests / month included
  • Audit log retention 90 days
  • Custom detectors
  • Email + Slack support
  • SOC2 report
Start trial

Enterprise

Custom

Self-hosted, BYO HSM, dedicated SLA.

  • Self-hosted in your VPC
  • Bring-your-own KMS / HSM
  • SSO, SCIM, role-based access
  • Dedicated SLA
  • DPA, BAA available
Talk to us

Get started

Ship AI features without shipping your customers' data.

Sign up, create a project, copy your API key. The first request is tokenized in under sixty seconds.

Start freeI already have an account