California, United States · CCPA / CPRA
The CCPA (now amended by the CPRA) doesn't ban AI processing of personal information, but it does require disclosure, opt-out mechanisms, and data minimization. Tokenization is the cleanest minimization technique — by the time a request reaches OpenAI or Anthropic, the personal information is gone.
01
SSN, financial account, geolocation, government ID detectors all included.
02
Each project has its own provider key and detector config — easy to map to a CCPA disclosure.
• Right to know — Consumers can ask what PI you've shared with third parties. With Cypherz, the answer for AI vendors is 'none, only tokenized surrogates.'
• Right to delete — Delete the project vault key and every tokenization mapping becomes unrecoverable.
• Sensitive PI restrictions — SSN, financial info, precise geolocation — Cypherz has built-in detectors for each.
• Built-in CCPA-classed detectors — SSN, financial account, geolocation, government ID detectors all included.
• Subprocessor isolation — Each project has its own provider key and detector config — easy to map to a CCPA disclosure.
Legal advice is between you and counsel. Cypherz provides infrastructure controls only.
Common questions
No tool can — compliance is a posture across people, process, and technology. Cypherz handles a critical technical layer (pseudonymization, encryption, audit logging) but you still need policy, training, and assessment.
EU (Hetzner — Helsinki and Falkenstein) by default for the managed product. Self-host anywhere with one docker-compose command if your compliance posture requires it.
Yes — Business and Enterprise tiers include DPAs and BAAs. We're working through SOC 2 Type II audit; ask for our latest report.
Yes — every action is logged with structured metadata, exportable via the API. Common formats supported for SIEM ingestion.
Get started
Sign up free. Create a project. The audit trail starts logging from request one.