KI-Shield detects personal data automatically using ML models, replaces them with pseudonyms and encrypts everything with AES-256-GCM. What is stored cannot be read by anyone – not even us.
API + Web Chat • 42 PII categories • 6 AI providers • Made in Germany
Every message automatically passes through three stages – without your team having to do anything.
Our language model detects 42 categories of personal data – names, IBAN, diagnoses, addresses, phone numbers and more.
"Max Mueller" becomes PERSON_001, an IBAN becomes IBAN_001. The AI provider never sees real data – but responds contextually correct.
Everything stored – messages, mapping tables, titles – is encrypted with AES-256-GCM. Key derived from your password (Argon2id).
All messages, mapping tables and conversation titles are encrypted with AES-256-GCM. The key is derived from your password (Argon2id). Without your password or your recovery key, decryption is not feasible with current technology.
We store no passwords, no keys, no plaintext data. The operator has no technical ability to decrypt your stored data. This is not a matter of trust – it is cryptographic design.
In case of government access to the server, one finds: encrypted ciphertexts and pseudonymized conversations. No plaintext data, no mappings, no readable content.
Even if someone could break the encryption (which is not possible with AES-256-GCM): they would find pseudonymized texts. "PERSON_001 has HEALTH_003" – worthless without the encrypted mapping table.
KI-Shield sits between you and the AI provider. Your team works as usual – protection happens automatically.
Our language model detects 42 PII categories – including rare names, compound diagnoses and context-dependent data that simple word lists miss.
Change one line of code – your existing applications are instantly protected. Drop-in replacement for any app that currently uses the OpenAI API.
OpenAI, Anthropic, Google, Groq, Mistral, DeepSeek – all through one interface. Switch providers without changing code.
Complete audit log, PII statistics, user management. Provable at any time for data protection officers and auditors.
For users who want maximum control: In Browser ZK Mode, PII detection, pseudonymization and encryption run additionally in the browser – before data even reaches the server.
gcm$ + Base64(nonce + ciphertext + tag)base_url = "https://ki-shield.eu/api/v1"cap_drop: ALLIt means: Everything that is stored is encrypted – and only you have the key. Messages, mapping tables, conversation titles. Neither the operator nor an attacker nor an authority can decrypt this data. The key exists only in your head (your password) or in your recovery key.
Because you would send personal data directly to servers in the USA. No audit log, no evidence, no protection. KI-Shield pseudonymizes automatically – the AI provider never sees real data, and you have a complete compliance dashboard.
Yes. KI-Shield is a Drop-in-Replacement for the OpenAI API. Change the base URL to ki-shield.eu/api/v1 – done. Works with Python, JavaScript, Go, any language with an HTTP client. Streaming is supported.
An additional option in the web chat. PII detection, pseudonymization and encryption run additionally in your browser before data is even sent. For users who want maximum control. Requires your own API key (BYOK).
An authority would find: encrypted ciphertexts, pseudonymized conversations, hashed passwords. No plaintext data. Without the respective user password or recovery key, decryption is not possible – not even for us as the operator.
ML-based PII detection, automatic pseudonymization, AES-256-GCM encryption. One API – all AI providers – your data protected.