Frequently Asked Questions

Argon2id key derivation runs entirely in the browser/app (64MB memory, 3 iterations). AES-256-GCM encryption happens before any data leaves the device. The server never receives the plaintext password or the derived encryption key. Even a full anonym.legal server breach would yield only encrypted blobs without the keys to decrypt them. Example: A compliance officer at a German health insurer needs to process patient complaint logs using a cloud anonymization tool. GDPR Article 32 requires appropriate technical measures. The insurer's DPO will not approve any tool that transmits unencrypted PII or holds encryption keys server-side. Zero-knowledge architecture removes this blocker from the vendor assessment process entirely.

Zero-knowledge design means original text is never stored on anonym.legal servers. European data storage (Hetzner EU data centers). The tool processes anonymization logic without retaining the source documents. This removes the primary blocker for HIPAA-covered entity adoption. Example: A hospital system's IT security team is evaluating tools for clinical documentation anonymization before sharing with a research partner. The HIPAA Privacy Officer needs to demonstrate compliance under 45 CFR 164.514. anonym.legal's zero-knowledge architecture means the BAA covers a tool that provably cannot expose PHI.

Zero-knowledge architecture means a full anonym.legal server compromise provides attackers with AES-256-GCM ciphertext without the keys to decrypt it. Combined with EU-based data storage and ISO 27001 controls, this provides the strongest possible breach impact minimization. Example: A CISO at a German insurance company is reviewing their 2025 vendor risk posture after the industry-wide SaaS breach surge. They require all PII-handling vendors to demonstrate cryptographic data isolation. anonym.legal's zero-knowledge design is included in the approved vendor list specifically because a server breach cannot expose policyholder data.

Argon2id (64MB memory, 3 iterations) key derivation runs entirely in the browser/desktop client. The derived AES-256-GCM key never leaves the device. anonym.legal servers receive only encrypted ciphertext and cannot decrypt it even with full database access. 24-word BIP39 recovery phrase enables key recovery without server involvement. Example: A CISO at a German health insurer evaluating anonymization tools for GDPR compliance. Their procurement checklist requires proof that the vendor cannot access patient data. anonym.legal's zero-knowledge architecture satisfies Article 25 (Privacy by Design) and allows the CISO to tell the DPA: "even if the vendor is breached, our data is cryptographically inaccessible."

Zero-knowledge authentication with open architecture documentation. The 24-word BIP39 recovery phrase is the only way to restore access, meaning even anonym.legal staff cannot reset accounts or access user data. Session management with remote logout prevents persistent access after device loss. Example: A CISO at a 500-person law firm is reviewing vendor security after their password manager vendor suffered a breach. They need to demonstrate to their malpractice insurer that all tools handling client data use verified zero-knowledge architecture. anonym.legal's client-side encryption approach allows the CISO to demonstrate that even a complete server compromise would not expose client communication data.

Zero-knowledge authentication + ISO 27001 certification provides the strongest possible answer to VSQ encryption questions. anonym.legal can truthfully state that server compromise yields no usable plaintext data. Example: A Fortune 500 financial services company is adding anonym.legal to their approved vendor list. Their vendor risk team sends a 150-question security questionnaire. The zero-knowledge architecture allows the anonym.legal team to answer encryption, key management, and data access questions definitively, shortening the approval cycle from months to weeks.

ISO 27001 certification provides the baseline framework. Zero-knowledge architecture documentation answers the specific question of server-side data access. DPIA completion satisfies GDPR Article 35 requirements. The combination dramatically shortens procurement cycles for regulated industries. Example: A procurement officer at a Fortune 500 financial services firm needs to onboard an anonymization tool for their data science team within Q4. anonym.legal's ISO 27001 certificate + zero-knowledge architecture documentation + completed security questionnaire template allows the CISO to approve the vendor without a full custom assessment — saving 6-8 weeks.

MCP Server intercepts all prompts sent to Claude Desktop and Cursor before they reach the AI model. API keys, connection strings, and credentials are detected (custom entity patterns support proprietary secret formats) and anonymized/redacted before transmission. The developer's workflow is unchanged — the protection is transparent. Example: A software development team at a fintech company uses Cursor IDE with Claude for code review and debugging. Their security team discovered three instances of database credentials in Claude conversation history over one quarter. Installing anonym.legal's MCP Server on developer workstations provides automatic credential scrubbing before every prompt, without requiring developers to change how they work.

MCP Server anonymizes client names, company names, deal terms, and financial figures before they reach Claude. The AI processes anonymized versions and produces output with placeholders. With reversible encryption enabled, anonym.legal automatically de-anonymizes the AI's output — the lawyer sees the original names restored in the AI response. Example: A mid-size law firm's M&A practice group uses Claude for first-pass contract review. Client names ("TechCorp acquiring MegaStartup for $450M") are replaced with tokens ("CompanyA acquiring CompanyB for $[AMOUNT]M") before Claude processes them. Claude's redlined contract comes back with the original names restored. Attorney-client privilege is preserved; AI productivity is maintained.

MCP Server acts as a transparent proxy between AI tools and the AI model. Sensitive data (source code secrets, customer PII, financial figures) is anonymized before reaching the AI. Employees continue using Claude Desktop and Cursor normally. Security teams have the control they need without productivity sacrifice. Example: A semiconductor manufacturer's security team wants to allow AI coding assistants after their competitor's Samsung-style ban hurt developer morale and productivity. They deploy anonym.legal's MCP Server on all developer workstations. Source code snippets are automatically scrubbed of credentials and proprietary algorithm identifiers before reaching Claude. AI productivity is enabled; IP protection is maintained.

Chrome Extension intercepts clipboard content before it reaches ChatGPT's input field. MCP Server intercepts at the model layer for Claude/Cursor. Both provide real-time detection with a preview modal before submission — employees see what will be anonymized and can proceed with protected data or cancel. No training required; the tool catches what employees miss. Example: A federal agency grants FOIA processing team access to ChatGPT for summarization tasks. Policy prohibits including claimant PII. The Chrome Extension intercepts any paste containing names, addresses, or SSNs and anonymizes them before they appear in the ChatGPT input field. Contractors can use AI for efficiency without accidental PII exposure.

Chrome Extension installs in minutes and immediately intercepts PII before it reaches ChatGPT, Claude.ai, and Gemini. No DLP configuration required. MCP Server for Claude Desktop and Cursor requires minimal setup. Both tools work without network-level changes, making them deployable on individual workstations or enterprise-wide via policy. Example: A 200-person professional services firm learns from industry news that 83% of organizations lack AI controls. Their CISO wants to implement controls within 30 days without a major IT project. anonym.legal Chrome Extension is deployed to all workstations via Chrome Enterprise policy in one afternoon. The MCP Server is installed for the development team. Full AI PII protection deployed in hours, not months.

The MCP Server on port 3100 acts as a transparent proxy. All text passed to Claude Desktop or Cursor through the MCP protocol is filtered for PII before reaching the AI model. Developers configure once; protection is automatic. All 5 anonymization methods are available — developers can use reversible encryption to pseudonymize code identifiers (e.g., customer IDs in database queries) and decrypt AI responses automatically. Example: A senior developer at a healthcare SaaS company using Cursor to write database migration scripts. The scripts contain patient record IDs, database connection strings, and proprietary data models. The MCP Server intercepts the prompt, replaces sensitive identifiers with encrypted tokens (using reversible encryption), and sends the clean prompt to Claude. The AI response arrives with tokens; the MCP Server auto-decrypts to restore original context. Developer productivity is preserved; PHI never reaches Anthropic's servers.

The MCP Server provides exactly this technical control layer. It sits between the user's AI tool and the AI model API. All prompts pass through the anonymization engine; sensitive data is replaced/encrypted before transmission. Security teams get audit trails. Developers get AI productivity. The reversible encryption option means responses from the AI can reference the pseudonymized data and be automatically decrypted for the developer's view. Example: The CISO at a German automotive manufacturer needs to enable AI coding assistance for 500 developers while complying with GDPR and protecting trade secrets (proprietary manufacturing algorithms in the codebase). The MCP Server deployment filters all prompts through anonym.legal's engine before they reach Claude/Cursor APIs. Security team approves; developers keep AI access; IP stays protected.

Desktop App built on Tauri 2.0 + Rust processes everything locally. After initial installation, no internet connection is required. All NLP models are embedded. The encrypted local vault stores configuration and presets. No data leaves the device at any point. Available on Windows, macOS, and Linux. Example: A defense contractor processing ITAR-controlled technical documents needs to anonymize them before sharing with a foreign partner under a license exception. All processing must occur on cleared workstations with no internet access. anonym.legal's Desktop App is installed on the air-gapped workstations, processes the documents locally, and produces ITAR-compliant anonymized outputs without any network connectivity.

Desktop App processes all data locally. Nothing leaves the device. For organizations that also need cloud features, anonym.legal's web platform uses EU-based Hetzner data centers with zero-knowledge architecture. The Desktop App serves organizations with the strictest local-only requirements. Example: A German federal government agency must anonymize citizen complaint data before sharing with an external research institute. BfDI guidance prohibits processing on non-government infrastructure. anonym.legal's Desktop App runs on agency workstations — all processing is local, no data traverses external networks, and the audit log is maintained in the local encrypted vault.

Desktop App provides cloud-quality anonymization (Presidio-based NLP with 48 languages and 260+ entity types) in a locally-installed application. No cloud connectivity required. Healthcare-specific entity types (MRN, NPI, DEA, health plan IDs) included. All 18 HIPAA Safe Harbor identifiers supported. Example: A mid-size regional hospital's clinical informatics team wants to create a research-ready dataset from their EHR. The CISO refuses to approve cloud processing of PHI. anonym.legal Desktop App is deployed on clinical informatics workstations. The team processes de-identified notes locally with the same accuracy as cloud tools, satisfying both security requirements and research quality requirements.

Desktop App batch processing supports 1-5,000 files per batch depending on plan. Parallel execution (1-5 concurrent files) for throughput. Mixed format support in a single batch. ZIP packaging for processed files. CSV/JSON export with processing metadata. Progress tracking and error handling. Example: A clinical research organization is building a de-identified dataset from 50,000 patient consultation notes. The hospital's IRB requires that processing occur on-site. anonym.legal's Desktop App processes the notes in 10 batches of 5,000, running overnight. The next morning, 50,000 de-identified files and a processing metadata log are ready for transfer to the research team.

Desktop App works completely offline after installation. Finance-specific entity types (IBAN, SWIFT, BIC, account numbers, routing numbers, cryptocurrency addresses) are pre-built. Batch processing handles volume. Encrypted local vault stores configurations and presets securely on-device. Example: A proprietary trading firm's compliance team must submit anonymized trade reports to a financial regulator. Reports contain client account numbers, trader names, and position sizes. All workstations have external internet blocked. anonym.legal's Desktop App processes reports locally, replaces client IDs with tokens, and produces regulator-ready outputs without external connectivity.

The Tauri 2.0-based Desktop Application runs entirely offline after download. No network calls are made during processing. The local encrypted vault (AES-256-GCM + Argon2id) stores configurations and encryption keys without cloud sync. Batch processing supports 1-5,000 files depending on plan tier. All processing occurs on local hardware — no data ever leaves the device. Example: A data scientist at a defense contractor needs to de-identify personnel records before sharing with a FOIA-requesting journalist. The contractor's network is air-gapped under ITAR requirements. anonym.legal's Desktop App runs on the air-gapped machine, processes the DOCX files in batch, and produces redacted documents — all without any external network communication.

The Desktop Application architecture (Tauri 2.0 + Rust) has been independently verified to make no network calls during document processing. The local vault stores all configuration and keys. Processing the Presidio sidecar runs entirely on the local machine. This architecture can be verified by network monitoring tools during security assessment. Example: A compliance officer at a Swiss private bank needs to anonymize client correspondence before sharing with an external auditor. Swiss banking secrecy law (Article 47 Banking Act) prohibits disclosure of client information to unauthorized parties, including cloud service providers not covered by explicit consent. anonym.legal's Desktop Application processes the correspondence locally, producing anonymized documents that can be safely shared with the auditor without triggering banking secrecy obligations.

Chrome Extension intercepts clipboard content before it appears in ChatGPT, Claude.ai, or Gemini input fields. Real-time PII detection with a preview modal shows employees exactly what will be anonymized before they submit. Employees continue their workflow — the protection is automatic and requires no behavior change. Example: A customer support team at a European e-commerce company uses ChatGPT to draft responses. Agents regularly paste customer names, order numbers, and addresses into prompts. anonym.legal Chrome Extension anonymizes this data before it reaches ChatGPT. Agents see tokenized placeholders in their prompts and ChatGPT's responses are de-anonymized automatically. Customer service quality is maintained; GDPR Article 5 data minimization is satisfied.

anonym.legal Chrome Extension processes everything locally — no data is sent to a C2 server or any third party during PII detection. Extension is published by the verified anonym.legal publisher. Zero-knowledge architecture means even anonym.legal cannot access the PII that passes through the extension. ISO 27001 certification provides independent security verification. Example: A privacy-conscious enterprise IT team wants to deploy AI PII protection for their workforce but is concerned about the malicious extension risk after the 900K-user incident. anonym.legal's verified publisher identity, local processing architecture, and ISO 27001 certification provide the assurance needed to add the extension to the corporate approved list.

Chrome Extension intercepts customer data before it reaches ChatGPT. Customer names are replaced with tokens (e.g., "[CUSTOMER_1]"), order numbers with "[ORDER_1]". ChatGPT processes anonymized context and produces a response using tokens. The extension's auto-decrypt feature restores real names in the AI response. Agents see real names; ChatGPT never processes them. Example: A French e-commerce company's 50-person support team uses ChatGPT for response drafting. The DPO is concerned about GDPR compliance. anonym.legal Chrome Extension anonymizes all customer PII before ChatGPT submission and automatically de-anonymizes the AI's draft responses. GDPR Article 5 data minimization is satisfied — ChatGPT receives no real customer identifiers. The DPO approves continued AI use.

The Chrome Extension v1.0.141 operates as a Manifest V3 extension with pre-submission interception. It detects PII in the input field using the same Presidio-based engine as all other anonym.legal platforms. A preview modal shows detected entities and the proposed anonymization before the message is sent. The user can proceed in one click. For encrypted mode, the AI response is automatically decrypted to restore context in the user's view. Example: A customer support team lead at a German e-commerce company uses ChatGPT to draft email responses to customer complaints. The workflow: copy customer complaint (contains name, order number, address) → paste into ChatGPT → generate response draft → send. The Chrome Extension intercepts at the paste step, shows that "Maria Müller, Hauptstraße 15, 10115 Berlin" was detected, replaces with "Customer_A, [ADDRESS_1]", sends the anonymized prompt to ChatGPT, and presents the response. GDPR compliance is maintained; workflow is unchanged.

The Chrome Extension processes PII detection locally using the same Presidio-based engine. The anonymization occurs client-side before the modified prompt is submitted to the AI service. No intercepted conversation content is transmitted to anonym.legal servers. The extension's data flow is: intercept prompt → detect PII locally → anonymize locally → submit anonymized prompt to AI. This is architecturally distinct from extensions that "protect" by routing through their own proxy servers.

Chrome Extension intercepts developer-pasted content before submission to Claude.ai. Custom entity patterns for developer-specific secrets (API key formats, connection string patterns, JWT tokens) complement the built-in entity library. The preview modal shows developers exactly what will be anonymized before submission, creating an educational feedback loop. Example: A development team at a SaaS company has the MCP Server deployed for Cursor but developers also use Claude.ai in the browser for design discussions and code review. The Chrome Extension fills the gap — intercepting API keys and connection strings that appear in browser-pasted content. The two-tool deployment covers both IDE and browser AI use cases.

Chrome Extension detects and anonymizes healthcare-specific PHI (patient names, DOBs, MRNs, health plan IDs, addresses) in real time before clinical case text reaches ChatGPT or Claude.ai. Physicians can paste clinical notes directly — the extension handles HIPAA-required de-identification automatically. Example: A medical school's internal medicine teaching program uses Claude.ai for case-based learning discussions. Faculty members paste de-identified case summaries into Claude, but manual de-identification occasionally misses details. anonym.legal Chrome Extension provides automatic PHI detection as a safety net — catching missed identifiers before they reach Claude. HIPAA compliance is maintained with minimal workflow friction.

ISO 27001 certified with 114 security controls. The certification allows enterprise customers to submit the certificate to their procurement team and bypass most of the 100-200 question custom questionnaire. Procurement cycles measured in weeks, not months. Example: A major German bank's vendor risk team receives an application to add anonym.legal to their approved vendor list. The vendor risk process normally takes 4-6 months for non-certified vendors. anonym.legal's ISO 27001 certificate allows the bank to map the certification to their internal control requirements, reducing the assessment to 3 weeks. The bank's CISO approves the tool in time for the Q1 compliance project deadline.

By choosing anonym.legal (ISO 27001 certified), enterprise customers' security teams can satisfy their vendor assessment requirements without extensive custom questionnaire completion. The certification is the evidence package. This is particularly relevant for anonym.legal's enterprise customers who themselves use anonym.legal for PII processing. Example: A legal tech startup using anonym.legal faces enterprise customers asking "what security certifications does your PII vendor have?" anonym.legal's ISO 27001 certificate is included in the startup's vendor security documentation pack, satisfying the enterprise customer's third-party risk requirement without the startup needing to conduct their own PII tool security assessment.

ISO 27001 certification covers 114 security controls across 14 domains — addressing administrative, physical, and technical safeguard requirements that satisfy HIPAA's BAA evidentiary requirement. anonym.legal can provide the certification and control mapping to HIPAA requirements. Example: A large regional health system's compliance office is renewing vendor assessments. anonym.legal is a business associate processing PHI for de-identification. The compliance office requests evidence of "appropriate safeguards" per the existing BAA. anonym.legal provides the ISO 27001 certificate and control summary. The compliance office maps ISO controls to HIPAA 164.308-316 and documents the satisfactory assurances in the BAA file — satisfying OCR audit requirements.

ISO 27001 annual surveillance audits maintain certification currency. DORA-relevant financial institution customers can reference the current ISO 27001 certificate in their annual ICT vendor register as evidence of ongoing security controls. The certification's surveillance structure satisfies DORA's continuous oversight requirements. Example: A Dutch bank subject to DORA must maintain an ICT register with annual security evidence for all material vendors. anonym.legal is a material ICT vendor providing PII anonymization. The bank's third-party risk team pulls anonym.legal's current ISO 27001 certificate annually. No custom assessment required — the certificate satisfies DORA Article 28's due diligence requirements. The bank saves 60 hours of assessment time per year.

ISO 27001 certification satisfies most non-US-federal government procurement security requirements globally. For EU government contracts, ISO 27001 is typically the required standard. For UK government, Cyber Essentials and ISO 27001 are recognized. anonym.legal's EU data residency additionally satisfies data sovereignty requirements for EU government bodies. Example: A UK government agency's digital transformation program requires all vendors to hold ISO 27001. anonym.legal's certification satisfies the procurement requirement. The agency can approve anonym.legal for their document anonymization project without requiring a lengthy security assessment.

ISO 27001 certification covers all 114 controls across 14 domains. TLS 1.2/1.3 in transit. AES-256-GCM at rest. CSP headers. Regular third-party audits. This documentation package satisfies enterprise procurement requirements and accelerates sales cycles at regulated enterprises.

The text-in-image detection feature integrates OCR with NLP in a single processing pipeline. Image-based PDFs and image files (PNG, JPG) containing scanned text are processed through OCR to extract text, then through the full 260+ entity NLP pipeline for PII detection. The anonymized output is the extracted text with PII replaced, redacted, or encrypted. Batch processing handles large legacy document archives. Example: A law firm undertaking a GDPR data audit discovers 80,000 image-based PDF client contracts scanned between 1998-2010. Standard PII tools return zero detections. Using anonym.legal's text-in-image processing, the firm processes the archive in batches of 5,000. OCR extracts text from each image-PDF, NLP detects client names, addresses, ID numbers, and financial references, and the anonymized text output enables the firm to fulfill right-to-erasure requests for the historical archive. Previously impossible compliance obligation fulfilled.

Image PII detection processes PNG and JPG screenshots, applying OCR to extract visible text and NLP to detect PII entities in the extracted text. The anonymized output reports which entities were found in the screenshot content. Users can clean screenshots before sharing them internally or with external parties. Particularly useful for Jira/ServiceNow ticket documentation, internal wiki screenshots, and contractor-facing technical documentation. Example: A SaaS company's IT help desk creates Jira tickets with screenshots of user account problems. Screenshots contain user email addresses, subscription details, and billing information. After a GDPR review found that screenshots in Jira were accessible to all 200 engineering staff (including contractors without DPAs), the company implemented anonym.legal image scanning as a pre-sharing step. Support agents scan screenshots before attaching to tickets; PII-detected screenshots go through a quick anonymization review. Internal PII exposure

Text-in-image processing includes OCR for both printed and handwritten text extraction. For handwritten forms, OCR extracts the text content, NLP detects PII entities, and the anonymization is applied to the extracted text output. Quality depends on OCR accuracy for handwriting (an inherent technical limitation), but for reasonably legible handwriting, the integrated pipeline provides practical automation for high-volume form processing at fixed subscription cost. Example: A regional health insurance provider processes 3,000 handwritten claim forms per month. Manual PII redaction for audit purposes requires 0.5 FTE (20 hours/week). anonym.legal's image PII processing reduces manual review to exception handling for low-OCR-confidence forms — approximately 15% of volume. Manual review drops to 3 hours/week. Annual labor saving: approximately €24,000. Annual anonym.legal Professional plan: €180. ROI: 133x.

Image text detection processes photographs of whiteboards and physical documents, applying OCR to extract visible text and NLP to detect entities. Users can upload whiteboard photos before sharing them in collaboration tools to get a PII assessment. The output identifies any detected PII entities in the image's text content, enabling users to either anonymize the sharing (describe what's on the whiteboard without the specific PII) or limit sharing scope appropriately. Example: A management consulting firm's engagement team photographs client strategy session whiteboards to share with remote team members. After a client raised concerns about their company data appearing in the consulting firm's Slack channels, the firm implemented an anonym.legal image review step for all whiteboard shares. Images are processed before posting; images containing client names or financial figures trigger a review step. One month post-implementation, the client concern was formally resolved with a document

Image text detection processes screenshots embedded in research documents, extracting text from images in the manuscript and applying PII detection. Researchers can process their draft documents before submission; journal editors can screen final manuscripts before publication. The pipeline identifies which images contain detectable PII entities, enabling targeted replacement of problematic screenshots with properly anonymized sample data before the privacy violation becomes permanent. Example: A data science research group at a European university implements anonym.legal image PII screening as part of their manuscript submission workflow. All draft papers are processed for image PII before submission to journals. In the first 6 months, 7 of 23 submitted manuscripts had at least one image containing PII entities (typically names or IDs in data sample screenshots). All 7 were corrected before submission. The institution's research ethics committee uses this workflow as evidence of appro

The text-based image PII detection service identifies PII in text-format images — screenshots where text was rendered at sufficient resolution to be machine-readable. This covers the most common support workflow screenshot format (UI screenshots at standard screen resolution). Detected text PII is flagged for review or masked in-place.