NEXr Data Safe

Overview

NEXr Data Safe is a comprehensive data privacy and protection service that safeguards sensitive information when interacting with Large Language Models (LLMs) and AI services. It automatically detects, anonymizes, and de-anonymizes personally identifiable information (PII) and sensitive data, ensuring your confidential information never leaves your control while still leveraging the power of AI.

Why NEXr Data Safe?

The AI Data Privacy Challenge

• PII Exposure: Sensitive data sent to external LLM APIs
• Compliance Risk: GDPR, HIPAA, SOC 2 violations from data leakage
• Data Sovereignty: Loss of control over confidential information
• Audit Trail: Difficult to track what data was shared with AI models
• Third-Party Risk: Trusting external providers with sensitive data
• Irreversible Leaks: Once data is sent, it cannot be retrieved

The NEXr Data Safe Solution

• Automatic PII Detection: AI-powered identification of 50+ PII types
• Real-Time Anonymization: Replace sensitive data before LLM processing
• Seamless De-anonymization: Restore original data in responses
• Zero Data Leakage: Sensitive data never reaches external LLMs
• Full Compliance: GDPR, HIPAA, CCPA, SOC 2 ready
• Complete Audit Trail: Track every data transformation

Core Capabilities

NEXr Data Safe provides comprehensive data protection:

How It Works

Data Protection Flow

Example Workflow

Original Request:

User: "My name is John Smith, SSN 123-45-6789, email john@example.com.
I need help with my account number AC-9876543."

After Anonymization (sent to LLM):

User: "My name is [PERSON_1], SSN [SSN_1], email [EMAIL_1].
I need help with my account number [ACCOUNT_1]."

LLM Response (with tokens):

Assistant: "Hello [PERSON_1]! I can help you with account [ACCOUNT_1].
I'll send a verification code to [EMAIL_1]."

After De-anonymization (returned to user):

Assistant: "Hello John Smith! I can help you with account AC-9876543.
I'll send a verification code to john@example.com."

Supported PII Types

Personal Identifiers

Financial Information

Healthcare Information (HIPAA)

• Medical Record Numbers: Patient identifiers
• Health Insurance Numbers: Policy and member IDs
• Prescription Numbers: Medication identifiers
• Patient Names & DOB: Protected health information
• Diagnosis Codes: ICD-10 codes
• Treatment Information: Medical procedures

Authentication & Security

• Passwords: User passwords and PINs
• API Keys: Service API keys and tokens
• Access Tokens: OAuth and JWT tokens
• Secret Keys: Encryption and signing keys
• SSH Keys: Public and private SSH keys
• Certificates: SSL/TLS certificates

Business Sensitive

• Account Numbers: Customer and vendor accounts
• Contract IDs: Agreement identifiers
• Confidential Data: Trade secrets, proprietary info
• Employee Records: HR information
• Salary Information: Compensation details

Key Features

1. Intelligent PII Detection

Advanced AI-powered detection:

• Context-Aware Detection: Understands data in context
• Multi-Language Support: Detect PII in 100+ languages
• Custom Entity Types: Define organization-specific sensitive data
• Regex Patterns: Use custom patterns for detection
• Machine Learning: Continuous improvement from usage

2. Secure Tokenization

Industry-standard anonymization:

• Format-Preserving Tokens: Maintain data structure
• Reversible Encryption: Secure de-anonymization
• Token Consistency: Same PII → Same token within session
• No Collision: Unique tokens guarantee
• Secure Key Management: HSM-backed encryption keys

3. Real-Time Processing

High-performance data protection:

• Sub-Millisecond Latency: Minimal overhead
• Streaming Support: Handle real-time data streams
• Batch Processing: Process large datasets efficiently
• Async Operations: Non-blocking data flows

4. Compliance & Audit

Complete compliance support:

• Audit Logs: Every anonymization/de-anonymization logged
• Data Lineage: Track data transformations
• Compliance Reports: GDPR, HIPAA, SOC 2 reports
• Right to Deletion: Complete data removal support
• Data Residency: Control where data is processed

Integration Methods

1. Proxy Mode (Recommended)

Route LLM traffic through NEXr Data Safe:

// Instead of calling OpenAI directly
const response = await openai.chat.completions.create({
  model: "gpt-4",
  messages: [{ role: "user", content: userMessage }]
});

// Call through NEXr Data Safe proxy
const response = await fetch('https://nexr-datasafe.nexr.cloud/api/proxy/openai', {
  method: 'POST',
  headers: {
    'Authorization': `Bearer ${NEXR_DATASAFE_KEY}`,
    'X-OpenAI-Key': OPENAI_API_KEY
  },
  body: JSON.stringify({
    model: "gpt-4",
    messages: [{ role: "user", content: userMessage }]
  })
});

// Response automatically de-anonymized

2. SDK Integration

Use NEXr Data Safe SDK:

import { DataSafe } from '@nexr/data-safe';

const dataSafe = new DataSafe({
  apiKey: process.env.NEXR_DATASAFE_KEY,
  region: 'us-east-1'
});

// Anonymize before sending to LLM
const { anonymizedText, context } = await dataSafe.anonymize(userMessage);

// Send to any LLM
const llmResponse = await yourLLMProvider.complete(anonymizedText);

// De-anonymize the response
const finalResponse = await dataSafe.deanonymize(
  llmResponse,
  context
);

3. API Integration

Direct API calls for custom integration:

// Step 1: Anonymize
POST /api/anonymize
{
  "text": "My SSN is 123-45-6789 and email is john@example.com",
  "piiTypes": ["SSN", "EMAIL", "PHONE", "NAME"],
  "preserveFormat": true
}

// Response
{
  "anonymizedText": "My SSN is [SSN_a1b2c3] and email is [EMAIL_d4e5f6]",
  "context": "ctx_abc123", // Use for de-anonymization
  "detectedPII": [
    { "type": "SSN", "original": "***-**-****", "token": "[SSN_a1b2c3]" },
    { "type": "EMAIL", "original": "j***@***.com", "token": "[EMAIL_d4e5f6]" }
  ]
}

// Step 2: Send anonymizedText to LLM
// ...

// Step 3: De-anonymize LLM response
POST /api/deanonymize
{
  "text": "Your SSN [SSN_a1b2c3] is verified. Code sent to [EMAIL_d4e5f6]",
  "context": "ctx_abc123"
}

// Response
{
  "originalText": "Your SSN 123-45-6789 is verified. Code sent to john@example.com"
}

Use Cases

Customer Support & Chatbots

Document Processing

Enterprise Applications

Compliance-Sensitive Industries

Service Plans

Standard Plan

• Pricing: $199/month
• Features:
  • 100,000 anonymizations/month
  • All PII types detection
  • Standard compliance reports
  • API access
  • Email support

Professional Plan

• Pricing: $599/month
• Features:
  • 1,000,000 anonymizations/month
  • Custom PII types
  • Advanced audit logs
  • Webhook notifications
  • Priority support
  • 99.9% SLA

Enterprise Plan

• Pricing: Custom
• Features:
  • Unlimited anonymizations
  • On-premise deployment
  • Custom compliance requirements
  • Dedicated infrastructure
  • HSM key management
  • 24/7 premium support
  • 99.99% SLA
  • Custom retention policies

Security & Compliance

Data Security

• Encryption: AES-256 encryption at rest and in transit
• Key Management: HSM-backed key storage
• Zero Knowledge: NEXr cannot access your original data
• Secure Tokens: Cryptographically secure token generation
• No Storage: Original PII never stored (only encrypted mapping)

Compliance Certifications

• SOC 2 Type II: Audited security controls
• GDPR: EU data protection compliance
• HIPAA: Healthcare data protection
• PCI DSS: Payment card industry standards
• CCPA: California privacy compliance
• ISO 27001: Information security management

Privacy Features

• Data Residency: Choose processing region
• Retention Control: Configure data retention periods
• Right to Deletion: Complete data removal on request
• Data Minimization: Only necessary data processed
• Purpose Limitation: Data used only for specified purpose

Advanced Features

Custom PII Types

Define organization-specific sensitive data:

POST /api/custom-pii-types

{
  "name": "internal_employee_id",
  "displayName": "Employee ID",
  "pattern": "EMP-[0-9]{6}",
  "examples": ["EMP-123456", "EMP-789012"],
  "category": "BUSINESS_SENSITIVE"
}

Conditional Anonymization

Apply rules for selective anonymization:

{
  "rules": [
    {
      "condition": "role === 'admin'",
      "action": "skip_anonymization"
    },
    {
      "condition": "dataClassification === 'public'",
      "action": "skip_anonymization"
    },
    {
      "condition": "piiType === 'EMAIL' && domain === 'company.com'",
      "action": "skip_anonymization"
    }
  ]
}

Multi-Tenant Isolation

• Tenant-Specific Keys: Separate encryption keys per tenant
• Isolated Contexts: No cross-tenant data access
• Custom Policies: Per-tenant anonymization rules
• Audit Separation: Isolated audit logs

Streaming Support

Real-time data protection for streaming applications:

const stream = dataSafe.createStream({
  mode: 'anonymize',
  piiTypes: ['EMAIL', 'SSN', 'PHONE']
});

stream.on('data', (chunk) => {
  // Anonymized data chunks
  sendToLLM(chunk);
});

stream.write(userInput);

Performance & Scalability

Processing Speed

• Anonymization Latency: < 10ms for typical requests
• De-anonymization: < 5ms
• Throughput: 10,000+ requests/second
• Batch Processing: 1M+ records/hour

Scalability

• Auto-Scaling: Handle traffic spikes automatically
• Global Distribution: Low-latency worldwide
• High Availability: 99.99% uptime SLA
• Load Balancing: Distributed processing

Best Practices

Monitoring & Analytics

Real-Time Dashboard

• PII Detection Stats: Types and frequency of detected PII
• Anonymization Rate: Percentage of requests with PII
• Processing Metrics: Latency, throughput, error rates
• Compliance Score: Coverage and effectiveness metrics

Audit Trail

Complete audit log for every operation:

{
  "requestId": "req_abc123",
  "timestamp": "2024-01-15T10:30:00Z",
  "operation": "anonymize",
  "userId": "user_xyz789",
  "detectedPII": [
    { "type": "EMAIL", "count": 1 },
    { "type": "SSN", "count": 1 }
  ],
  "llmProvider": "openai",
  "model": "gpt-4",
  "dataClassification": "confidential",
  "complianceFlags": ["HIPAA", "GDPR"]
}

Support & Resources

Getting Started

Ready to protect your sensitive data in AI workflows?