AI GhostWriting without Data Leaks.

Connect your own API keys for Gemini, OpenAI, or Claude. ShadowMask scrubs your PII locally before sending data, giving you the freedom to use any AI with absolute privacy.

Try Live Demo Security Specs
[PERSON_1] REPLACEMENT

Why ShadowMask?

Built for legal, medical, and corporate professionals.

Local PDF, DOCX Extraction

Process complex PDFs and DOCX files directly on your device. We extract text without third-party cloud ingestion.

Automated Masking

Local PII Guard Scans data on-device using OCR and local ML. Sensitive info is replaced with reversible placeholders, while original data stays encrypted in your local OS key store.

One-Click Rehydration

When the AI finishes writing, restore your original names and data with a single click—locally.

Inside the Platform

A visual walkthrough of the ShadowMask workflow.

Login / Signup

It provides password reset, remember‑me, and account‑lockout protections, plus clear error and recovery flows. Role-based access control enforces capabilities: regular users can upload and process documents, view and rehydrate their own masked data, and manage personal settings. Admins can manage users and roles, review audit logs, configure global PII rules and encryption/key settings, and access organization‑level reports.

Chat

The chat feature allows users to securely interact with the AI assistant directly within the app interface. Users can ask questions, request document processing, or get explanations about masked data and rehydration steps. The chat supports context-aware follow-up, so users can reference previous messages or documents during a session. All chat data is processed locally or securely, ensuring sensitive information is not sent to third-party servers. Admins can review chat logs for compliance and troubleshooting, if enabled by organization policy.

Admin Dashboard

Centralized Admin UI: Dedicated dashboards for Users, PII Rules, Encryption Keys, and Audit Logs. RBAC Authorization: Secure middleware enforcing strict Admin vs. User access and route protection. Dynamic PII Config: Live NER/Regex toggles with instant previews for document scrubbing rules. Hardware-Level Security: Integrated handlers for OS Keychain/TPM, key rotation, and passphrases. Immutable Audit Logs: Searchable, tamper-evident logging for all masking and document actions. Enterprise Security Stack: Built-in SSO/2FA, session policies, and automated health-check scheduling.

Audit Logs

The audit logs record all key actions in the app, including logins, document uploads, masking, rehydration, user management, and admin changes. Each log entry includes a timestamp, user identity, action type, and relevant details for traceability. Logs are stored securely and can be searched or filtered by admins for compliance, troubleshooting, or security reviews. Audit logs can be exported for reporting or integration with external compliance systems. Tamper-evident mechanisms help ensure the integrity of the logs.

Data Controls

The Data Controls page allows users and admins to manage the lifecycle of uploaded and processed documents. Users can view, download, or delete their own documents and see the status of masking or rehydration. Admins have additional controls to quarantine, permanently purge, or approve/reject rehydration requests for sensitive documents.

Zero-Knowledge Architecture

We don't just protect your data; we make it impossible for us (or the AI) to ever see it.

Local-Only Processing

All document ingestion, text extraction, and OCR-based PII detection are performed entirely on the client device within the user’s local environment. This architecture ensures that original files and unmasked content remain strictly local, never reaching external servers at any stage. Every step—from file upload to final masking—leverages local memory and processing power. This design guarantees that sensitive data is fully contained within your trusted environment, eliminating the risk of cloud-based leakage and providing absolute data sovereignty throughout the entire document processing workflow.

STATUS: SECURE_LOCAL_ONLY

Ephemeral In-Memory Encryption Vault

Mappings between detected PII and their corresponding placeholders are encrypted in memory using strong AES-256 encryption. The encryption keys are generated at the start of each processing session and are kept only in volatile memory for the duration of that session. Neither the keys nor the original sensitive data are ever written to disk or stored in any persistent location. Once processing is complete or the session ends, all encryption keys and sensitive mappings are immediately cleared from memory. This approach ensures that sensitive information is protected during processing and is never exposed to disk-based attacks or unauthorized retrieval after the session concludes.

[ ENCRYPTION ACTIVE ]

AI Prompt Scrubbing

Before any prompt reaches the AI, the application performs multi-layered local sanitization to ensure zero data exposure. Using a combination of deterministic regex and ML-based entity recognition, the system identifies PII and replaces it with cryptographically mapped placeholders. A strict zero-PII policy is enforced: if any detection anomaly occurs, the prompt is automatically blocked from transmission. This prevents accidental leakage while maintaining local audit logs for traceability. This ensures the AI model only receives context, while the actual sensitive identity of the data remains protected.

STATUS: ZERO_PII_OUTBOUND

Experience the Privacy Gateway

Dear John Doe, please call me at 555-0199.
Dear [PERSON_1], please call me at [PHONE_1].