Stop sending PII to LLMs

Enterprise proxy that detects and strips sensitive data before it reaches any LLM. Self-host for free or use Veil Cloud. Multi-provider. Zero code changes.

Try Veil Cloud Self-Host (Free) View API Docs
USER
    ↓ Veil intercepts
LLM SEES
    ↓ LLM responds with placeholders
USER SEES

Network-Level AI Governance

Block direct access to LLM APIs across your network. Route all AI traffic through Veil — every user authenticated, every message sanitized, every interaction logged. One gateway for all providers.

Capabilities

Everything you need

76 Detection Patterns

Regex + NER (Presidio/spaCy) + custom rules. SSNs, credit cards, emails, IPs, AWS keys, Azure/GCP secrets, log-file PII, and more.

OpenAI-Compatible Gateway

Change one line (base_url) in any OpenAI SDK. Works with LangChain, LlamaIndex, Cursor, and any OpenAI-compatible tool.

Multi-Provider

OpenAI, Anthropic, and Ollama. Run fully air-gapped with local models — no cloud API keys needed.

Self-Hosted

Your data never leaves your network. Docker Compose up in under 5 minutes. SQLite or PostgreSQL.

Policy Engine

Per-entity-type rules: redact, block, warn, or allow. Default policies out of the box, fully customizable.

Document Scanner

Upload PDF, DOCX, TXT, CSV, or XLSX files. Scan for PII or attach to chat. Files processed in-memory, never stored.

Full Admin UI

Built-in chat, admin dashboard, audit logs, rules editor, webhook management. No separate tools needed.

Image Generation

Sanitized prompts work with OpenAI image generation (DALL-E via Responses API). Text and images stream together.

Log File Sanitization

Detect PII in server logs, CI/CD output, and cloud audit trails. Azure, AWS, GCP, Kubernetes, and Docker patterns built-in.

How It Works

Three steps to safe AI

Step 1

Detect

76 regex patterns + NER + custom rules scan every message for sensitive data.

Step 2

Sanitize

PII is replaced with reversible placeholders. Original data stays in your secure session.

Step 3

Forward

Clean text goes to the LLM. The response is rehydrated with original data before you see it.

Built for enterprise
Enterprise Security
Air-Gap Compatible
Encryption at Rest
BSL 1.1 Licensed
Open Source
Pricing

Simple, transparent pricing

Self-host for free forever, or let us run it for you.

Free

$0
Self-hosted, forever free
  • 1 user
  • Built-in detection rules
  • 7-day audit retention
  • All detection engines
  • OpenAI-compatible gateway
  • Community support
Self-Host

Solo

$9 /mo
For individual professionals
  • 1 user, cloud hosted
  • 10 custom rules
  • 30-day audit retention
  • All detection engines
  • OpenAI-compatible gateway
  • Email support
Get Started
Most Popular

Team

$29 /user/mo
For growing teams
  • Up to 25 users
  • 100 custom rules
  • 5 webhooks
  • 90-day audit retention
  • Multi-provider + Google SSO
  • Email support
Get Started

Business

$69 /user/mo
For regulated industries
  • Up to 200 users
  • 500 custom rules
  • 20 webhooks
  • 1-year audit retention
  • Encryption at rest + audit trail
  • Priority support
Get Started

Enterprise

Custom
On-prem or dedicated cloud
  • Unlimited users
  • Unlimited rules
  • 100 webhooks
  • 2-year audit retention
  • HIPAA compliance mode
  • SSO / OIDC integration
  • SLA + dedicated support
Contact Sales
Get Started

Up and running in 60 seconds

terminal
# Clone and configure git clone https://github.com/Threatlabs-LLC/veil-public.git cd veil-public cp .env.example .env # Edit .env with your API keys # Start with Docker docker compose up -d # Open http://localhost:8000 and register
python
# Or use the gateway API from existing code from openai import OpenAI client = OpenAI(base_url="http://localhost:8000/v1", api_key="vk-...") # That's it. PII is sanitized transparently.

Ready to protect your LLM traffic?

Deploy in minutes. No code changes required.

Try Cloud Free Self-Host (GitHub)