Your employees can work freely with AI
GPI controls what data the model sees. Sensitive information never ends up in external AI services — regardless of what users prompt.
You reduce the risk of data leaks
GPI sits between your data and the AI model. Even sensitive prompts can be processed without exposing real personal information. You retain control — data is never forwarded in plaintext.
What you achieve
Protect customers, citizens and employees
GPI identifies names, SSNs, addresses, phone numbers and health data. The most sensitive information never flows freely in your AI usage.
Single-tenant isolation
One installation per customer. Your data is never shared with other organizations. Role-based access control via Microsoft Entra ID ensures only authorized users gain access.
Personal data never reaches the model
All PII is replaced with reversible tokens before being sent to AI. The model sees the structure and context — never the real data.
Security architecture
What GPI catches
Defense in depth
All sensitive data is encrypted with AES-256-GCM and HKDF-SHA256 key derivation. Byte-compatible between .NET and Python.
Master encryption key is protected by hardware TPM. LUKS2 disk encryption for data at rest.
All communication encrypted. Internal service-to-service traffic isolated on Docker bridge network.
8+ rules monitor for unauthorized access, bulk extraction and unusual access patterns. Automatic email alerts on breaches.
Control without slowing people down
Employees can work anywhere
Privacy Mode blurs all sensitive data on screen with one click. On the train, at the café, in an open office — shoulder surfers see nothing.
Control which APIs the AI uses
External integrations (CRM, ERP, legal databases) run via MCP with the same PII protection. You decide which systems the AI can access — not the users.
Security cases with full context
Case Files collect related conversations, documents and findings. When something needs investigating, the full history is in one place — with complete audit trail.