VCAL Privacy Guard
A self-hosted privacy layer for AI Cost Firewall and enterprise LLM deployments. Detect, redact, or anonymize sensitive data before LLM calls, then restore approved placeholders in responses when your workflow requires it.
Built for teams that need private deployment, sensitive-data controls, and observability around LLM traffic.
Detect sensitive data
Identify common PII, secrets, credentials, network indicators, and custom regex-defined patterns before they reach the model provider.
Redact or anonymize
Replace sensitive values with fixed redactions or structured placeholders such as [EMAIL_1] and [IP_1].
Restore when needed
Restore approved placeholders in the response so internal users can keep operational context without exposing raw data upstream.
A privacy control point for LLM traffic
VCAL Privacy Guard can be orchestrated by AI Cost Firewall or integrated as a separate service. It scans selected message content, applies the configured privacy action, and returns a safe version of the request for downstream LLM processing.
User prompt or agent step
Orchestrates guard calls and upstream requests
Detects, redacts, anonymizes, and restores
Choose the privacy behavior per deployment
Pilot deployments can start with visibility-only scanning and then move toward redaction, anonymization, and controlled restore flows as policies mature.
Detect only
Find sensitive data and expose metrics without changing the prompt content.
Redact
Replace matched values with fixed redaction markers before forwarding requests.
Anonymize
Replace values with structured placeholders while preserving useful semantic context.
Restore
Map approved placeholders back to original values in final responses when needed.
Self-hosted and designed for enterprise pilots
VCAL Privacy Guard is designed to run inside your own environment, close to AI Cost Firewall and the applications that generate LLM traffic. It exposes HTTP APIs for scan and restore operations, plus health and metrics endpoints for operational visibility.
Pilot deployment includes
- • Self-hosted service deployment
- • AI Cost Firewall integration path
- • API-key based service authentication
- • Prometheus-compatible metrics
- • Fail-open or fail-closed policy options
- • Privacy findings and action counters
Where Privacy Guard helps
Support assistants
Reduce accidental exposure of customer emails, phone numbers, IPs, tickets, and identifiers in support prompts.
RAG systems
Protect retrieved context before it is sent to an external or internal model endpoint.
Agentic workflows
Apply privacy controls to repeated routing, summarization, validation, and incident-analysis steps.
Security operations
Analyze logins, network indicators, and events while limiting exposure of raw identities and sensitive context.
Regulated environments
Add a technical privacy control point for deployments that require stricter governance around AI traffic.
Enterprise pilots
Start with a narrow policy and expand toward broader privacy, security, audit, and compliance controls over time.
First step toward a broader security and governance layer
VCAL Privacy Guard is the first enterprise guard module available for pilots. VCAL Security Guard, audit/export capabilities, and compliance packages are planned modules that can be discussed for future pilots or custom enterprise deployments.
FAQ
Is VCAL Privacy Guard available now?
Yes, it is available for enterprise pilots. General public self-serve access is not the primary distribution model at this stage.
Does it send data to VCAL?
No. The intended deployment model is self-hosted inside your own environment, close to AI Cost Firewall and your application traffic.
Can it work without AI Cost Firewall?
It can expose scan and restore APIs as a service, but the recommended enterprise path is orchestration through AI Cost Firewall.
Is this a compliance product?
Privacy Guard is a technical privacy control. Formal compliance packages are planned separately and should be discussed as roadmap or custom enterprise work.
Interested in a Privacy Guard pilot?
Contact VCAL to discuss deployment scope, sensitive-data policies, AI Cost Firewall integration, security review, or enterprise packaging.