HALETHEIA - Ethics & Privacy by Design
Privacy Engine

Xokito

Scalable Privacy Engine. Pre-LLM deterministic obfuscation for PII. GDPR/HIPAA compliant by design.

The Privacy Catastrophe

Connecting LLMs directly to corporate databases sends PII (names, emails, credit cards) to OpenAI/Anthropic servers. You just violated GDPR, HIPAA, and your company's security policies.

Xokito Privacy by Design

How Xokito Works

Xokito intercepts data before it reaches the LLM, obfuscates PII deterministically, and de-obfuscates on return. The LLM never sees real data.

Xokito Obfuscation Flow

Click to view in full size · Deterministic tokenization preserves privacy

Click to enlarge

🔒 Deterministic

Same input = same token. "juan@email.com" always becomes "TOKEN_001" in the same session.

🔄 Reversible

Zero information loss. Full round-trip: obfuscate → LLM → de-obfuscate.

⚡ Pre-LLM

Doesn't modify the model. Works with any LLM provider (OpenAI, Anthropic, local).

3 Levels of Privacy

Xokito scales from paranoid local-first to pragmatic cloud, based on your risk tolerance.

Level 1: Local-First (100% Private)

Zero external LLM calls. Use local models (Llama, Mistral) running on your hardware.

  • ✓ No data leaves your infrastructure
  • ✓ Air-gapped deployments possible
  • ✓ Maximum privacy, lower AI quality

Use case: Military, intelligence agencies, extreme paranoia.

Level 2: Obfuscation (PII Protected)

Xokito obfuscates PII before sending to external LLMs. OpenAI/Anthropic see tokens, not real data.

  • ✓ Use best LLMs (GPT-4, Claude) safely
  • ✓ GDPR/HIPAA compliant (PII never sent)
  • ✓ Reversible (no information loss)

Use case: Healthcare, finance, legal—strict compliance without sacrificing AI quality.

Level 3: VPC (Controlled Cloud)

Data sent to cloud, but through encrypted VPC tunnel. No public internet exposure.

  • ✓ Private tunnel to LLM provider
  • ✓ Data encrypted in transit (TLS 1.3)
  • ✓ Audit logs for compliance

Use case: Enterprises with negotiated BAAs (Business Associate Agreements) with LLM providers.

Use Cases

🏥 Healthcare

Challenge: HIPAA forbids sending patient data to external APIs.

Solution: Xokito Level 2 (obfuscation). Patient names/SSNs replaced with tokens.

Result: AI diagnostic assistants using GPT-4, 100% HIPAA compliant.

🧠 Psychology

Challenge: Therapy notes are ultra-sensitive. Zero tolerance for leaks.

Solution: Xokito Level 1 (local-first). Models run on-premise.

Result: AI therapy note analysis with absolute privacy.

⚖️ Legal

Challenge: Client privilege. Documents can't leave firm's control.

Solution: Xokito Level 2 + VPC. Obfuscated data via private tunnel.

Result: AI legal research with zero privilege breach risk.

Plans & Pricing

Xokito Enterprise is available as an add-on in all plans. Check complete pricing.

See Full Pricing Request Demo

Stop Leaking PII to LLMs

Join companies using Xokito to unlock GPT-4/Claude for sensitive data without violating compliance.

Join Beta Join Waitlist Read Docs
Zoomed image