Use frontier AI — without your customer data leaving the building.
Names, case numbers, diagnoses, IBANs turn into placeholders before the text reaches Claude, GPT or Mistral. The model works on the placeholders — it never sees the real data, and the answer comes back to you unmasked. Runs as a Docker container in your own infra (one line: base_url), your keys, fully maintained.
See the masking live: paste text (or a file), watch line by line what an AI model would read — and test a real masked AI chat with free credit. Runs in your browser, no Docker.
Built for teams shipping software with other people's data
When customer data or IP flows through an LLM — and you don't want to maintain a masking pipeline yourself.
Two ways to wire it in
One container, one engine, one license — pick the door that fits your stack.
Proxy / Gateway
LLM calls in apps & chat — drop-in
- OpenAI-compatible, native streaming
- any model, your keys (BYOK)
- change one line, masking is transparent
# just point base_url at the Bridge: client = OpenAI( base_url="http://localhost:4000/v1", api_key=YOUR_KEY, ) # everything now goes out masked
Mask API
Your own pipelines, ETL, agents — the primitive
- /v1/mask + /v1/unmask, stateless
- you control everything between mask & unmask
- batch, ETL, agentic/MCP, your own flow
curl localhost:4000/v1/mask \
-d '{"text":"Maria Miller, m@acme.com"}'
# → { "masked": "[PERSON_1], [EMAIL_1]",
# "mapping": { ... } } # stays with you
Both on-premise, in your infra — Saklam never sees a byte.
Three steps, one line of code
The Bridge sits between your app and the provider. You only change the base_url.
Your app / IDE
Sends the request to the Bridge instead of straight to OpenAI/Anthropic. Point the base_url.
Bridge masks
Locally in your infra: PII → placeholders. The mapping stays in RAM, per request.
Provider sees tokens
Your keys (BYOK), any model. The response is un-masked back at your end.
Why buy instead of build?
Data control by design
Mappings live in RAM, per request, then discarded — no DB, no logs. With the on-prem Bridge, Saklam never sees a single byte of your traffic.
Maintained, not hacked together
300+ PII patterns, 20+ languages, NER model — kept current, edge-cases tuned. The part you'd never keep comprehensive and up to date yourself.
Drop-in, no lock-in
OpenAI-compatible. Point the base_url, bring your own keys, any model (Claude, GPT, Mistral, Gemini, Bedrock, Ollama). Out as easy as in.
Live in 15 minutes
A server with 1–2 GB of free RAM, Docker, your pay-as-you-go provider keys.
mkdir -p /opt/saklam-bridge && cd /opt/saklam-bridge# 2 — grab compose + env
curl -fsSL https://saklam.com/bridge/docker-compose.yml -o docker-compose.yml curl -fsSL https://saklam.com/bridge/env.example -o .env# 3 — add your keys
$EDITOR .env # ANTHROPIC_API_KEY=sk-ant-… etc.# 4 — start
docker compose pull && docker compose up -d# 5 — health check
curl -fsS http://localhost:4000/health/readiness
From solo dev to enterprise. No volume cap.
Your AI usage goes straight to the provider — we don't make a cent on it.
Solo
- 1 Bridge instance, unlimited volume
- all providers, BYOK
- updates & pattern maintenance included
- cancel monthly
7-day free trial · or pay yearly (2 months free)
Team
- up to 5 Bridge instances
- everything in Solo
- priority support
- pay by invoice
Business
- up to 20 Bridge instances
- compliance package: DPIA module, audit-trail docs, whitepaper
- onboarding session & priority support
- pay by invoice
Enterprise / OEM
- 50+ instances or org-wide rollout
- embed the Bridge in your own product (OEM)
- SLA & individual contracts
- compliance package included
All prices excl. VAT (B2B). Every tier: on-prem Docker, all providers, BYOK, updates & pattern maintenance included.
Works with any provider:
FAQ
Do you store the token↔original mappings?
No. With the on-prem Bridge the masking runs in your infra; the mapping lives in RAM per request and is discarded after. It never leaves your server — we never see it.
Does the Bridge phone home?
Yes — and transparently: on startup and ~daily, only your license key goes to saklam.com to validate the subscription. Never prompts, customer data, or mappings. Offline, the Bridge keeps running until the license token expires (grace period).
How do I integrate it?
OpenAI-compatible endpoint. You set base_url (or ANTHROPIC_BASE_URL) to the Bridge. One line — in your app, in n8n, or in Claude Code / your IDE. Or use the /v1/mask + /v1/unmask primitive directly.
Which providers & models?
Claude, GPT, Azure OpenAI, Gemini, Bedrock, Mistral, local Ollama. BYOK — your keys, the provider bills you directly.
Hardware requirements?
1–2 GB RAM, 2 vCPU, runs on CPU — no GPU needed. The PII model ships inside the image (~1.6 GB download), no external download at runtime. First start: 1–2 min model warmup.
Latency / streaming?
~70 ms masking overhead per request. Streaming is passed through.
Why not build it myself?
You could — a regex in an afternoon. Comprehensive (hundreds of patterns, 20+ languages, NER), maintained and kept current is the ongoing work you save here.
Do I need a Data Processing Agreement (DPA) with Saklam?
No. The Bridge runs on-premises in your own infrastructure — personal data never reaches Saklam (zero-knowledge). There is no processing on your behalf, so no DPA with us is required. Any DPA obligation is with your LLM provider, since you use their key directly (BYOK).
What does "Saklam" mean?
The name comes from the Turkish saklamak — to hide, to keep safe. That's the job: your data is hidden before it leaves the building, and kept safe — with you, not with us.
Regulated professions / professional secrecy?
What matters is what actually reaches the model provider — not which country a server sits in: hosting commitments and contracts govern storage location and liability; professional secrecy protects the content itself. Masking runs on-premise in your own infra — names, case numbers, diagnoses become placeholders before the request leaves the building, so the protected data never reaches the provider. For clients bound by German professional-secrecy law (§203 StGB — lawyers, doctors, tax advisors) we additionally offer a "Mitwirkender" agreement (background: German Bar Association opinion 32/2025). The legal assessment for your case stays with your counsel — we provide the architecture and the contract it builds on.

From a developer, for developers
Stefan Böck — started back in university; I've been building software ever since, mostly freelance, sometimes employed (incl. at Sedo). Today I build the privacy tooling I'd use myself.
Classic first vertical: regulated professions (§203) — but the problem hits everyone who feeds sensitive data to AI.
Setup, if you want it, we do together over a screen share — you're live in 15–20 minutes.
LinkedInGet your app behind the Bridge in 15 minutes.
Pull the image, point the base_url, done. Your keys, your infra, your data.
Questions? stefan@saklam.com