Frequently Asked Questions

NOπI is a PII protection layer for LLM APIs. It works as a secure reverse proxy that sits between your application and any LLM provider, including OpenAI, Anthropic, Google Gemini, xAI, and others. When your application sends a prompt, NOπI detects personally identifiable information in real time, replaces it with secure tokens before the prompt reaches the model provider, and restores original values in the response. The LLM never sees real PII. Your application works exactly as expected.

DLP tools monitor and block data. They were not designed for LLM API traffic where you need the model to reason over data without seeing the real values. AI gateways offer basic PII features like regex-based placeholder masking, but masking destroys context and degrades output quality. NOπI uses deterministic tokenization, which preserves entity relationships so the LLM can reason accurately. It also supports round-trip detokenization, meaning your application gets real data back in the response.

Masking replaces sensitive data with generic placeholders like [NAME] or [REDACTED]. The LLM loses entity relationships and output quality degrades. If turn 1 mentions "John Smith" and turn 3 asks the model to summarize, [REDACTED] could refer to anyone. Deterministic tokenization replaces each value with a unique, consistent token. The same input always produces the same token. The LLM tracks entities across turns without ever seeing the real values. On the response path, NOπI restores the originals.

Names, including CJK characters and accented names, email addresses including obfuscated formats, phone numbers in international formats, government-issued IDs such as SSNs and passport numbers, financial data such as credit card numbers, bank accounts, and IBANs, medical identifiers such as MRNs and patient IDs, physical addresses, dates of birth including natural language formats, and additional entity types configurable per tenant.

When NOπI tokenizes an SSN, the prompt might still contain the label "SSN:" next to the token. Some LLMs see that label, recognize the sensitive context, and refuse to process the request. Context phrase neutralization replaces those labels with neutral terms so the model processes the tokenized prompt without triggering safety refusals. This is a problem unique to LLM PII protection that most tools do not address.

The only change required is updating the base_url in your existing LLM SDK configuration. No new SDK to install, no middleware to build, no prompt rewriting. Teams typically go live in under 5 minutes.

All major providers: OpenAI, Anthropic, Google Gemini, xAI, DeepSeek, Mistral, Groq, Together, Fireworks, and any OpenAI-compatible endpoint. One proxy, one audit trail, every provider.

No. NOπI is a transparent reverse proxy. Your application sends requests to the NOπI endpoint instead of directly to the provider. Prompt structure, SDK usage, application logic, tools, retrievers, and output parsers all stay the same.

Yes. Any framework that uses an OpenAI-compatible client works with NOπI by changing the base URL. Chains, memory, retrievers, tools, and output parsers are unaffected. The privacy layer operates at the transport level, below your application logic.

Yes. NOπI handles Server-Sent Events streaming, including PII that is split across chunk boundaries. A name split as "Jane" in one chunk and "Doe" in the next, or an SSN split across multiple chunks, is correctly managed.

Yes. Because NOπI uses deterministic tokenization, the same entity receives the same token across all conversation turns. The LLM knows that the token in turn 3 refers to the same entity from turn 1. This is critical for agents, chatbots, and any stateful application.

NOπI is designed to support HIPAA compliance requirements. PHI is tokenized before reaching any external LLM provider. Every PII detection event is logged with entity type, confidence score, session ID, provider, model, and timestamp. The audit trail is searchable and exportable for compliance review.

Yes. NOπI ensures personal data is tokenized before it reaches a third-party model provider. The provider never receives personal data, which simplifies data processing obligations, cross-border transfer analysis, and DPIA requirements under GDPR.

NOπI is built on PCI Level 1 certified infrastructure and services. Financial data including credit card numbers and bank account details are tokenized before reaching any LLM provider.

The request is blocked. This is not configurable. If tokenization cannot be completed, the prompt is not forwarded to the LLM provider. Sensitive data never reaches the model through a misconfiguration or detection failure. This fail-safe default is a core architectural decision.

Yes. Every PII detection is logged with entity type, confidence score, session ID, the LLM provider and model used, and a timestamp. The audit trail is searchable and exportable through the admin console without requiring engineering support.

PII detection and tokenization happen in single-digit milliseconds. The added latency is negligible relative to LLM inference time, which typically ranges from 2 to 8 seconds depending on model and output length.

No. Because NOπI uses deterministic tokenization rather than generic placeholders, the LLM can understand entity relationships and data structure. Dollar amounts, dates, medical terminology, and other non-PII content pass through untouched. The model produces high-quality output, and NOπI restores original values on the response path.

Yes. NOπI detects PII in unstructured text, structured JSON payloads, and mixed formats commonly found in LLM prompts. This includes PII embedded inside JSON key-value pairs in RAG context injection.

Yes. Tested formats include German IBANs, German VAT IDs, Unicode names with accented characters, Irish PPS numbers, Japanese kanji names, Japanese date formats, French accented names, and international phone number formats.

These are documented publicly. Deterministic tokenization cannot distinguish two different people who share the same name, because the same input string produces the same token. Common English words that are also names like Grace, Bill, and Amber can produce false positives in ambiguous contexts. PII inside code block delimiters has limited detection coverage, with improvements shipping soon.

Yes. NOπI tokenizes patient names, SSNs, medical record numbers, dates of birth, and other PHI before they reach the LLM. Clinical terminology such as medication names, dosages, ICD-10 codes, and diagnoses is preserved in the output. It was tested across 17 healthcare scenarios, including mental health progress notes and controlled substance prescriptions, and all 17 passed.

Yes. It has been tested against credit card disputes, wire transfer instructions, mortgage applications, international IBAN payments, and U.S. tax filings. Dollar amounts and percentages are preserved in model output. It is built on PCI Level 1 certified infrastructure.

Yes. It has been tested against contract clauses, deposition transcripts, and immigration case filings. Natural language dates, attorney details, party names, and case identifiers were all tokenized. Company names were preserved and not falsely flagged.

Yes. NOπI tokenizes PII in the full prompt body, including system prompts, conversation history, tool results, and RAG-injected context. Multi-turn token consistency ensures agents maintain coherent entity tracking across turns without exposing real data.

Building in-house requires constructing the detection pipeline, implementing deterministic tokenization, handling round-trip detokenization, building an audit trail, managing fail-safe behavior, supporting streaming, and maintaining the system over time. Teams reportedly spend 3 to 6 months of engineering time. NOπI provides all of this with a 1-line integration.

Enterprise tiers offer data handling agreements and may not train on your data, but your data still reaches their infrastructure. NOπI ensures the data never reaches them in the first place. These are different privacy postures: enterprise agreements manage risk, tokenization eliminates it.

Yes. NOπI complements existing infrastructure. If you use an AI gateway for routing and cost management, NOπI adds compliance-grade PII tokenization that gateways do not provide. If you have a DLP solution for broader data protection, NOπI adds LLM-specific privacy controls designed for unstructured prompt traffic.