Our Commitment: AI Privacy Gateway is an open-source, self-hosted AI API privacy gateway. We do not collect your data, sell information to third parties, or store any sensitive content outside your machine. All PII masking happens locally; raw data never leaves your control.
1. Data We Process
AI Privacy Gateway operates as a reverse proxy between your AI client (e.g., ChatGPT, Cursor, Claude, DeepSeek) and the AI API service. The gateway processes:
- API Request Content — Prompts you send to AI models, including text, code, files, etc.
- API Response Content — Generated responses from AI models, where masked placeholders are restored to original mapped values.
- Metadata — Request timestamps, target API endpoints, HTTP status codes — used solely for the admin dashboard real-time statistics.
The gateway does not actively collect any personal identifiable information (PII). If a request contains PII, the gateway detects and masks it locally before forwarding the processed request to the AI API.
2. Data Storage and Encryption
AI Privacy Gateway uses a local SQLite database (called the "Vault") to store masked mapping relationships for sensitive information. The vault is encrypted with AES-256-GCM; the encryption key is auto-generated at startup.
- Storage Location — The vault file is stored locally on the machine where you run the gateway. You have full control over it.
- Encryption — All mapping data is encrypted using AES-256-GCM. The encryption key exists only in local memory.
- Data Retention — Mapping data persists in the vault until you delete the vault file or stop using the gateway. You can clear mapping records at any time.
- No PII Persistence — Raw sensitive information is never persisted in plaintext. Only encrypted mapping relationships between masked placeholders and original values are stored.
3. Data Sharing and Third Parties
AI Privacy Gateway does not sell, rent, or share your data with any third party. Specifically:
- No telemetry: The gateway sends no usage data or statistics to any remote server.
- No ad tracking: The website and admin dashboard contain no ads or third-party tracking scripts.
- AI API only: The gateway communicates exclusively with the upstream AI API you configured, sending masked request content.
4. Self-Hosting and Control
AI Privacy Gateway is self-hosted software. You run it on your own infrastructure — whether a personal computer, server, or cloud instance. This means:
- Your data is always processed on a machine you control.
- You can stop using the gateway, delete the vault file, or migrate to another environment at any time.
- There is no "delete account" process — because there is no account to delete. Just delete your local data.
5. Website Data Collection
The AI Privacy Gateway website (privacygw.pages.dev) is a static site deployed on Cloudflare Pages. The website:
- Does not use cookies.
- Does not include third-party tracking scripts.
- Does not collect visitor personal information.
- May log basic page access statistics for operational analysis, but these are not linked to personal identity.
6. Data Security
We take the following measures to protect your data:
- Local Masking: All PII detection and masking happens on your local machine; data is processed before leaving your control.
- Encrypted Storage: All mapping data is encrypted with AES-256-GCM.
- Least Privilege: The gateway only requires network access to connect to your AI API. It does not request filesystem or other system resource permissions.
- Open Source Audit: All source code is open on GitHub for anyone to audit.
7. Your Rights
Under applicable data protection laws (e.g., GDPR, CCPA, PIPL), you have the following rights:
- Right to Know: This privacy policy explains the types and methods of data we process.
- Right to Delete: You can delete all mapping data at any time by removing the local vault file.
- Right to Data Portability: The vault file is a standard SQLite database — you can read and export it directly.
- Right to Restrict Processing: Stop the gateway to halt all data processing entirely.
8. Changes to This Privacy Policy
We may update this privacy policy from time to time. Material changes will be announced via the GitHub repository Releases page. We encourage you to review this page periodically.
9. Contact Us
If you have questions, comments, or concerns about this privacy policy, please contact us: