Features
Masking That Preserves Meaning for Accurate AI Responses
Simple redaction breaks AI accuracy. Our context-preserving masking uses semantic tokenization to protect data while maintaining the context LLMs need to generate useful, relevant responses.
Why Standard Masking Fails
Most privacy tools use simple redaction: replace "John Smith" with "[REDACTED]" or "XXXXX". This approach has a fatal flaw.
Loss of Entity Relationships
Original:
"Dr. Chen referred John Smith to Dr. Patel for a second opinion."
Basic masking:
"[REDACTED] referred [REDACTED] to [REDACTED] for a second opinion."
The AI can't tell who is the patient, who are the doctors, or who referred whom.
Loss of Entity Count
Original:
"Contact John at john@email.com or reach out to Sarah at sarah@email.com."
Basic masking:
"Contact [REDACTED] at [REDACTED] or reach out to [REDACTED] at [REDACTED]."
The AI can't tell if there are 2 people or 4.
Loss of Format Context
Original:
"His SSN is 123-45-6789 and his phone is 555-123-4567."
Basic masking:
"His SSN is [REDACTED] and his phone is [REDACTED]."
Both look identical. The AI loses the distinction between data types.
Semantic Tokenization Preserves What Matters
Secured AI's context-preserving masking replaces sensitive data with semantic tokens that maintain entity relationships, counts, types, and structural context—while revealing nothing about the actual values.
Benefits of Context-Preserving Masking
Accurate AI Responses
LLMs understand that [PATIENT_A] is different from [DOCTOR_A]. They produce responses that correctly reference entities, even though they never see the real values.
AI response accuracy within 5% of unmasked prompts
Entity Relationship Preservation
When John refers Sarah to Dr. Chen, the tokens maintain that relationship: [PERSON_A] refers [PERSON_B] to [DOCTOR_A]. The AI understands the referral flow.
Entity relationships correctly maintained in 99%+ of cases
Consistent Cross-Conversation
The same person in turn 1 and turn 5 gets the same token. The AI maintains context across a conversation without ever learning the real identity.
Session-consistent token mapping
Format-Aware Tokenization
SSN tokens look like SSN tokens. Email tokens look like email tokens. The AI understands what type of data it's working with, even though the actual value is protected.
Type-specific token formats
Reversible Protection
Unlike irreversible anonymization, our tokens map back to original values. Authorized users can reveal the real data when needed.
Full Reveal Technology integration
Compliance-Ready Masking
Every masking operation is logged: what was detected, what token was assigned, and when. Compliance teams can prove data was protected.
Complete masking records
How Context-Preserving Masking Works
Entity Classification
Input
Detected sensitive entities from detection phase
Control
Classify each entity by type (person, SSN, email, address, etc.) and role (patient, doctor, sender, recipient, etc.)
Output
Typed and role-classified entities
Token Generation
Input
Classified entities
Control
Generate semantic tokens: Type prefix: [PATIENT_, [SSN_, [EMAIL_; Instance identifier: A], B], 1], 2]; Format preservation: maintain structural hints where useful
Output
Unique tokens for each entity
Consistency Enforcement
Input
New tokens + session token registry
Control
Check if entity already has a token in this session: If yes: reuse existing token; If no: register new token
Output
Consistent token mapping across conversation
Text Substitution
Input
Original text + token assignments
Control
Replace each sensitive value with its assigned token
Output
Masked text safe for LLM processing
Mapping Storage
Input
Token-to-value mappings
Control
Encrypt and store mappings for reveal: Per-session encryption key; Mapping stored in secure registry; Key destroyed when session ends (default)
Output
Encrypted mapping registry ready for reveal
Masking in Action
Healthcare
Original:
Patient John Smith (DOB: 03/15/1975, MRN: 12345678) was seen by Dr. Sarah Chen on March 20, 2024 for chest pain. He was referred to Dr. Michael Patel (Cardiology) for stress testing. Patient's pharmacy is CVS at 123 Main St, Boston. His SSN for insurance billing is 123-45-6789.
Masked:
Patient [PATIENT_A] (DOB: [DOB_1], MRN: [MRN_1]) was seen by [DOCTOR_A] on [DATE_1] for chest pain. He was referred to [DOCTOR_B] (Cardiology) for stress testing. Patient's pharmacy is [PHARMACY_A] at [ADDRESS_1]. His SSN for insurance billing is [SSN_1].
Preserved:
- Patient is one person, doctors are two different people
- Temporal relationship (seen on DATE_1, referred for future testing)
- Organizational relationships (pharmacy location, cardiology specialty)
- Data type distinctions (DOB vs. MRN vs. SSN)
Financial Services
Original:
Meeting with client Robert Johnson regarding his portfolio at account #12345-6789. Current balance: $2.3M. Robert expressed interest in reallocating to growth stocks. His advisor, Jennifer Park, recommended a 60/40 split. Wife Linda Johnson should be added as beneficiary. Contact: robert.j@email.com, 555-234-5678.
Masked:
Meeting with client [CLIENT_A] regarding his portfolio at account [ACCOUNT_1]. Current balance: [AMOUNT_1]. [CLIENT_A] expressed interest in reallocating to growth stocks. His advisor, [ADVISOR_A], recommended a 60/40 split. Wife [CLIENT_B] should be added as beneficiary. Contact: [EMAIL_1], [PHONE_1].
Preserved:
- Client identity consistent across references
- Relationship between client and wife
- Role distinction (client vs. advisor)
- Data type distinctions (account vs. amount vs. contact)
Legal
Original:
Agreement between ABC Corp (represented by CEO James Wilson) and XYZ Industries (represented by CFO Maria Garcia) for acquisition of Acme Solutions. Purchase price: $45M. Closing date: June 30, 2024. Escrow agent: First National Bank, account #987654321.
Masked:
Agreement between [COMPANY_A] (represented by CEO [EXECUTIVE_A]) and [COMPANY_B] (represented by CFO [EXECUTIVE_B]) for acquisition of [COMPANY_C]. Purchase price: [AMOUNT_1]. Closing date: [DATE_1]. Escrow agent: [BANK_A], account [ACCOUNT_1].
Preserved:
- Three distinct companies with different roles
- Two executives with their respective companies
- Transaction structure and relationships
Technical Specifications
Masking Performance
Token Format
Person (general)
[PERSON_A]
Patient
[PATIENT_A]
Doctor
[DOCTOR_A]
SSN
[SSN_1]
Credit Card
[CC_1]
[EMAIL_1]
Phone
[PHONE_1]
Address
[ADDRESS_1]
Date
[DATE_1]
Amount
[AMOUNT_1]
Custom
[EMPLOYEE_ID_1]
Mapping Security
Encryption
AES-256-GCM
Key scope
Per-session
Key storage
HSM-backed
Key destruction
On session end (configurable)
Masking for Your Industry
Healthcare
Challenge:
Use AI for clinical documentation while protecting PHI
Approach:
Mask all 18 HIPAA identifiers with semantic tokens
Outcome:
AI assists with drafts, diagnoses, referrals—without exposing real patient data
Compliance:
HIPAA minimum necessary standard satisfied
Financial Services
Challenge:
Use AI for client analysis without exposing account details
Approach:
Mask client PII and financial data while preserving relationships
Outcome:
AI provides portfolio insights, meeting prep, and recommendations
Compliance:
GLBA and fiduciary duty maintained
Legal
Challenge:
Use AI for document review without risking privilege waiver
Approach:
Mask party names, case details, and confidential information
Outcome:
AI accelerates research and drafting without exposure
Compliance:
Attorney-client privilege protected