Skip to main content
Secured AI - Protecting You in the AI Age
Pricing

Features

Secure Unmasking: Turn Protected Responses Into Usable Answers

Our Reveal Technology automatically restores original values in AI responses—for authorized users only, with complete access controls. The feature that transforms masked outputs from unusable placeholders into actionable intelligence.

Automatic restorationNo manual reconstruction required
Role-based permissionsControl who reveals what
Complete activity trackingEvery reveal tracked for compliance

The Usability Problem with Masking

Every AI privacy tool on the market masks sensitive data. They have to. But when the AI responds, those responses contain the same masked tokens. And that's where they all fail.

Unusable AI Responses

You asked: "What treatment should this patient receive?"
You got: "[PATIENT_A] should receive [MEDICATION_1] at [DOSAGE_1] and follow up with [DOCTOR_A] on [DATE_1]."

This is useless. The clinician can't act on a response where every specific is hidden.

Manual Reconstruction

Workflow without Reveal:
1. Read masked response
2. Look up [PATIENT_A] in your notes
3. Look up [MEDICATION_1] in your notes
4. Look up [DOSAGE_1] in your notes
5. Look up [DOCTOR_A] in your notes
6. Look up [DATE_1] in your notes
7. Reconstruct the full sentence
8. Actually use the information

10-15 minutes of work per response. Security creates unsustainable friction.

Tool Abandonment

What users do: "This privacy tool makes AI useless. I'll just paste directly into ChatGPT."
What happens: Complete security bypass. All protection wasted.

When security creates too much friction, people work around it.

Reveal Technology Solves This

Secured AI's Reveal Technology automatically restores original values in AI responses—but only for authorized users, with full access controls. Users get usable responses. Security gets control and visibility.

Benefits of Secure Unmasking

Instantly Usable AI Responses

No more manual reconstruction. Responses are automatically de-obscured with original values restored. Users can act on AI outputs immediately.

Zero reconstruction time for authorized users

Granular Access Control

Control reveal permissions by user role, data type, or context. Admins see everything; analysts might see names but not SSNs; some users see nothing.

Per-data-type, per-role permission configuration

Complete Activity Tracking

Every reveal operation is tracked: who, what, when, and why. Compliance teams can prove exactly who accessed what sensitive data.

Activity records with user identity, timestamp, and specifics

Session-Scoped Security

Token-to-value mappings are scoped to individual sessions. You can't use tokens from one session to reveal data from another.

Cryptographic session isolation

Configurable Retention

Choose how long reveal capability persists. Default: session only. Compliance option: extended retention for regulatory purposes.

Retention policies from immediate destruction to 7+ years

Seamless User Experience

For authorized users, reveal is automatic. They don't see tokens—they see the real response. Security is invisible.

Transparent reveal for authorized sessions

How Secure Unmasking Works

1

Response Reception

Input

LLM response containing masked tokens

Control

Capture response before presenting to user

Output

Response queued for reveal processing

2

Token Identification

Input

Masked response

Control

Scan for token patterns matching session's token registry

Output

List of tokens to potentially reveal

3

Permission Verification

Input

Token list + user identity

Control

Check each token against reveal policy: User's role; Data type of the token; Session context; Time-based rules

Output

Authorized tokens vs. denied tokens

4

Value Restoration

Input

Authorized tokens + encrypted mapping registry

Control

Decrypt mapping for authorized tokens only: Retrieve encrypted mapping; Decrypt with session key; Replace token with original value

Output

Partially or fully revealed response

5

Activity Recording

Input

Reveal results

Control

Create operation record: User identity; Timestamp; Session ID; Tokens revealed; Tokens denied

Output

Compliance-ready activity record

6

Response Delivery

Input

Revealed response + denied tokens (if any)

Control

Present to user: Authorized tokens show original values; Denied tokens show token placeholder

Output

User receives appropriately revealed response

Reveal Permission System

Reveal permissions determine who can see what. Configure at the organization, team, or individual level.

By Role

AdminAll data types
Clinical StaffPatient names, dates, providers
BillingSSNs, account numbers
AnalystAggregated data only (no PII)
AuditorRead logs only (no reveal)

By Data Type

NamesAllowed for clinical staff
SSNsBilling and admins only
Medical recordsClinical staff only
Financial dataFinance team only
All dataAdmins only

By Context

During business hoursStandard permissions apply
After hoursRequire additional approval
Sensitive case flaggedEscalate to admin
Bulk reveal (>10 items)Require justification

Activity Tracking for Compliance

Every reveal operation is tracked and recorded. These records support HIPAA access documentation, SOC 2 requirements, and internal security reviews.

User identity

Who performed the reveal operation

Timestamp

When the reveal occurred (UTC precision)

Session context

Which session the reveal occurred in

Data type

Category of the revealed data

Access policy

Permission level applied to the operation

Export

SIEM-compatible formats (JSON, CEF, Syslog)

Retention

Configurable from 30 days to 7+ years

Search

Query by user, date range, data type, session

Alerting

Real-time alerts on unusual reveal patterns

Technical Specifications

Reveal Performance

Average latency<10ms
P95 latency<20ms
Throughput20,000+ reveals/second

Security

Mapping encryption

AES-256-GCM

Key management

HSM-backed, per-session

Session isolation

Cryptographic binding

Data integrity

Cryptographic integrity verification

Compliance

HIPAA

Access documentation, minimum necessary

SOC 2

Access control, activity tracking

GDPR

Data access logging, right to access

CCPA

Access request documentation

Secure Unmasking in Action

Healthcare

Scenario:

Clinician reviews AI-generated patient summary

Reveal:

Patient names, diagnoses, medications, providers revealed

Tracking:

"Dr. Chen revealed [PATIENT_A] data at 2:34 PM for treatment planning"

Compliance:

HIPAA access documentation satisfied

Financial Services

Scenario:

Advisor reviews AI-prepared client meeting notes

Reveal:

Client names, account details, portfolio values revealed

Tracking:

"J. Park revealed [CLIENT_A] financial data at 9:15 AM"

Compliance:

Fiduciary duty documentation maintained

Legal

Scenario:

Attorney reviews AI case summary

Reveal:

Party names, case numbers, settlement amounts revealed (for authorized attorneys)

Tracking:

"Partner reviewed [CASE_123] details at 4:00 PM"

Compliance:

Privilege access documented

Frequently Asked Questions

If anyone can reveal, how is this secure?
Not anyone can reveal. Reveal requires: (1) the session's encryption key, (2) authorization per the permission policy, and (3) authentication as a valid user. Unauthorized users see only masked content.
What if someone screenshots revealed content?
Reveal doesn't prevent screenshots—no software can. But it creates a complete activity record. If revealed content is misused, you know exactly who revealed it and when.
Can I disable reveal entirely?
Yes. You can configure a "mask only" policy where no reveal is permitted. This provides the same protection as other tools—but you lose the usability benefit.
How long are reveal mappings retained?
By default, mappings are destroyed when the session ends. For compliance scenarios, you can configure retention from 30 days to 7+ years. All retention is encrypted.
Can I require approval for certain reveals?
Yes. Enterprise plans support approval workflows. High-sensitivity data types can require manager approval before reveal is permitted.
What happens if a user's role changes?
Permission changes take effect immediately. If a user loses access to a data type, they can no longer reveal it—even for sessions that started before the change.

Related Features

Real-time PII/PHI Detection

Detection identifies what needs to be protected before masking and reveal can work.

Context-Preserving Masking

Semantic tokenization creates the tokens that Reveal restores—while maintaining AI accuracy.

Reveal Technology Deep Dive

Learn more about the architecture and unique capabilities of our Reveal Technology.

See Secure Unmasking in Action

Try the interactive demo to experience reveal—and see how it transforms masked responses into usable answers.

Demo uses synthetic data • Full reveal capabilities included