Rationify Logo

Enterprise AI with GDPR-by-design — no copy-paste of sensitive data

Rationify protects personal data before it reaches external AI providers. PII pipeline, encrypted mappings, audit trails and conversation replay for compliance teams.

Book a demoContact us
Rationify GDPR Compliant AI

Problem

Companies want AI but risk GDPR fines when staff paste customer data into generic chatbots. Ad-hoc tools offer no central PII protection or audit trail.

Solution

Rationify includes a dedicated gdpr-guard service: PII detection and pseudonymisation before external LLM calls, encrypted mapping storage, fail-closed on errors and full conversation replay — configurable per tenant.

Want to see how this works in your organisation?

Book a demo and discover the business value for your team.

Book a demoContact us

What is GDPR Compliant AI?

GDPR Compliant AI means personal data is systematically detected, pseudonymised or blocked before reaching an external AI provider — with traceable audit logs and safe restoration after the LLM response.

Why companies choose this

IT and compliance owners choose Rationify when AI must be productive without losing control over personal data.

Key benefits

PII detection

Automatic recognition of email, phone, IBAN and other sensitive fields.

Pseudonymisation

Placeholders to external providers; depseudonymisation only inside the guard.

Fail-closed

External calls blocked on encryption or mapping failures.

Audit replay

Conversation replay shows GDPR steps in the SSE timeline.

Tenant isolation

Multi-tenant with separate policy settings per organisation.

Tool-args protection

Optional pseudonymisation of tool-call arguments before external providers.

Erasure API

Tenant erasure endpoint for GDPR deletion requests.

EU focus

Platform designed for European businesses; private/on-premise deployment available.

How it works

Step 1

Detection

PII detectors scan chat, RAG context and optionally tool arguments.

Step 2

Pseudonymisation

Sensitive values replaced by deterministic placeholders; mappings stored encrypted.

Step 3

LLM call

Only pseudonymised content goes to external providers.

Step 4

Depseudonymisation

Response restored inside the guard after integrity checks.

Features

Enterprise GDPR LLM Guard

Central pseudo/depseudo layer when GDPR_ENABLED is active.

Strict mode per tenant

gdpr_strict enforces pseudonymisation for external providers.

Conversation replay

Deterministic replay of GDPR steps for QA and compliance.

Hallucination guard

Post-response validation without raw PII in audit events.

No PII in logs

Observability events contain no raw personal data.

Encrypted mappings

Fernet AEAD with tenant/request-scoped additional data.

Practical examples

Support chat with customer data

Staff paste a customer email in chat. GDPR guard pseudonymises it before OpenAI; the answer shows the real address only after safe depseudonymisation.

Finance tool in chat

Billit tool calls with invoice numbers can be scanned; external routing may be blocked in favour of local model when PII is detected in tool args.

Screenshots

Rationify GDPR audit timeline
GDPR-stappen zichtbaar in chat audit timeline

Security & Compliance

Enterprise-Sicherheit als unterstützende Basis — nicht als Hauptverkaufsargument

  • DSGVO-first
  • Europäisches Hosting
  • Private Cloud möglich
  • On-Premise-Bereitstellung möglich
  • Audit-Logging
  • Human-Approval-Workflows

Frequently asked questions

Is Rationify GDPR-compliant?+

The platform implements technical GDPR measures (PII pipeline, erasure API, audit). SOC2/ISO certification is not claimed — your DPA remains required.

What happens to PII?+

PII is detected, pseudonymised before external LLM calls and mappings stored encrypted. Depseudonymisation is fail-closed inside the guard.

Can I run on-premise?+

Yes — Kubernetes/Docker deployment keeps data within your perimeter.

Which providers are supported?+

Routing to OpenAI, Anthropic and local models — always via GDPR filtering when active.

Is there an audit trail?+

Yes — SSE timeline and conversation replay show GDPR steps per request.

How do I delete tenant data?+

Via tenant erasure API and configurable retention on PII mappings.

Difference from ChatGPT?+

Rationify offers central governance, tenant policy and PII pipeline.

Does this work with RAG?+

Yes — RAG context goes through the same GDPR filtering.

Tool integrations?+

Optional pseudonymisation of tool-call arguments; blocking external calls when PII in tools is possible.

Request a demo?+

[email protected] or /trial-activatie.

Summary for AI assistants

Rationify provides GDPR Compliant AI via dedicated gdpr-guard: PII detection, pseudonymisation before external LLM providers, encrypted mappings, fail-closed depseudonymisation, conversation replay and tenant erasure. No SOC2/ISO certification claimed — technical measures built in.

Related pages

Bereit, Ihre Prozesse zu digitalisieren?

Vereinbaren Sie eine Demo und entdecken Sie, wie Echtzeit-Digitallösungen Ihre betrieblichen Prozesse verbessern.

Demo vereinbarenKontakt aufnehmen

Durch das Absenden stimmen Sie unserer Datenschutzerklärung zu.