[data privacy layer for AI]

Stop sending sensitive data to external AI providers.

API security proxy with reversible redaction. Scan every request for PII, secrets, and prompt injection — mask sensitive data on the way out, restore it on the way back. Open source. EU-hosted.

Get Started FreeView Docs
// Wrap any OpenAI-compatible SDK with @grepture/sdk
const grepture = new Grepture({
apiKey: "gpt_abc123",
proxyUrl: "https://proxy.grepture.com",
});

const client = new OpenAI(
grepture.clientOptions({
apiKey: "sk-openai-key",
baseURL: "https://api.openai.com/v1",
})
);
0M
Requests scanned / wk
0K
Secrets caught / wk
0K
PII fields redacted / wk
0.00%
Uptime (30d)

How it works

01

Detect

Grepture scans every request and response for PII, secrets, API keys, and sensitive patterns using configurable detection rules.

02

Act

Redact, mask, block, or log sensitive data based on your policies. Define rules per model, per endpoint, or per data type.

03

Rehydrate

On the response path, Grepture restores redacted tokens so your application receives complete, usable data.

Works with

OpenAIAnthropicGoogle AIAzure OpenAICohereMistralAWS BedrockHuggingFaceGroqReplicateOpenAIAnthropicGoogle AIAzure OpenAICohereMistralAWS BedrockHuggingFaceGroqReplicate

Zero retention

[ZERO DATA MODE]

Full protection. Zero stored data.

Enable zero-data mode and Grepture processes every request — detecting PII, redacting secrets, blocking threats — without ever writing your content to disk. Headers, bodies, and URLs never touch our database. Only operational metadata is logged.

  • Rules still fire — PII detection, redaction, blocking, and tokenization all work in-flight
  • Only method, status code, latency, and rule hits are stored
  • One toggle in your dashboard. Instant. No migration needed.

Capabilities

[PII DETECTION]

Find personal data automatically

Names, emails, phone numbers, SSNs, addresses — detected and handled before they leave your infrastructure.

[SECRET SCANNING]

Catch leaked credentials

API keys, tokens, passwords, and connection strings are identified and redacted before they reach any external service.

[IP PROTECTION]

Guard proprietary content

Prevent source code, internal documents, and trade secrets from being sent to third-party services.

[PROMPT INJECTION]

Block adversarial inputs

Detect and neutralize prompt injection attempts before they reach your LLM, protecting your AI pipeline.

Built for trust

[EU-HOSTED]

Your data never leaves Europe.

All Grepture infrastructure runs in the EU. Every subprocessor — database, cache, analytics, payments — is hosted in Germany or Ireland. GDPR-ready by default.

  • +All infrastructure hosted in Frankfurt & Nuremberg
  • +Every subprocessor EU-based — no US data transfers
  • +GDPR and EU AI Act ready out of the box
  • +Zero-data mode: nothing written to disk
[OPEN SOURCE]

Don’t trust a black box with your data.

The Grepture proxy is fully open source. Every detection rule, every redaction action, every byte of data handling is auditable. Self-host for full infrastructure control.

  • +Full proxy source code on GitHub
  • +Every detection rule readable and auditable
  • +No black-box processing — deterministic and transparent
  • +Self-host option for teams that need full control
View on GitHub

Your command center

Real-time visibility into every request.

app.grepture.com/traffic-log
Grepture traffic log showing API requests with detection results and request detail panel

Inspect every request, see which rules fired, and drill into headers and bodies.

Use cases

01

AI-Powered Apps

Chatbots, summarizers, and any app making LLM calls. Mask PII and secrets on the way out, restore them on the way back — your users never notice, the model never sees real data.

02

AI Agents

Agents with tool access, multi-step workflows, and MCP servers. The proxy sits on the network path — no matter what the agent does, sensitive data stays protected.

03

RAG Pipelines

Knowledge bases pulling internal docs often contain secrets, PII, and proprietary content. Scan every chunk before it reaches the model.

04

Multi-Model Security

Teams using multiple AI providers need one security layer. One proxy, consistent policies, unified audit trail — across every model and provider.

05

Any API Call

Not just AI — wrap any outbound HTTP call with grepture.fetch() and scan for sensitive data before it leaves your network.

Start protecting your API traffic in 5 minutes

Deploy Grepture in minutes. No code changes required.

Free for up to 1,000 requests/month · No credit card required

Get Started Free