privacy proxy · v0.1 · early access

Secrets don't belong in LLM prompts.

veil sits between your apps and every model provider. PII and secrets are swapped for tokens before they leave your network — and swapped back on the response, so your app gets a usable answer and the model never saw the raw data.

See how it works Self-hostable · zero prompt retention
From your app POST /v1/chat/completions
"rotating creds. old aws=AKIA2X4QZ5GVZJ8XQ7P0, gh=ghp_aB9xZ3mK7nQ2vR5tY8wLcD4fH, oai=sk-proj-N7xR4mK2vQ8L — user alex@acme.io from 203.0.113.42 reports 401."
Forwarded to openai openai · gpt-5.4
"rotating creds. old aws=[AWS_ACCESS_KEY], gh=[GITHUB_TOKEN], oai=[OPENAI_API_KEY] — user [EMAIL] from [IP_ADDRESS] reports 401."
Scan latency
8ms p50 · 31ms p95
Secret types detected
64built-in · custom regex
Upstream providers
12openai · anthropic · mistral · …
How it works

Strip on the way out. Restore on the way back.

Outbound prompts are scanned and PII is swapped for tokens before they leave your network. On the response, veil maps those tokens back to the real values — so your app gets a usable answer and the model never saw the raw data.

Request · secrets & PII swapped for tokens
“draft a thank-you to Sarah Chen <sarah@globex.com>”
“draft a thank-you to [NAME_1] <[EMAIL_1]>”
your app
Same SDK
OPENAI_BASE_URL=
https://veil.sh/v1
veil proxy
Scan, swap, remember
64 detectors · <10ms
per-request token map
upstream
Model provider
openai · anthropic
mistral · perplexity
“Hi Sarah Chen, thanks so much for your order—”
“Hi [NAME_1], thanks so much for your order—”
Response · tokens swapped back to real values

veil holds a tiny in-memory mapping for the lifetime of each request — the model only ever sees [NAME_1], your app only ever sees Sarah Chen. The map is dropped the moment the response returns. Nothing is persisted.

Live dashboard

See every redaction in real time.

Live request stream, inline diff of what reached the model, secret-type breakdown, latency, error rate — one view for your whole team.

https://app.veil.sh/dashboard
Browse features
What you get

A complete privacy layer for LLM traffic.

Built for security teams that want visibility without becoming a bottleneck.

64 detectors out of the box
AWS, GCP, Azure, Stripe, GitHub, OpenAI, JWT, private keys, PII — every secret type the security team already cares about. Add your own with regex or YARA rules.
AWS_ACCESS_KEY GITHUB_TOKEN JWT +61 more
Sub-10ms scan latency
Compiled regex engine + AST-aware detection. Most requests add less overhead than DNS lookup. Streaming responses are passed through byte-for-byte.
p50 8ms p95 31ms streaming-safe
Every request audited
Full audit log with searchable metadata — never the raw prompt. Inline diff shows exactly what reached the model, for every request your team made.
SOC2-ready SIEM export
12 upstream providers
OpenAI, Anthropic, Mistral, Perplexity, Groq, Together, Gemini — and any OpenAI-compatible endpoint. Per-key routing, fallbacks, and rate-limit pooling.
openai anthropic mistral
Zero prompt retention
veil never writes the raw prompt to disk. The dashboard shows redacted previews and metadata only. Self-host for full data-plane isolation.
self-host no-egress mode
Tokenize. Restore. Round-trip.
Outbound prompts have PII swapped for stable tokens. On the response, veil maps them back so your app gets a fully-formed answer — the model never sees, and never remembers, the real values.
strip + restore per-request map streaming-safe