Solutions Overview
Professional Enterprise Admin Features
Features Security Legal
Healthcare Financial Government & AI
About Request a Quote
Enterprise Tier

Enterprise Anonymization

Powered by the anonym.legal engine. Hosted by anonymize.solutions or deployed on your own servers. Zero-knowledge architecture ensures that sensitive data never leaves your control.

Zero-Knowledge Auth
E2E Encryption
48 Languages
ISO 27001 Certified
MCP Server v2.2.0
Zero-Knowledge Authentication

Your Password Never Leaves Your Device

The Enterprise tier implements zero-knowledge authentication using Argon2id for key derivation and XChaCha20-Poly1305 for encryption. Your password is never transmitted to the server — not during login, not during registration, not ever.

Recovery uses BIP39 24-word mnemonic phrases, the same standard used in cryptocurrency wallets. All verification operations use constant-time comparison to prevent timing attacks.

This is the same encryption technology used by Signal and WireGuard.

  • Argon2id key derivation (memory-hard, GPU-resistant)
  • XChaCha20-Poly1305 authenticated encryption
  • Password never transmitted to server
  • BIP39 24-word recovery phrase
  • Constant-time verification (timing-attack resistant)
  • Same encryption as Signal and WireGuard
// Zero-Knowledge Auth Flow

// 1. Client-side key derivation
masterKey = Argon2id(password, salt)

// 2. Client-side encryption
encryptedVault = XChaCha20-Poly1305(
  vault, masterKey
)

// 3. Only encrypted data sent to server
server.store(encryptedVault)

// 4. Server never sees:
// - password
// - masterKey
// - decrypted vault

// 5. Recovery
recoveryKey = BIP39(24 words)
End-to-End Encryption Mode

The Server Never Sees Original Values

E2E encryption mode adds a layer where the server detects entity positions but never accesses the actual sensitive values. All extraction, encryption, and storage of original data happens exclusively on the client.

  1. Server Detects Positions

    The server analyzes the text structure and identifies the positions of sensitive entities. It returns character offsets and entity type classifications, but does not extract the values.

  2. Client Extracts Values

    Using the position data from the server, the client extracts the actual sensitive values from the original text locally. The raw values never leave the client environment.

  3. Client Encrypts Locally

    The extracted values are encrypted on the client using keys that only the client possesses. The server has no access to these encryption keys.

  4. Client Stores Mappings

    Encrypted token-to-original mappings are stored client-side. Only the client can decrypt these mappings to reverse the anonymization when needed.

  5. Server Never Sees Originals

    Throughout the entire process, the server processes structure and positions but never has access to the actual sensitive content within the text.

Client-Side Utilities

E2E Helper Functions

// Build encrypted token mappings from server positions
buildE2ETokenMappings(serverPositions, originalText)

// Decrypt and restore original values locally
detokenizeLocally(anonymizedText, encryptedMappings)

// Serialize mappings for secure local storage
serializeMappings(tokenMappings)

// Deserialize mappings from local storage
deserializeMappings(serializedData)
MCP Server

AI-Native Anonymization

MCP Server v2.2.0 brings anonymization directly into AI workflows using the Streamable HTTP protocol. Seven purpose-built tools allow AI assistants to analyze, anonymize, and manage sessions programmatically.

Compatible with Claude Desktop, Cursor, and VS Code. Available on Pro and Business plans with rate limits of 100 requests per minute and a maximum text size of 100KB.

v2.2.0 Streamable HTTP 100 req/min 100KB max text

7 MCP Tools

// Analyze text for entities
analyze

// Anonymize detected entities
anonymize

// Reverse anonymization (detokenize)
detokenize

// Check token balance
balance

// Estimate token cost
estimate

// List active sessions
list sessions

// Delete a session
delete session
Claude Desktop Cursor VS Code Pro Plan Business Plan
Detection Capabilities

48 Languages, 50+ Entity Types

The Enterprise tier combines three NLP engines for maximum language and entity coverage, including four right-to-left languages for complete multilingual support.

spaCy

25 languages with statistical and transformer-based NLP models. High-performance entity recognition optimized for production throughput.

25 Languages

Stanza

7 languages with Stanford NLP neural models. Deep linguistic analysis for complex entity detection in academic and legal text.

7 Languages

XLM-RoBERTa

16 languages with cross-lingual transformer models. Multilingual entity recognition that transfers knowledge across languages.

16 Languages

Right-to-Left Language Support

Full bidirectional text processing for four RTL languages, ensuring accurate entity detection in Arabic, Hebrew, Persian, and Urdu documents.

Arabic Hebrew Persian Urdu
48
Detection Languages

Combined across all three NLP engines

50+
Entity Types

People, organizations, locations, and more

4
RTL Languages

Arabic, Hebrew, Persian, Urdu

3
NLP Engines

spaCy, Stanza, XLM-RoBERTa

Infrastructure Deployment

Production-Grade Linux Infrastructure

Deploy the Enterprise tier on your own servers or let us host it. Either way, the infrastructure is built on Linux with enterprise-grade failover, scaling, and monitoring capabilities.

Failover

Active-passive and active-active failover configurations. Automatic detection and switchover ensures continuity during infrastructure events.

Active-Passive Active-Active

Load Balancing

Distribute traffic across multiple application instances using nginx or HAProxy. Session affinity and health checks ensure reliable request routing.

nginx HAProxy

Scaling

Horizontal scaling adds more application instances. Vertical scaling increases resources on existing nodes. Both approaches can be combined for optimal throughput.

Horizontal Vertical

VPN

Secure inter-node communication using WireGuard or IPsec tunnels. All internal traffic is encrypted regardless of network topology.

WireGuard IPsec

PostgreSQL Replication

Streaming replication for database high availability. Automatic failover with read replicas for query distribution and data durability.

Monitoring

Prometheus metrics collection with Grafana visualization dashboards. Real-time alerting on system health, performance, and security events.

Prometheus Grafana

Containerization

Deploy with Docker containers or orchestrate with Kubernetes for automated scaling, rolling updates, and service discovery.

Docker Kubernetes

Disaster Recovery

Automated disaster recovery procedures with defined RPO and RTO targets. Regular DR testing ensures recoverability.

Compliance & Governance

ISO 27001 Certified Infrastructure

The Enterprise tier operates within an ISO 27001 certified information security management system, with a completed Data Protection Impact Assessment and five formal ISMS policies governing all aspects of data handling.

ISMS Policies

  • ISMS-POL-001 — Information Security Policy
  • ISMS-POL-002 — Access Control Policy
  • ISMS-POL-003 — Data Classification Policy
  • ISMS-POL-004 — Incident Management Policy
  • ISMS-POL-005 — Business Continuity Policy

Role-Based Access Control

Admin Editor User

Incident Response

Four-tier incident classification with defined response times and escalation procedures. All security incidents are documented, analyzed, and reported.

Priority Classification
P1 Critical — Immediate response
P2 High — Urgent response
P3 Medium — Standard response
P4 Low — Scheduled response

72-hour breach notification in compliance with GDPR Article 33 requirements.

Audit Logging

  • Authentication events — 90-day retention
  • Administrative actions — 1-year retention
  • Security events — 1-year retention

Deploy Enterprise-Grade Anonymization

On your servers or ours. Zero-knowledge architecture, E2E encryption, and ISO 27001 compliance included.

Request a Quote Compare Tiers