Vishwa-Mask: DPDP Compliant Privacy Gateway for AI
An open-source privacy proxy that automatically detects and masks sensitive personal data before sending prompts to cloud AI services, ensuring DPDP Act compliance.
Vishwa-Mask is an open-source privacy proxy designed to protect sensitive personal data when interacting with cloud-based AI services.
With the rapid adoption of Large Language Models (LLMs), millions of prompts containing personal identifiable information (PII) such as names, phone numbers, and addresses are sent to foreign AI servers every day. Under India’s Digital Personal Data Protection (DPDP) Act 2023, organizations must ensure that sensitive personal data is handled responsibly and securely.
Vishwa-Mask acts as a middleware gateway between an application and external AI APIs.
Key Features:
• Real-time PII Detection
The system uses NLP techniques to detect sensitive data like names, phone numbers, and email addresses in user prompts.
• Deterministic Data Masking
Sensitive data is replaced with reversible tokens (e.g., [NAME_1], [PHONE_1]) before the prompt is sent to an external AI service.
• Secure Response Unmasking
When the AI returns a response, the system automatically restores the original information so the user sees the correct data.
• Privacy Audit Dashboard
A simple dashboard tracks how much sensitive data has been detected and protected.
Architecture Flow:
User Prompt → Privacy Proxy → PII Detection → Masking → AI API → Response → Unmasking → User
This solution helps developers build AI applications that comply with privacy regulations while still leveraging powerful cloud AI models.
Tech Stack:
Python, FastAPI, Presidio NLP, Docker, and optional React dashboard.