Vishwa-Mask: DPDP Compliant Privacy Gateway for AI

• Vishwa-Mask is an open-source, privacy-preserving proxy designed to protect sensitive personal data during interactions with cloud-based AI services.

• With the rapid adoption of Large Language Models (LLMs), millions of user prompts containing Personally Identifiable Information (PII)—such as names, phone numbers, Aadhaar numbers, and addresses—are sent to external AI servers every day. This creates serious privacy risks and potential violations of India’s Digital Personal Data Protection (DPDP) Act 2023, which mandates secure and responsible handling of personal data.

• Vishwa-Mask acts as a middleware gateway between applications and external AI APIs. It ensures that sensitive data is never exposed to third-party models by processing all prompts locally before transmission.

• The system detects PII in real time using NLP-based techniques, replaces it with deterministic and reversible tokens (e.g., [PERSON_1], [INDIAN_PHONE_NUMBER_1]), and forwards the sanitized prompt to the AI model. Once a response is received, the proxy securely restores the original data, preserving both privacy and context.

• Key features include real-time PII detection, deterministic masking, secure unmasking, and a privacy audit dashboard that tracks protected entities and system performance.

Architecture Flow:

User Prompt → Privacy Proxy → PII Detection → Masking → AI API → Response → Unmasking → User

• By ensuring that AI systems never access raw sensitive data, Vishwa-Mask enables developers to build privacy-first, secure, and DPDP-compliant AI applications without compromising functionality or user experience.

Tech Stack:

Python, FastAPI, Microsoft Presidio, Docker, SQLite, and Streamlit (for audit dashboard).