ARCANAI
Back to ARCANAI

How it works

The only layer between you
and AI that actually works.

A transparent, step-by-step breakdown of what happens to your data — including what we can and cannot yet guarantee.

The process

Four steps. All automatic.

Steps 1 and 2 happen entirely in your browser before any network request is made.

1
👤

You

Your original text

2
🛡

Anonymization

PII replaced in browser

3
🔒

Encryption

AES-256-GCM + RSA wrap

4
🤖

AI Provider

Sees only placeholders

👤
1

You

Your original text

🛡
2

Anonymization

PII replaced in browser

🔒
3

Encryption

AES-256-GCM + RSA wrap

🤖
4

AI Provider

Sees only placeholders

01

You write your message

You type a question or paste a document. Nothing has left your device yet.

02

PII is stripped in-browser

Names, emails, phones, IBANs and more are replaced with tokens like [NAME_1]. You review before sending.

03

Encrypted before transit

The anonymized text is encrypted with a one-time AES-256-GCM key, wrapped with our RSA public key.

04

AI sees only placeholders

Claude, GPT-4 or Gemini receives anonymized, encrypted content. Your identity never reaches them.

Transparency

What we protect.
What we don't yet.

We believe honesty is a feature. Here's exactly what ARCANAI does and doesn't guarantee today.

PII anonymization (names, emails, phones)

Runs entirely in your browser

Active

End-to-end encryption (AES-256-GCM)

Key generated per request

Active

Zero document storage

Original never saved

Active

IP not transmitted to AI providers

Proxied through our server

Active

API key zero-knowledge storage

Encrypted with your password

Active

True zero-knowledge server

On roadmap — TEE required

Planned

Proof of anonymization

Cryptographic audit trail — planned

Planned

On-device AI inference

Long-term vision

Planned

⚠ Important: Our server does decrypt your anonymized text briefly to call the AI provider. We immediately discard the plaintext. This is not true zero-knowledge — we technically have access during that window. True TEE-based zero-knowledge is on our roadmap.

Roadmap

The path to true
zero-knowledge.

Where we're headed — and when.

Now — Q2 2026

Current: Anonymization + Encryption layer

  • PII detection & replacement in browser
  • AES-256-GCM end-to-end encryption
  • Zero document storage
  • Multi-AI support (Claude, GPT-4, Gemini)

Q3 2026

Cryptographic audit trail

  • Signed proof of anonymization per request
  • User-verifiable anonymization logs
  • PDF upload support restored

Q4 2026

Differential privacy & k-anonymity

  • Statistical guarantees on anonymization quality
  • Contextual PII detection (domain-specific)
  • HIPAA-ready mode for medical documents

Q1 2027

Trusted Execution Environment (TEE)

  • Server processing inside hardware-isolated enclave
  • Even ARCANAI cannot read plaintext
  • Remote attestation verifiable by users

Q2 2027

True zero-knowledge architecture

  • On-device AI inference option
  • Fully verifiable pipeline from browser to AI
  • Open-source security audit

Start protecting your
privacy today.

Free to start. No credit card. No compromise.

Start free →See pricing