Keep your private data at the edge.
Sensitive data never reaches the model.
That's the guarantee.
Not a promise. An architectural fact.
Without Privedge
"Analyze Dr. García's HIV status" receives real PII "we won't misuse it" hope for the best With Privedge
"Analyze Dr. García's HIV status" "Analyze Dr. García's [CONDITION]" receives clean prompt only data never left your node Common objections, answered.
"OpenAI Enterprise already has zero data retention. Isn't that enough?"
Zero data retention means they don't keep logs after the fact. But the data still passed through their servers, their model processed it, it lived in their RAM. For HIPAA PHI or patient records in production, that may not be legally sufficient — and it's definitely not sufficient for a hospital CISO's peace of mind. Privedge gives you the technical argument no AI provider can give: the data never left your infrastructure.
"Isn't Privedge just another intermediary that could see my data?"
No. The proxy runs as a Cloudflare Worker — you can self-host it in your own Cloudflare account. And the code is MIT: read every line. We can't see your data because in self-host mode, your worker runs in your account. In cloud mode, the worker processes data in memory and writes zero prompt content to storage. Verify it yourself.
"Does it work with any model?"
Yes. OpenAI, Anthropic, Mistral, or any endpoint compatible with the OpenAI API format. Point workerUrl at your Privedge worker, configure the cloud provider URL, and routing happens transparently.
"What if the edge model quality isn't good enough?"
Privedge v2 (Pro) anonymizes the prompt, sends the clean version to your cloud model, and de-anonymizes the response. You get GPT-4 quality on every prompt — including PII-carrying ones. The model never sees real data; you get full capability.