SecureProxySecureProxy
PTEN

Governance and security for generative AI

Use AI models without losing control.

SecureProxy sits between your applications and providers like OpenAI, Anthropic, Gemini, Azure OpenAI, and OpenRouter. Every call goes through policies, provider fallback, cost limits, and audit logging before reaching the model — with no app rewrite.

See how it works

  • Real data never reaches the AI

    PII, emails, and confidential data are redacted before they reach the provider. Your system gets the final response ready to use.

  • Automatic fallback

    Primary provider down? Policy switches to the next authorized one — without touching the application.

  • End-to-end auditing

    Call, rule, provider, cost, and latency captured in a queryable audit history.

  • Cost control

    Per-application caps and cost per call, model, and provider.

  • LGPD-grade compliance

    Minimization, security, and accountability you can demonstrate on every call.

Providers

  • OpenAI
  • Anthropic
  • Gemini
  • Azure OpenAI
  • OpenRouter
  • Mistral
  • xAI
  • Groq
  • DeepSeek
  • Ollama
  • OpenAI-compatible APIs
Chapter 01

The problem.

Teams already use AI. Control over the path is what's missing.

Your teams are already using AI. The question is with what control.

01

Uncontrolled AI use becomes a leak channel.

When every team uses a different AI tool, without approval or central oversight, personal data, contracts, patents, source code, and internal metrics can leave without any trace.

02

LGPD and GDPR-style rules require demonstrable control.

A written policy isn't enough if the application sends data straight to the provider. Rules must be enforced in the flow and history kept for audits, legal, and incident response.

03

Cost and availability get scattered.

Without a central layer, every application reinvents limits, keys, fallback, and metrics. Operations loses visibility and standardization.

AI is already in operations. Control has to catch up.

The numbers point to the same problem: users adopt AI fast, often on personal accounts, and sensitive data can leak before security, legal, or IT have any visibility.

SecureProxy turns that adoption into a governed flow: central rules, authorized providers, redaction, blocking, and a history of every call.

88%

of organizations regularly use AI in at least one business function.

Source: McKinsey, 2025

75% / 78%

of knowledge workers use AI; among AI users, many bring their own tools to work.

Source: Microsoft Work Trend Index, 2024

72%

of enterprise GenAI users still operate on personal accounts at work.

Source: Netskope, 2025

26.4%

of uploads to GenAI tools contained sensitive data in a recent study.

Source: Harmonic Security, Q3 2025

57%

of exposed sensitive data was business or legal; 25% was technical data.

Source: Harmonic Security, Q3 2025

47%

of organizations analyzed already use data-loss prevention to control access to GenAI applications.

Source: Netskope, 2025

63%

of organizations analyzed had no AI governance policies in place.

Source: IBM, 2025

2%

of Brazilian revenue can be used as the base for an LGPD fine, capped at R$ 50M per infraction (parallel to GDPR's 4% / €20M).

Source: ANPD

Chapter 02

How it works.

A single control point between the application and the model.

Instead of every application deciding on its own how to handle sensitive data, keys, limits, and providers, SecureProxy centralizes those decisions on the path between the app and the model.

Centralized control point between applications and AI providersEvery call from internal applications converges on the SecureProxy Gateway, which runs four stages — masking, policy, routing, and auditing — before dispatching to authorized providers like OpenAI, Anthropic, Gemini, Azure OpenAI, and Ollama.ApplicationsSecureProxy gatewayAuthorized providersSupport chatbotInternal copilotAutomated agentInternal AI APIOpenClaw01Mask dataPII, emails, phones, cards, and custom rules.02Apply policyMask, block, flag, or just record.03Route callProvider and model authorized by your team.04Audit responseFull content captured and ready to query.OpenAIAnthropicGeminiAzure OpenAIOllamaIdentity, policy, provider choice, and auditing — in a single point.

Queryable history. Who called, what was sent, which rule was applied, which provider answered, cost, latency, and the decision made.

  1. 01

    Your application calls SecureProxy

    Instead of calling OpenAI or Anthropic directly, the application points its AI calls to SecureProxy. The existing integration barely changes.

  2. 02

    Content is inspected before leaving your infrastructure

    Detectors find data like CPF, CNPJ, email, phone, and card numbers. Your team can also write natural-language rules — “don't send patent details” or “block customer contracts” — so the AI evaluates context before anything is sent.

  3. 03

    The rule decides what to do

    Policy can redact sensitive data before sending, block the call, flag it for review, or just record the event. It also defines providers, models, and usage limits.

  4. 04

    The call goes to the allowed provider

    If the primary provider fails, SecureProxy can try an authorized alternative such as Anthropic, Gemini, Azure OpenAI, OpenRouter, Ollama, or an internal model.

  5. 05

    SecureProxy returns the response with a complete history

    If a rule redacted data before sending, the application receives a final, ready-to-use response. SecureProxy also writes a queryable record with sent content, response received, rule applied, provider, cost, and latency.

Use AI without sending personal data to the provider.

Before calling OpenAI, Anthropic, or any other model, SecureProxy redacts PII, emails, phone numbers, and other sensitive data. The provider works on a protected version of the message. Your system gets the final response ready to use.

Your system sends

Customer João, CPF 123.456.789-00

The AI receives

Customer redacted, CPF redacted

Your system receives

Response ready for the right customer

Sensitive-data protection flow before the AI callThe application sends ana@acme.com to SecureProxy. SecureProxy redacts the email before calling the AI provider. On the response, the system gets the final version ready to use.Data redacted before AIApplicationIn your domainAI providerExternal modelSecureProxyProtection in and outRedact dataRestore response(response ready to use)(AI saw redacted data)Request → Responseana@acme.com{{email_1}}Hi {{email_1}}Hi ana@acme.comana@acme.com{{email_1}}Hi {{email_1}}Hi ana@acme.com

Fault tolerance without touching the application.

Primary provider down? The policy switches to the next authorized provider and keeps the call alive.

Multi-provider routing with fault toleranceAn application call reaches SecureProxy, which evaluates the routing policy. If the primary provider fails, the gateway switches automatically to the next authorized provider and returns the response to the application — no code change.Routing and fallbackApplicationAI callSecureProxyRouting policyGeminiNEXT IN POLICYOpenAIOpenAIPRIMARY · FAILEDAnthropicResponsedelivered to the appAnthropicACTIVE · FALLBACKResponsedelivered to the appIf the primary fails, policy authorizes an alternate and the app receives the response as always.
Chapter 03

Capabilities.

What your team can configure.

Security defines which data can leave. Engineering defines which providers and models can respond. Operations watches cost, errors, and latency in one place.

Policies per application or environment

Apply different rules to production, support, internal copilots, test environments, or a specific customer — without changing application code.

Streaming-aware enforcement

Content is also checked when the response arrives incrementally, as in chats that render answers as they're generated.

Usage limits

Define how much each application can consume to prevent repeated calls, abuse, or unexpected spend on expensive models.

Cost by model and provider

See cost per call, application, model, and provider to explain spikes and split cost centers.

Protected keys

OpenAI, Anthropic, and other provider keys live outside application code — encrypted or managed in a secrets vault.

Integration without app rewrites

Your team keeps the libraries they already use. In most cases, the main change is pointing AI calls at SecureProxy.

Operations metrics

Call, cost, latency, error, and detected-data metrics are available to the operations team, including in tools like Prometheus.

Internal or external providers

Use external providers or internal models, including OpenAI-compatible APIs.

Teams and governance

Each team with its own models, budget, and policy.

A single console defines who can use which models, with what spend cap and under which set of rules. The same controls apply to applications, environments, and customers — no need to duplicate configuration per product.

Teams console

Models, budget, and policy per team

  • Customer support

    Allowed models

    gpt-4o-miniclaude-haiku

    Monthly budget

    USD 200/mo73%

    Applied policy

    Default · mask PII

  • Engineering

    Allowed models

    gpt-4oclaude-sonnet-4

    Monthly budget

    USD 1,200/mo41%

    Applied policy

    Engineering · block secrets

  • Legal & Compliance

    Allowed models

    azure-openai (BR)

    Monthly budget

    USD 150/mo88%

    Applied policy

    Critical · block regulated data

  • Research & Data

    Allowed models

    all providers

    Monthly budget

    USD 500/mo12%

    Applied policy

    Research · flag and audit

Each team only sees what it can use. Billing and blocking happen at the edge — not in the app.

A different policy for each risk.

Each policy in the console bundles a concrete set of rules. Four examples of what different teams actually run day-to-day, without duplicating logic across products.

Customer support

Chatbot with customer data

Applied rule
Mask PII, phone, and email; block card data; record calls that contain personal data.
Provider, cost, and operations
Fast models with per-conversation cost limits.

Internal copilot

Search across contracts and documents

Applied rule
Block confidential clauses, customer contracts, and information flagged as restricted.
Provider, cost, and operations
Approved external provider or internal model for restricted documents.

Engineering

Code and incident assistance

Applied rule
Prevent leakage of keys, secrets, proprietary code, and details of undisclosed incidents.
Provider, cost, and operations
Models allowed per project, with fallback when the primary fails.

Finance and Legal

Reports, M&A, and contract analysis

Applied rule
Natural-language rules to block projections, negotiation details, patent info, or regulated data.
Provider, cost, and operations
Full audit log for traceability, cost, and decision review.
Chapter 04

Trust.

Isolation, auditing, and demonstrable compliance.

Isolation and key management don't depend on you.

SecureProxy enforces separation between customers, areas, and environments by default. Keys, administration, and AI traffic live on different planes, ready for stricter network rules.

Isolation across customers, areas, or environments

Each organization only sees its own applications, policies, and records. Isolation is enforced down to the database, reducing the risk that one customer or internal area accesses another's data.

Keys outside application code

Provider keys are centralized in SecureProxy, encrypted at rest or managed by a secrets vault like Vault/OpenBao. If a key needs to be rotated, the application doesn't have to be redeployed.

Administration separated from AI traffic

AI calls, administration, and metrics live separately. That makes stricter network rules easier and reduces what has to be publicly exposed.

Every call becomes queryable evidence.

Sent content, applied rule, responding provider, cost, and latency are all captured in an auditable history and available on the dashboard for audit, investigation, and accountability — without depending on logs scattered across applications.

Audit pipeline for AI callsEach call generates metadata (app, user, policy), goes through a recorded decision (mask, block, flag), and is stored in an auditable history that feeds a queryable dashboard for LGPD and SOC 2 compliance.Auditing and complianceAPPUSERPOLICYCallContent + metadataDecisionMASKBLOCKFLAGAudit logImmutable and queryableQueryable dashboardDemonstrable complianceLGPDSOC 2AUDIT TRAILS

Audit dashboard

What the admin sees.

The pipeline writes every call into the audit log. The dashboard turns that into queries: KPIs over time, usage trends, and the list of recent calls — team, model, applied policy, status, and cost on a single line.

Audit dashboard

Every call with its team, model, policy, and cost

Calls

24,871

12%vs last month

Total cost

USD 487.32

8%vs last month

Blocks

142

18%vs last month

Avg latency

412 ms

4%vs last month

Calls per day

30d

  • Time

    14:32:08

    Team

    Support

    Model

    gpt-4o-mini

    Policy

    Default

    Status

    SENT

    Cost (USD)

    0.004

  • Time

    14:31:47

    Team

    Legal

    Model

    azure-openai

    Policy

    Critical

    Status

    MASKED

    Cost (USD)

    0.012

  • Time

    14:31:22

    Team

    Engineering

    Model

    claude-sonnet-4

    Policy

    Engineering

    Status

    BLOCKED

    Cost (USD)

    0.000

  • Time

    14:30:55

    Team

    Research

    Model

    gemini-1.5-pro

    Policy

    Research

    Status

    SENT

    Cost (USD)

    0.008

  • Time

    14:30:31

    Team

    Support

    Model

    claude-haiku

    Policy

    Default

    Status

    MASKED

    Cost (USD)

    0.002

  • Time

    14:30:04

    Team

    Engineering

    Model

    gpt-4o

    Policy

    Engineering

    Status

    SENT

    Cost (USD)

    0.015

Filter by team, policy, status, or time window. Each row points back to the original call in the audit log.

Compliance isn't just blocking PII. It's demonstrating control.

LGPD (and GDPR-style regimes) require practices aligned with purpose, necessity, security, prevention, and accountability. SecureProxy helps apply those controls at the exact point your application talks to AI.

Read the official LGPD principles (Brazil)

Minimization and necessity

Send to the provider only what policy permits. Personal data, contracts, source code, patents, and other secrets can be removed, masked, or blocked before they leave.

Security and prevention

Centralize keys, allowed providers, usage limits, and content rules. Teams keep using AI — with controls applied on the path.

Accountability

Maintain a queryable history of sent content, response received, rule applied, provider, cost, and latency to support audit and investigation.

Chapter 05

Where it runs.

Managed by us or inside your perimeter.

Pick the model that matches your risk: a dedicated environment we operate, or an install inside your perimeter when data can't leave.

Deployment modes: managed isolated and on your infrastructureIn the managed model, SecureProxy runs in a dedicated tenant we operate. In on-premise mode, gateway, audit, and vault all live inside the customer's perimeter. In both cases, only authorized calls reach external providers.Managed isolatedDedicated tenant · operated by SecureProxyRECOMMENDEDYour organizationClient applicationsIsolated tenant · SecureProxyGatewayAuditPolicies and keysOperated by SecureProxyUpdates, backups, and SLA managedExternal providersOn your infrastructureEverything inside the perimeter you controlYour perimeterClient applicationsGatewayAuditVault · secrets storageHistory and admin stayin your controlCompatible with Docker and restricted environmentsExternal providers

Managed isolated

We run it. The environment is yours alone.

Recommended
  • Dedicated environment for your organization
  • No execution resources shared with other customers
  • Assisted setup of providers, applications, and policies
  • Data processing agreement and security documentation
  • Managed updates, backups, and operation

On your infrastructure

Inside the network your team controls.

  • Deploy on Docker/Compose or your own servers
  • Support for restricted environments or no direct internet egress
  • Call history and admin dashboard stay inside your perimeter
  • Traefik and automatic TLS included in the local install package
  • Integrates with secrets vaults like HashiCorp Vault or OpenBao

FAQ

Questions we hear a lot.

The best demo uses a real case: which application calls AI, what data can't leave, what security or LGPD obligations need to be met, and which providers are allowed to respond.

OpenRouter helps you reach many models. LiteLLM helps you normalize technical calls. SecureProxy adds governance: before the call reaches the model, security and compliance rules are applied; when sending, the allowed provider is used; after, a queryable history of what happened is kept.

No tool guarantees compliance on its own. SecureProxy helps apply technical controls that matter for an LGPD (or GDPR-style) program: minimizing what's sent, blocking or masking sensitive data, per-organization separation, key management, and a queryable audit history.

It depends on the provider you choose. If the call goes to OpenAI, Anthropic, or another external provider, SecureProxy removes, masks, or blocks sensitive information beforehand. When nothing can leave the network, you can point at internal providers like Ollama or any OpenAI-compatible API.

It depends on call size and which rules are active. A simple rule, like masking a PII number, is different from a contextual rule that uses AI to evaluate content. In pilots we measure with real traffic and show the impact before going to production.

OpenAI, Anthropic, Gemini, Azure OpenAI, OpenRouter, Mistral, xAI, Groq, DeepSeek, and Ollama. You can also connect internal or regional providers that expose an OpenAI-compatible API.

No. Structured detectors cover common personal data. For context-dependent information, you can write rules like “don't leak patent info,” “don't expose negotiated prices,” or “don't reveal internal financial data.” The rule can block the call, redact passages, flag for review, or just record.

Policy can define alternates. If the primary fails, the call can go to another allowed provider like Anthropic, Gemini, Azure OpenAI, OpenRouter, or an internal model. The application keeps calling the same SecureProxy endpoint.

On managed isolated, we provision the environment and set up providers, applications, and initial policies with your team. For on-prem installs, we ship the deployment package with Docker/Compose, Traefik, and secrets-vault integration when needed. Pilots begin with a real AI call flow.

Technical demo

Bring a real call. Watch governance happen.

We'll show the application calling SecureProxy, the rule redacting or blocking sensitive data, routing picking the provider, and the history capturing the decision for security, legal, and operations.

Read the FAQ