The privacy layer between your team and every AI model.
DEVOJAZ detects and anonymizes sensitive data locally, before a single prompt reaches ChatGPT, Claude, Gemini, or any AI platform your organization relies on.
Your employees are already pasting sensitive data into AI tools.
Policy memos do not stop copy and paste. Real data crosses into public models every day, without anyone deciding it should.
Support drafts a reply with real customer data
A full name, email address, and phone number, pasted into ChatGPT to save a few minutes.
<EMAIL_ADDRESS> <PHONE_NUMBER>Engineering pastes a live key for debugging help
An AWS access key or GitHub token, pasted into an AI coding assistant to unblock a build.
<AWS_ACCESS_KEY>HR checks a policy question with a real SSN
An employee's Social Security Number, pasted to confirm a benefits calculation.
<US_SSN>Sensitive data, caught before it ever leaves the device.
Watch a real prompt get scanned, scored, and anonymized in place. The model only ever sees the safe version.
One checkpoint. Before the model ever sees it.
Every prompt to a supported AI platform passes through this sequence, entirely inside your network. Hover a step to inspect it.
Every layer of the checkpoint, built to be operated.
Not a black box. Each part of DEVOJAZ is something an administrator configures, monitors, and audits.
104 verified data types, not a guess.
Local NLP identifies names and locations. Presidio recognizers and checksum validation confirm structured identifiers, including SSNs, IBANs, and national IDs across 48 country families. Ordinary numbers are not removed by mistake.
Different rules for Security, HR, and Finance.
Each browser agent is assigned to a policy profile. Security can keep IP addresses visible for troubleshooting. Finance can redact account numbers. No separate infrastructure is required.
Replace, mask, redact, or hash.
Each entity type carries its own action. Names become labels that preserve meaning. Card numbers are redacted outright. Anything that needs a stable pseudonym is hashed with SHA-256.
See how AI is used, without seeing what was said.
Administrators see seat usage, request volume, and detected-entity trends. Prompt content is never part of that picture.
Every action recorded. Never a raw prompt.
Policy assignments, enrollments, and agent status changes are logged with structured detail. Prompt content and secrets are never part of that record.
Blocking AI does not stop AI use. It stops visibility.
Every ban pushes usage underground. Employees still paste data into AI tools, just on personal devices and personal accounts, where nothing is visible and nothing is logged.
Block AI outright
- Employees move to personal devices and personal accounts
- No visibility into what data leaves the organization
- No audit trail, no policy enforcement
- Lost productivity, worked around within a week
Deploy DEVOJAZ
- Employees keep using the AI tools they already rely on
- Sensitive data is anonymized before it leaves the device
- Every action logged, every policy enforced
- Security and productivity are no longer in conflict
The choice was never AI or no AI. It was visibility or none.
Works with today's leading AI assistants.
Built on a single detection and policy engine, so new platforms are added without changing how DEVOJAZ is deployed.
One detection engine underneath every integration. Adding a platform means adding a client, not rebuilding the system.
Built for how IT deploys software.
No signup flow. No shared cloud. DEVOJAZ runs inside your infrastructure, managed the way your organization already manages its software fleet.
Self-hosted deployment
Docker and PostgreSQL, deployed on-prem or in your private cloud. Your data never touches a server you do not control.
Department policy profiles
Security, HR, Finance, and Engineering each get their own rules, enforced per agent, not per deployment.
License & seat management
Seat consumption, idle agents, and stale check-ins, visible from one dashboard.
Fail-closed by default
If the local privacy engine is unreachable, the prompt is blocked, not sent raw. Adjustable, but never the default.
Zero-touch enrollment
Enrollment tokens register new devices automatically. No manual API keys copied between people.
Full audit trail
Every policy change, enrollment, and agent action is logged, with no prompt content included.
Privacy guarantees, stated plainly.
No vague assurances. This is what the architecture enforces.
- Raw prompt text is never persisted by the backend. It is processed in memory only.
- Agent API keys are stored as SHA-256 hashes. The full key is shown exactly once.
- Admin authentication uses constant-time comparison against an environment-held token.
- CORS origins are explicitly restricted. Request size and rate limits are enforced per agent.
- Containers run as a non-root user. Secrets and runtime data are excluded from every build.
- Only aggregate entity counts are stored for metrics. Detected values are never stored.
Built by engineers who treat data exposure as an engineering problem.
DEVOJAZ started with a specific, recurring observation: sensitive data moving into AI tools with no safeguard in the path. The fix belonged in the browser, enforced at the point of submission, not in a policy document nobody reads at the moment it matters.
"In the world of AI, if we give up our right to privacy, every message you send will be monitored and analyzed. Every draft, every thought, every idea will be scored, every relationship will be mapped."Inspired by a broader discussion around digital privacy
Questions security teams ask first.
No. Raw prompt text is processed in memory and never persisted. Only aggregate, non-identifying counts are stored for reporting.
ChatGPT and Claude are fully verified today. Gemini, Microsoft Copilot, Perplexity, and additional AI platforms are supported through the same detection engine.
Entirely inside your infrastructure, on-prem or in a private cloud, using Docker and PostgreSQL. There is no hosted, multi-tenant version. We have no servers in the loop with access to your data.
DEVOJAZ fails closed by default. The prompt is blocked instead of sent raw. An administrator can change this setting, but it is not the default for a reason.
The detection and policy engine is a standalone service that any client can call. Browser support today covers the platforms your teams use most, with additional platforms added on the same engine.
Pricing depends on deployment size and seat count. Contact our team for a quote based on your organization.
Let your team use AI without losing control of your data.
Nothing sensitive stored. Nothing sent raw. See it running against your own policies in a 30-minute walkthrough.