Secure AI Gateway • On-Device Agent

AI GOVERNANCE.
SECURE | LOCAL | SAFE.

Implement powerful AI capabilities across your organization without creating compliance vulnerabilities.

Start Risk Assessment Technical Specs Download Technical Datasheet (PDF)
Compliance built in: Satisfies EU AI Act Art. 12, UK GDPR, and Jersey DPL 2018 accountability rules.
Capability 01

Employee AI Enablement

Allow your employees to use any AI model or chatbot to accelerate their daily workflows without risking data breach fines.

Capability 02

Autonomous Agent Deployment

Allow AI agents to work for your business autonomously while remaining fully compliant with the EU AI Act, UK GDPR, and local Data Protection laws.

Active Pilot Sectors:
Tier 1 UK Banking Channel Islands Wealth Management EU Healthcare Providers Defense & Sovereign Networks
01 / REGULATORY EXPOSURE

The Multi-Million Pound Risk

Firms want to capitalize on AI efficiency but cannot risk corporate data leaks. Legacy reduction tools force you to upload data to the cloud, defeating the purpose, while manual redaction paralyzes operational scaling.

SOURCE: FINANCIAL REGULATORS & ICO
UK GDPR
ICO Enforcement
£17.5M or 4% of Global Turnover

Applies to unlawful processing of data or failing to comply with DPA 2018 accountability requirements. Maximum penalty applies.

EU AI Act
EU Governance Board
€35M or 7% of Global Turnover

Serious violations regarding data governance and training datasets. Full high-risk system compliance applies from 2 August 2026.

Jersey DPL 2018
JOIC Enforcement
£10M or 10% of Global Turnover

Mirrors GDPR principles but with heightened accountability guidelines for local financial and trust operations.

Corporate Exposure Calculator Live Risk Projection
Projected Maximum Statutory Fine Caps:
UK GDPR
£17,500,000
EU AI Act
€35,000,000
Jersey DPL
£10,000,000
* Calculations based on legal maximums: UK GDPR (higher of £17.5M / 4%), EU AI Act (higher of €35M / 7%), Jersey DPL (higher of £10M / 10%).
02 / LOCAL ARCHITECTURE

How It Works

Heimdall intercept agents sit locally in your system memory. Sensitive identifiers are replaced with secure cryptographic tokens before data ever leaves your perimeter.

Zero IT Friction One master administrative code connects and registers every local node.
01 / Local
Tokenize Locally
PII (names, emails, records) is cryptographically tokenized in local volatile memory.
02 / Transit
Send Clean Data
Sanitized queries are sent to designated models (Gemini, OpenAI, Claude) using your keys.
03 / Process
AI Processing
The LLM processes requests or triggers agent tasks without ever viewing raw identifiers.
04 / Restore
Restore Locally
The returning clean response is re-populated with real data locally in device memory.
Data Sanitization Stream Simulator Status: Active
Unsanitized Document Input Device Memory
Loading simulation data...
Sanitized Outgoing Payload External Transit
Loading simulation data...
Current state: Redacting raw input

Supported Entity Registry

Entity Category Examples & Identifiers Detected Default Action
Personal Identifiers Names, Personal Email Addresses, Phone Numbers, IP Addresses Local Tokenization
Financial Records Credit Cards, IBAN/BIC codes, Bank Account Numbers Local Redaction
National Identity UK National Insurance (NINO), EU Social Security, US SSN Local Tokenization
Custom Patterns Corporate Accounts, Internal API Keys, Custom RegEx Strings Pattern Masking

Architecture & Security

100% Air-Gapped Deployment

Zero outbound telemetry, no vendor phone-homes, and offline license validation. Your data perimeter remains fully local, satisfying sovereign network requirements.

Flexible Integration Matrix

Deploy as a native lightweight endpoint agent on Windows workstations, or containerize as an on-premise Docker gateway intercepting database and server API pipelines.

AES-256 Storage & OS-Level Key Vaulting

All local tokenization mappings are stored in a zero-dependency SQLCipher database encrypted with AES-256-GCM. Keys are vaulted locally via Windows Data Protection API (DPAPI), guaranteeing zero access by outside processes.

03 / ENTERPRISE LICENSING

Licensing Capacity

Flat-rate compliance licensing built for operational predictability. Zero per-user fees or surprise API volume upcharges.

Flat Rate Commitment Select a licensing capacity tier matching your infrastructure endpoints.
Isolated Pilot
£200 / month30-day isolated sandbox
  • Maximum 5 Endpoints
  • Standard Redaction Filters
  • Local Memory Buffers Only
  • Self-Service Community Support
Acquire Sandbox
Departmental Node
£3,500 / yearBilled annually
  • Up to 25 Endpoints
  • Default PII Filters
  • Local Audit Logging
  • Standard 8/5 Email Support
Provision Node
Most Deployed
Corporate Site
£12,000 / yearBilled annually
  • Up to 150 Endpoints
  • Custom PII Regex Filters
  • Dedicated Onboarding
  • Compliance Certificates
  • Priority Support (8hr SLA Response)
License Site
Server Gateway
£25,000 / year+ £5,000 setup fee
  • Unlimited Endpoints
  • Headless Gateway Deployment
  • Direct Database Integration
  • Autonomous Agent Sanitization
  • 24/7 Phone Support (2hr Critical SLA)
Request Integration

Looking for an enterprise-wide evaluation?

We offer a structured 30-day Managed Proof of Concept (POC) for large organizations. Our engineers will assist with Docker deployment, local key setup, and custom PII regex templates to verify compliance before purchasing.

Request Managed POC
04 / COMPLIANCE ASSESSMENT

AI Compliance Assessment

Run our automated risk assessment to identify compliance gaps, calculate regulatory exposure levels, and obtain sandbox configuration recommendations.

Record ID: HS-AUDIT-2026
Step 1 of 10: Departmental Role

How would you describe your company's current stance on employees using AI tools (like ChatGPT, Claude, Copilot)?

How often do you or your team handle documents containing Personally Identifiable Information (PII) or sensitive company data?

Not At All All The Time

Have you ever wanted to use an AI tool to summarize or analyze a document, but stopped because it contained sensitive names, addresses, or financials?

With upcoming regulations (like the EU AI Act) and stricter GDPR enforcement, how confident are you that your company could survive a surprise audit regarding what data has been fed into LLMs?

Terrified Extremely Confident

Imagine a software that sits between you and your AI. You drop a document into it, and it instantly hides all sensitive information before sending it to the AI. When the AI replies, the app instantly puts the real data back in the document(s) for you to read.

How valuable would this be to your daily workflow?

Useless Game Changer

What is the most appealing part of that concept to you?