Stop Sending Raw PII to Your LLM

Every time you send a support ticket, log file, or user message to an LLM API, you're potentially leaking emails, phone numbers, credit card numbers, API keys, and more to a third party. Most developers know this is a problem. Most do nothing about it because building a sanitization layer from scratch is annoying. I built Airlock to solve this. What it does Airlock runs locally before your LLM call. It: Redacts PII — emails, phone numbers, SSNs, credit cards, API keys, JWTs, env secrets, names, and locations Preserves context — replaces values with consistent pseudonyms ( john@example.com → user_a1b2@redacted.local ), so the same value always maps to the same alias within a session and your LLM response still makes sense Compresses tokens — strips redundant whitespace, repeated keys, and boilerplate. Typical JSON payloads see 30–60% token reduction Keeps an audit ledger — every redaction is logged to a local SQLite database for compliance No network calls. Nothing leaves your machine.